Professional Documents
Culture Documents
This chapter describes techniques to troubleshoot Layer 2 virtual private network (L2VPN) features. In
this document, L2VPN refers to a family of Layer 2 functions and Ethernet services provided by the
Cisco ASR 9000 Aggregation Series Router.
If you are experiencing a problem with L2VPN traffic, the source of the problem could be caused by any
of the following conditions:
• Interfaces in the customer edge (CE) router down or configured incorrectly.
• Interfaces in the provider edge (PE) router down or configured incorrectly.
• MAC address updates not functioning correctly.
• Bridge domain not configured correctly.
• Routing in the core network down or not configured correctly.
This chapter contains the following sections that explain how to troubleshoot these conditions:
• Troubleshooting VLAN Traffic and L2 TCAM Classification, page 9-181
• Troubleshooting Multipoint Layer 2 Services, page 9-190
• Troubleshooting Point-to-Point Layer 2 Services, page 9-206
• Troubleshooting Specific Outage Scenarios In Layer 2 Services, page 9-214
• Troubleshooting Dynamic Host Configuration Protocol Snooping, page 9-227
• Troubleshooting Multiple Spanning Tree, page 9-230
• Additional References—Command Reference and Configuration Guides, page 9-232
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-181
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
• When you create a subinterface for the AC (in interface config mode):
– You must include the l2transport keyword on the same command line
– You must configure an encapsulation statement
Example:
interface GigabitEthernet0/2/0/2.2 l2transport
encapsulation dot1q 100
• Review your running configuration to verify that it is complete and the necessary interfaces are up.
(show running-config).
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-182 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
• Ensure that the interfaces and subinterfaces for the ACs are actually up. View the up/down status of
the bridge domain, ACs, and PWs (if present) by means of the show l2vpn bridge-domain
summary command. Verify that the counts are incrementing, which means that the ACs are up.
• Make sure that bridge ports (for example, ACs and PWs) are assigned to the bridge domains.
• Verify that a unique main or subinterface is assigned to each AC in the bridge domain.
Step 1 Display the main interface state and subinterface state. (The main interface is also called the trunk
interface, and it is identified as trunk in some of the CLI commands.)
RP/0/RSP0/CPU0:router# show interface
Step 3 Display the Ethernet tags and check for any errors or mismatches. This command gives tag information
in a very concise format, if you want to check the encapsulation on multiple subinterfaces.
RP/0/RSP0/CPU0:router# show ethernet tags
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-183
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
Step 4 Verify that the subinterface matching order is as expected. The match-order option lists the subinterfaces
in the order that they match traffic. If the traffic is being classified to a different interface than you
expect, this command can help you determine why.
RP/0/RSP0/CPU0:router# show ethernet tags match-order
Step 5 Display the interface debug counters for each network processor unit. The following example shows the
NP counters.
RP/0/RSP0/CPU0:router# show controllers np counters {all | np0 | np1 | np2 | np3}
Step 6 If the output of the command in Step 5 shows that the UIDB_TCAM_MISS_AGG_DROP counter is
incrementing, it is possible that the physical port is receiving tagged traffic that does not match the
encapsulation statement of any subinterface. The parent/main interface is an untagged Layer 3 interface,
and rejects any tagged traffic that fails classification against any of its subinterfaces/children.
RP/0/RSP0/CPU0:router# clear controllers np counters all location node-id
RP/0/RSP0/CPU0:router# show controllers np counters {all | np0 | np1 | np2 | np3}
a. Verify that there is incoming tagged traffic that does not match the encapsulation statement of any
subinterface, and that this traffic is not needed (that is, you do not intend to configure a subinterface
to receive and forward this traffic).
– Encapsulation not matched but the traffic is needed—Create the necessary subinterface or
correct the encapsulation statement on the applicable existing subinterface.
– Encapsulation not matched, traffic not needed, and no encapsulation default currently
configured—Go to Substep b.
– Encapsulation not matched, traffic not needed, and there is an encapsulation default currently
configured—Go to Substep c.
b. Add an encapsulation default subinterface to receive all of the tagged traffic with unwanted
encapsulation statements. Check whether the UIDB_TCAM_MISS_AGG_DROP goes to zero, and
the default subinterface counters start going up. This process shifts the incrementing of counters
away from the main interface and isolates it on the default subinterface.
c. Verify that the Layer 2 encapsulation default subinterface is properly configured.
Note See the example below with the CLI statement encapsulation default.
Example
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-184 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
In this example, Bundle-Ether16 is the main interface (also referred to as the trunk interface or Layer 3
interface), and Bundle-Ether16.160 and Bundle-Ether16.161 are subinterfaces.
RP/0/RSP0/CPU0:router# show interfaces
Bundle-Ether16 is up, line protocol is up <<< The main interface is up
Interface state transitions: 1
Hardware is Aggregated Ethernet interface(s), address is 001b.53ff.87f0
Description: Connect to P19_C7609-S Port-Ch 16
Internet address is Unknown
MTU 9216 bytes, BW 1000000 Kbit (Max: 1000000 Kbit) reliability 255/255, txload 0/255,
rxload 0/255
Encapsulation ARPA, loopback not set,
ARP type ARPA, ARP timeout 04:00:00
No. of members in this bundle: 2
GigabitEthernet0/1/0/16 Full-duplex 1000Mb/s Active
GigabitEthernet0/1/0/17 Full-duplex 1000Mb/s Standby
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 1000 bits/sec, 0 packets/sec
202037 packets input, 18079605 bytes, 1 total input drops <<< Includes the sum of
packets on all the subinterfaces in addition to the packets on the main interface.
5964 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 202037 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
490241 packets output, 53719536 bytes, 0 total output drops
Output 3 broadcast packets, 490238 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-185
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
interface Bundle-Ether16
description Connect to C7609-S Port-Ch 16
mtu 9216
bundle maximum-active links 1
!
interface Bundle-Ether16.160 l2transport
description Connect to C7609-S Port-Ch 16 Service Instance 160
encapsulation dot1q 160 <<< Encapsulation is correct
!
interface Bundle-Ether16.161 l2transport
description Connect to C7609-S Port-Ch 16 Service Instance 161
encapsulation dot1q 161
!
interface Bundle-Ether16.162
description Connect to C7609-S Port-Ch 16.162
ipv4 address 192.0.2.44 255.255.255.0
encapsulation dot1q 162
!
interface Bundle-Ether16.163
description Connect to C7609-S Port-Ch 16.163
ipv4 address 192.0.2.44 255.255.255.0
encapsulation dot1q 163
!
interface Loopback0
--More--
Summary 19 17 2 19 0 0
The following example shows the NP counters. For a description of how to interpret NP counter
information, see the “Displaying Traffic Status in Line Cards and RSP Cards” section on page 7-147.
Note If you want to clear counters at any time during this procedure (to make it easier to see which counters
are incrementing), use the command clear controllers np counters all location node-id.
Node: 0/0/CPU0:
----------------------------------------------------------------
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-186 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
This example shows that L2VPN packets are being forwarded on the interface and subinterface (if
applicable).
RP/0/RSP0/CPU0:router# show running-config l2vpn
l2vpn
bridge group BG
bridge-domain BD1
interface TenGigE0/1/0/0.0
!
interface TenGigE0/1/0/3.0
!
interface TenGigE0/1/0/4.0
!
neighbor 10.100.1.1 pw-id 2
!
!
!
!
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-187
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
This example shows the configuration and query of the Ethernet tags.
RP/0/RSP0/CPU0:router# show run interface gig0/0/0/0.1
Thu Oct 14 08:57:16.831 EDT
interface GigabitEthernet0/0/0/0.1 l2transport
encapsulation dot1q 1
!
In this example, 0.2 is listed before 0.1. Any traffic with outer VLAN .1Q 10, and inner tag .1Q 20 would
match Gi0/0/0/0.2.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-188 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting VLAN Traffic and L2 TCAM Classification
Bridge group: 189, bridge-domain: 189, id: 0, state: up, ShgId: 0, MSTi: 0
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 9000
MIB cvplsConfigIndex: 1
Filter MAC addresses:
Create time: 22/09/2010 04:16:14 (2w4d ago)
No status change since creation
ACs: 2 (2 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/1/0/3.189, state is up
.
.
.
List of VFIs:
VFI 190
PW: neighbor 10.19.19.19, PW ID 190, state is up ( established )
PW class Use_Tu-44190, XC ID 0xfffc0003
Encapsulation MPLS, protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-189
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
This example shows how to set up an encapsulation default subinterface. in this scenario, you expect
incoming traffic on gig0/1/0/1 to be all single-tagged dot1q 100. However, you see some occasional
traffic with other encapsulations being dropped. These drops could be due to a few stray packets (for
example dot1q 200), and they are dropped without being processed on gig0/1/0/1; the
UIDB_TCAM_MISS_AGG_DROP counter is incremented. You can configure one default subinterface
to catch all the stray packets. Then the drops appear as counters on this isolated default interface, not as
UIDB_TCAM_MISS_AGG_DROP on the main interface.
interface gig0/1/0/1
mtu 1500
!
interface gig0/1/0/1.1 l2transport
encapsulation dot1q 100
!
interface gig0/1/0/1.2 l2transport
encapsulation default <=== encapsulation default
!
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-190 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
bundle-ether1
Bridge port 1
gig0/1/0/1
Bridge port 2
gig0/2/0/2.2 EFPs
Bridge domain “mybd”
EFPs
255023
The configuration for Figure 9-1 is as follows.
interface GigabitEthernet0/1/0/1
l2transport
!
interface GigabitEthernet0/2/0/2
!
interface GigabitEthernet0/2/0/2.2 l2transport
encapsulation dot1q 100
!
interface GigabitEthernet0/5/0/8
bundle id 1 mode active
!
interface GigabitEthernet0/5/0/9
bundle id 1 mode active
!
interface Bundle-Ether1
!
interface Bundle-Ether1.1 l2transport
encapsulation dot1q 100
!
l2vpn
bridge group bg_example
bridge-domain mybd
interface GigabitEthernet0/1/0/1
!
interface GigabitEthernet0/2/0/2.2
!
interface Bundle-ether1.1
!
!
!
!
Step 1 Verify that bundle members Gig0/5/0/8 and Gig0/5/0/9 are both Active, that is, that Link Aggregation
Control Protocol (LACP) indicates that they are connected with their adjacent neighbors.
RP/0/RSP0/CPU0:router# show bundle bundle-ether1
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-191
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Note For additional information on troubleshooting bundles and LACP, see the “Troubleshooting Problems
with Link Bundles” section on page 5-118.
Step 2 Follow the steps in the “Troubleshooting VLAN Traffic and L2 TCAM Classification” section on
page 9-181 for the ACs—Gig0/1/0/1, Gig0/2/0/2, and Bundle-ether1.1.
Step 3 Display the bridge domain running configuration and ensure that it contains the appropriate commands
for your network.
RP/0/RSP0/CPU0:router# show run l2vpn bridge group bg_example
Step 4 Verify that the bridge domain, bridge ports, and ACs are all in Up state.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain bd-name mybd
Step 5 View additional details of the bridge domain, such as the feature settings and verify they are as expected.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain bd-name mybd detail
Step 1 Display the MAC address table for the bridge domain. Verify that MAC addresses are being learned and
resynced. Include the specific bridge domain and MAC address of interest, so the output will display the
specific bridge-port (AC or PW) on which the specific MAC address was learned.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain bridge-group:bridge-domain
mac-address mac-address-id location node-id
If the MAC address was learned on a PW, the output shows the IP address of the neighbor. Otherwise it
shows the MAC address of the AC.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-192 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
A bridge domain is an entity that exists on multiple LCs. However, the show command singles out one
LC. If the MAC address was learned on a bridge-port on a different LC, the display output reports the
LC on which it was learned—not the actual bridge-port. To get the bridge-port data, rerun the command
on the actual LC on which it was learned.
Step 2 (Optional) As an alternative to the procedure in Step 1, you can run a more general command without
specifying a specific bridge domain or MAC address. However, the output could flood your terminal
screen.
Caution Before you run this command without specifying a particular bridge domain and MAC address, take
steps to limit the amount of data that can be output on your terminal screen. Otherwise the amount of
output could be extremely large.
This command displays all the MAC addresses learned on all bridge domains. As a safety mechanism,
before you enter this command, set your terminal length, for example:
RP/0/RSP0/CPU0:router# term length 20
If you need the full display, direct the output to a file, for example:
RP/0/RSP0/CPU0:router# loc 0/6/cpu0 | file disk0:bdoutput.txt
Step 3 Display the MAC table for the bridge domain and verify that the MAC address has been learned. Notice
the bridge port (the same as the attachment circuit [AC]) from which the MAC address was learned, and
whether it was learned through a pseudowire (PW).
Caution Before you run this command without specifying a MAC address ID, take steps to limit the amount of
data that can be output on your terminal screen. Otherwise the amount of output could be extremely
large.
This command displays all the MAC addresses learned on a bridge domain. As a safety mechanism,
before you enter this command, set your terminal length, for example:
RP/0/RSP0/CPU0:router# term length 20
If you need the full display, direct the output to a file, for example:
RP/0/RSP0/CPU0:router# loc 0/6/cpu0 | file disk0:bdoutput.txt
One other approach to limit the output is to run the command with a pipe filter and CTRL-C after you
see the output you want.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain bridge-group:bridge-domain
mac-address detail location node-id [ | begin GigabitEthernet interface-id ]
Step 4 Use the following command to display the data for a specific bridge domain and MAC address.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain bridge-group:bridge-domain
mac-address mac-address detail location node-id
Example
RP/0/RSP0/CPU0:router# loc 0/6/cpu0 | file disk0:bdoutput.txt
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-193
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-194 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Ethernet Ethernet
(VLAN/Port/EFP) Full Mesh PWs + LDP (VLAN/Port/EFP)
208684
The VPLS network requires the creation of a bridge domain (Layer 2 broadcast domain) on each of the
PE routers. The VPLS PE device holds all the VPLS forwarding MAC tables and bridge domain
information. In addition, it is responsible for all flooding broadcast frames and multicast replications.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-195
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Caution Verify that the MPLS PIE is committed before you configure MPLS. Otherwise all of your MPLS
configuration data will be lost if the image is reloaded.
PWs operate over the MPLS network, therefore, MPLS connectivity is a prerequite for bringing up a PW.
To verify MPLS connectivity, see the “Troubleshooting Connectivity Over MPLS” section on
page 8-174.
Step 1 Check for the following underlying problems, which can cause failure of the multipoint Layer 2 services.
• The bridge domain uses an attachment circuit (AC) for which the interfaces have not been created.
• The AC interface for the bridge domain is operationally down.
• The AC interface for the bridge domain is administratively down.
• The AC is not configured as Layer 2 (the l2transport keyword is missing from the configuration
command).
• The traffic on the AC interface is not classified properly (wrong encapsulation statement).
• There is an MTU mismatch between the local and remote routers.
Step 2 Verify that you can ping the opposite interface (on the remote router) from the MPLS interface.
Step 3 Verify that the remote interface shows up as an ospf neighbor.
show ospf neighbor
Step 4 Verify that the remote router ID, typically the remote router loopback, is in the routing table.
show route ipv4
Step 5 Ping the remote router with the same IP address that is used for the PW (ping x.x.x.x).
Step 6 Verify that you can find the remote router ID in an MPLS command. It should be the ipv4 address for
the PW.
Step 7 Verify that the BGP neighbor is up. (This step is necessary only if BGP autodiscovery has been
configured.)
show bgp neighbors
Step 8 Verify that the VFI is advertized in both PEs, and that PWs are established.
show l2vpn bridge-domain [brief | detail]
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-196 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Step 10 Verify that PWs are bound in the Layer 2 forwarding information base (L2FIB) with the proper
cross-connect ID.
show l2vpn forwarding detail location
Example
The following example shows that autodiscovery is on, the PW is up, and NLRIs have been received from
the peer router. Check the cross-connect ID. Check the local and remote label and compare with the label
binding in the MPLS label switching database (LSD) by means of the show mpls forwarding command.
In this example, the local MPLS label ID is 16005.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Bridge group: bg1, bridge-domain: bg1_bd1, id: 0, state: up, ShgId: 0, MSTi: 0
MAC learning: enabled
MAC withdraw: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
Security: disabled
Split Horizon Group: none
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
ACs: 1 (1 up), VFIs: 1, PWs: 2 (2 up), PBBs: 0 (0 up)
List of ACs:
AC: GigabitEthernet0/6/0/1.1, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [2, 2]
MTU 1504; XC ID 0x2040001; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
Security: disabled
Split Horizon Group: none
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 5650000, sent 5650000
bytes: received 429400000, sent 429400000
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-197
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-198 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-199
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
The following example shows that BGP is connected and active, and that there are VPNs and NLRIs on
the bridge domain.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-200 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
The following example shows that the local router ID is advertised and that NLRIs are recieved from the
remote peers.
RP/0/RSP0/CPU0:router# show l2vpn discovery
Service Type: VPLS, Connected
List of VPNs (1 VPNs):
Example
####Sample Configuration from WEST:
####CONFIGURE LOOPBACKs and Links
Interface loopback0
Ipv4 address 10.10.10.10 255.255.255.255
!
Interface gig0/6/0/1.1 l2transport
Description Attachment Circuit connected to Customer site
Encapsulation dot1q 2
!
Interface gig0/6/0/21
Description Connected to EAST Node
Ipv4 address 10.0.0.1 255.255.255.0
!
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-201
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Interface gig0/6/0/3
Description Connected to CENTRAL Node
Ipv4 address 192.0.2.1 255.255.255.0
!
####CONFIGURE IGP
Router ospf 1
Router-id 10.10.10.10
Nsr
Nsf cisco
Area 0
interface loopback0
interface gig0/6/0/3
interface gig0/6/0/21
####CONFIGURE BGP
Router bgp 1
bgp router-id 10.10.10.10
bgp graceful-restart
address-family ipv4 unicast
address-family l2vpn vpls-vpws <<< This shows you have configured this family in BGP so
it will be able to handle the discovery of the neighbor.
!
neighbor 192.0.2.20
remote-as 1
update-source loopback0
address-family ipv4 unicast
address-family l2vpn vpls-vpws
neighbor 172.30.30.30
remote-as 1
update-source loopback0
address-family ipv4 unicast
address-family l2vpn vpls-vpws
####CONFIGURE L2VPN
l2vpn
bridge group bg1
bridge-domain bg1_bd1
interface gig0/6/0/1.1
!
vfi bg1_bd1_vfi
vpn-id 101
autodiscovery bgp
rd 101:1
route-target 101:1
signaling-protocol ldp
vpls-id 1:101
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-202 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Example
RP/0/RSP0/CPU0:router# show l2vpn atom-db
Wed Apr 14 23:28:41.905 EDT
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-203
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
AS Number: 1
VPLS-ID: 1:101
L2VPN Router ID: 10.10.10.10
PW: neighbor 192.0.2.20, PW ID 1:101, state is up ( established ) <<< PW is up
PW class not set, XC ID 0xfffc0001
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-204 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multipoint Layer 2 Services
Step 3 Verify the configuration of MPLS forwarding and Label Switching Database (LSD) parameters.
a. show mpls forwarding
b. show mpls lsd forwarding
Example
RP/0/RSP0/CPU0:router# show mpls forwarding
Wed Apr 14 23:41:49.325 EDT
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16000 Pop 192.0.2.20/32 Gi0/6/0/21 10.0.0.2 226000292
16001 Pop 172.30.30.30/32 Gi0/6/0/3 192.0.2.2 0
16002 Pop 172.16.0/24 Gi0/6/0/3 192.0.2.2 0
16003 16003 192.168.40.40/32 Gi0/6/0/3 192.0.2.2 226000620
16004 Unlabelled 10.0.1.253/32 Mg0/RSP0/CPU0/0 10.2.0.4 0
16005 Pop PW(192.0.2.20:2814754062073957) \ <<< PW has label and traffic is
running
BD=0 point2point 214700000
16006 Pop PW(192.168.40.40:2814754062073957) \ <<< PW has label and traffic is
running
BD=0 point2point 214700000
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-205
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-206 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Figure 9-3 Example of Deployment with Bridge Domain and XConnect Joined by Pseudowire
Pseudowire
gig0/1/0/1 gig0/2/0/1
gig0/1/0/2
gig0/1/0/3 gig0/2/0/2
Bridge port #2
gig0/1/0/2.6
Bridge domain
“mybd” gig0/3/0/1 gig0/3/0/2
Router3
Router1 Router2
281922
MPLS/OSPF router ID MPLS/OSPF router ID
(loopback) 10.1.1.1 (loopback) 10.2.2.2
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-207
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Router2
interface GigabitEthernet0/2/0/1
!
interface GigabitEthernet0/2/0/1.7 l2transport
encapsulation dot1q 100
!
interface GigabitEthernet0/2/0/2
ipv4 address 10.0.23.1 255.255.255.0
!
interface Loopback0
ipv4 address 10.2.2.2 255.255.255.255
!
router ospf 1
log adjacency changes
router-id 10.2.2.2
area 0
interface GigabitEthernet0/2/0/2
!
interface Loopback0
!
!
!
mpls ldp
router-id 10.2.2.2
log
neighbor
!
interface GigabitEthernet0/2/0/2
!
!
l2vpn
xconnect group examples
p2p myxc
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-208 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
interface GigabitEthernet0/2/0/1.7
!
neighbor 10.1.1.1 pw-id 1
!
!
!
Router 3
interface GigabitEthernet0/3/0/1
ipv4 address 10.0.13.2 255.255.255.0
!
interface GigabitEthernet0/3/0/2
ipv4 address 10.0.23.2 255.255.255.0
!
interface Loopback0
ipv4 address 10.3.3.3 255.255.255.255
!
router ospf 1
log adjacency changes
router-id 10.3.3.3
area 0
interface GigabitEthernet0/3/0/1
!
interface GigabitEthernet0/3/0/2
!
interface Loopback0
!
!
!
mpls ldp
router-id 10.3.3.3
log
neighbor
!
interface GigabitEthernet0/3/0/1
!
interface GigabitEthernet0/3/0/2
!
!
Use the following procedure to locate any problems with traffic flow in this network. The IP addresses
are based on the sample configurations for Routers 1, 2, and 3 (above).
Step 3 Verify that the Router1 routing table contains the loopback address of Router2 (10.2.2.2). Also verify
that the Router2 routing table contains the loopback address of Router1 (10.1.1.1).
RP/0/RSP0/CPU0:router# show route ipv4
Step 4 Verify that Router1 can ping the Router2 loopback address, and Router2 can ping the Router1 loopback
address.
• From Router1—ping 10.2.2.2
• From Router2—ping 10.1.1.1
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-209
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Step 5 Verify that MPLS neighbors are established in the links (the same links listed in Step 1).
RP/0/RSP0/CPU0:router# show mpls ldp neighbor
Step 6 Verify that Router1 has an MPLS label to reach the Router2 loopback address. Also verify that Router2
has an MPLS label to reach the Router1 loopback address.
Note The output of this command contains one additional MPLS label. This additional label
represents the pseudowire between Router1 and Router2.
Step 7 Verify that the status of the Router1 bridge domain is UP, and that all all ACs are up.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain mybd
Step 9 Verify that the Router2 xconnect is UP, and all ACs are UP.
RP/0/RSP0/CPU0:router# show l2vpn xconnect group examples
1. show l2vpn xconnect [detail | group | interface | neighbor | state | summary | type | state
unresolved]
2. show l2vpn forwarding {detail | hardware | interface | location | message | resource | summary
| unresolved} location node-id
3. show mpls forwarding [detail | {label label number} | interface interface-id | labels value |
location | prefix [network/mask | length] | summary | tunnels tunnel-id]
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-210 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
DETAILED STEPS
Example:
RP/0/RSP0/CPU0:router# show l2vpn forwarding
location 0/2/cpu0
Step 3 show mpls forwarding [detail | {label label View the MPLS Label Forwarding Information Base (LFIB)
number} | interface interface-id | labels value entries with a local labels range.
| location | prefix [network/mask | length] |
summary | tunnels tunnel-id]
AC Is Down
Step 1 View the interface state.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-211
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Pseudowire Is Down
Step 1 View the pseudowire state.
RP/0/RSP0/CPU0:router# show l2vpn xconnect neighbor
Step 2 On the MPLS-enabled interface that connects to the router at the remote end of the PW, view MPLS LDP
neighbor information. Check these conditions:
a. Ensure that, if the MPLS router-id uses a loopback interface (it usually does), the loopback interface
is present in the OSPF configuration, so that a route to its address is advertised for the other router
to reach.
b. Ensure that an LDP session is established with the PE peer.
RP/0/RSP0/CPU0:router# show mpls ldp neighbor neighbor
Step 3 Ensure that the MPLS infrastructure has allocated a label for the mpls-id IP address on the opposite
router, and an additional label for the PW tunnel itself.
RP/0/RSP0/CPU0:router# show mpls forwarding
Step 4 (Perform this step if the MPLS LSP does not come up.) On the MPLS-enabled interface that connects to
the router at the remote end of the PW, view OSPF neighbor information. Verify that the IP address of
the MPLS router ID is reachable:
a. Ensure that this IP address appears in the routing table.
b. Ping this IP address and verify that it replies successfully.
c. Ensure that the PW ID (keyword "pw-id" in the configuration syntax) is identical on both ends of
the PW.
RP/0/RSP0/CPU0:router# show ospf neighbor
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-212 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Point-to-Point Layer 2 Services
Step 2 View the bridge information about Broadcast, Multicast and Unknown Unicast.
Step 3 Ensure that the MAC limit has not been exceeded.
Traffic Loss
Step 1 View the bridge domain state.
Step 3 Ensure that the bandwidth rates match between the CEs.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-213
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Step 1 One thing to check immediately is if the next hop router also experienced an FO mechanism (Similar to
what is done on this router). If so, the OSPF may go down.
Step 2 If not, verify that ‘nsf cisco’ is configured under the OSPF. If ‘nsf cisco’ is configured, see if the next
hop is reachable during FO. If not, there may be a reachability issue like a link going down or negotiation
problems.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-214 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
DETAILED STEPS
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-215
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-216 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Example
These examples show the output from the show bgp commands.
RP/0/RSP0/CPU0:router# show bgp l2vpn vpls
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 101:1 (default for vrf bg1:bg1_bd1)
*> 10.10.10.10/32 0.0.0.0 nolabel nolabel
*>i192.0.2.20/32 192.0.2.20 nolabel nolabel
*>i192.168.40.40/32 192.168.40.40 nolabel nolabel
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-217
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
This example shows the output from the show l2vpn discovery command.
RP/0/RSP0/CPU0:router# show l2vpn discovery private
Service Type: VPLS, Connected
List of VPNs (1 VPNs):
VPLS-ID: 1:101
Local L2 router id: 10.10.10.10
List of Remote NLRI (2 NLRIs):
Local Addr Remote Addr Remote L2 RID Time Created
--------------- --------------- --------------- -------------------
10.10.10.10 192.0.2.20 192.0.2.20 04/14/2010 23:10:51
10.10.10.10 192.168.40.40 192.168.40.40 04/14/2010 23:19:06
AC Is Down
Step 1 RP/0/RSP0/CPU0:router# show interface
Step 2 RP/0/RSP0/CPU0:router# show l2vpn bridge interface detail
Step 3 Ensure that the AC interface has l2transport configured.
Step 4 Ensure that the AC interface is up.
Step 5 Ensure that the MTUs match.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-218 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Pseudowire Is Down
A pseudowire (PW) is both an L2VPN component and an MPLS component. If a PW is down in one
node, it could be caused by a problem in the local or remote node. Follow these steps to troubleshoot a
problem with a PW in an L2VPN network.
Note For PW troubleshooting in point-to-point networks, see the “Troubleshooting Point-to-Point Layer 2
Services” section on page 9-206.
Step 1 Check the configuration is valid (show run l2vpn, show run bgp, show run mpls ldp).
Step 2 Verify that L2VPN discovery shows the received NLRI (show l2vpn discovery). If the NLRI is not
received, follow the procedure in the “L2VPN Discovery Not Working” section on page 9-217.
Step 3 View the local and remote labels in the bridge-domain (show l2vpn bridge-domain detail) and compare
these labels with the label binding in LSD (show mpls lsd forwarding labels). See the example below.
Step 4 View OSPF neighbor information.
RP/0/RSP0/CPU0:router# show ospf neighbor
Step 7 If PWs are involved, be sure they are properly configured on both PEs. See the “Troubleshooting
Point-to-Point Layer 2 Services” section on page 9-206.
Step 8 Ensure that the MPLS package is installed.
Step 9 Ensure that the core interface is up.
Step 10 Ensure that an IGP (for example OSPF) is up.
Step 11 Ensure that an LDP session is established with the PE peer.
Step 12 Ensure that the MTUs match.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Example
These commands allow you to view the local and remote labels in the bridge-domain and compare them
with the label binding in LSD.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Signaling protocol: LDP
AS Number: 1
VPLS-ID: 1:101
L2VPN Router ID: 10.10.10.10
PW: neighbor 192.0.2.20, PW ID 1:101, state is up ( established )
PW class not set, XC ID 0xfffc0001
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-219
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-220 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Caution Before you run this command without specifying a MAC address ID, take steps to limit the amount of
data that can be output on your terminal screen. Otherwise the amount of output could be extremely
large.
This command displays all the MAC addresses learned on a bridge domain. As a safety mechanism,
before you enter this command, set your terminal length, for example:
RP/0/RSP0/CPU0:router# term length 20
If you need the full display, direct the output to a file, for example:
RP/0/RSP0/CPU0:router# loc 0/6/cpu0 | file disk0:bdoutput.txt
One other approach to limit the output is to run the command with a pipe filter and CTRL-C after you
see the output you want.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain bridge-group:bridge-domain
mac-address detail location node-id [ | begin GigabitEthernet interface-id ]
Step 6 View the NP counters. Capture this output for both ingress and egress line cards. For a description of
how to interpret NP counter information, see the “Displaying Traffic Status in Line Cards and RSP
Cards” section on page 7-147.
RP/0/RSP0/CPU0:router# show controllers np counters all location
Step 9 If PWs are involved, be sure they are properly configured on both PEs. See the “Troubleshooting
Point-to-Point Layer 2 Services” section on page 9-206.
Step 10 Ensure that the MPLS package is installed.
Step 11 Ensure that the core interface is up.
Step 12 Ensure that OSPF is the routing protocol.
Step 13 Ensure that an LDP session is established with the PE peer.
Step 14 Ensure that the MTUs match.
Example
These commands allow you to view the local and remote labels in the bridge-domain and compare them
with the label binding in LSD.
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Signaling protocol: LDP
AS Number: 1
VPLS-ID: 1:101
L2VPN Router ID: 10.10.10.10
PW: neighbor 192.0.2.20, PW ID 1:101, state is up ( established )
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-221
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-222 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic arp inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
.
.
.
Node: 0/0/CPU0:
----------------------------------------------------------------
Show global stats counters for NP0, revision v3
The following command allows you to view the bridge domain forwarding data.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain location 0/6/CPU0
Thu Apr 15 00:15:29.581 EDT
Bridge MAC
Bridge-Domain Name ID Ports addr Flooding Learning State
-------------------------------- ------ ----- ------ -------- -------- ---------
bg1:bg1_bd1 0 3 4 Enabled Enabled UP
The following command allows you to view the bridge domain MAC details. The output from this
command can be very large, so you should limit the terminal screen output or send the data to a file.
RP/0/RSP0/CPU0:router# loc 0/6/cpu0 | file disk0:bdoutput.txt
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-223
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Step 4 View bridge information about Broadcast, Multicast and Unknown Unicast.
Step 5 Ensure that the MAC limit has not been exceeded.
Step 7 Ensure that the pseudowires (as applicable) and AC are up.
Step 8 Verify the hardware is programmed for both ACs.
Step 9 RP/0/RSP0/CPU0:router# show l2vpn forwarding interface GigabitEtherne0/5/0/2 hardware
ingress detail location node-id
Step 3 View bridge information about Broadcast, Multicast and Unknown Unicast.
Step 4 Ensure that the MAC limit has not been exceeded.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-224 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Step 6 Ensure that the pseudowires (as applicable) and AC are up.
Step 7 Verify that the hardware is programmed for both ACs.
RP/0/RSP0/CPU0:router# show l2vpn forwarding interface GigabitEtherne0/5/0/2 hardware
ingress detail location node-id
Step 2 Ensure that the hardware is programmed for both AC and PW (as applicable).
Step 3 Ensure that the destination MAC entry is programmed for the LC’s destination interface.
RP/0/RSP0/CPU0:router# show l2vpn forwarding bridge-domain mac-address location node-id
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-225
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Specific Outage Scenarios In Layer 2 Services
Traffic Loss
Step 1 Determine where the packets are being dropped, view the xconnect AC interface counters and the
L2VPN counters for the PW. For information on ping procedures, see the “Troubleshooting Ping and
ARP Connectivity” section on page 3-75.
Step 2 View the bridge domain state.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-226 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Dynamic Host Configuration Protocol Snooping
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-227
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Dynamic Host Configuration Protocol Snooping
Show Commands
The DHCP application runs on the RSP. It has several EXEC mode CLI show commands that present the
application's configuration state, DHCP client state, and DHCP packet statistics.
• show dhcp ipv4 snoop binding—View the state of DHCP clients in a table.
• show dhcp ipv4 snoop binding mac-address macaddress—View detailed state of DHCP Clients
with the specified MAC Address.
• show dhcp ipv4 snoop binding summary—View the total number of DHCP Clients.
• show dhcp ipv4 snoop profile—View a list of DHCP snoop profiles.
• show dhcp ipv4 snoop profile name name—View details of a specific DHCP snoop profile.
• show dhcp ipv4 snoop statistics—View aggregate DHCP snoop Rx, Tx, and drop packets for
each bridge domain.
• show dhcp ipv4 snoop statistics bridge-domain name—View detailed DHCP snoop Rx, Tx,
and drop packets for each message type in a bridge domain.
Trace Commands
The DHCP application has over 1200 Trace logs. The Trace logs record significant events that occur in
the application. Trace logs that are associated with a specific DHCP client will contain the client MAC
address.
• show dhcp ipv4 trace errors—View error traces.
• show dhcp ipv4 trace events—View event traces.
• show dhcp ipv4 trace packets—View packet processing traces.
• show dhcp ipv4 trace snoop errors—View error traces for DHCP snoop feature.
• show dhcp ipv4 trace snoop events—View event traces for the DHCP snoop feature.
• show dhcp ipv4 trace snoop internal—View internal debug traces for the DHCP snoop feature.
Syslog Commands
The DHCP application has over 1600 syslog logs. These logs record events that occur in the application.
• debug dhcp ipv4 errors—View error logs.
• debug dhcp ipv4 events—View event logs.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-228 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Dynamic Host Configuration Protocol Snooping
Tech-support Commands
The DHCP application has four tech-support commands that call groups of DHCP CLI commands. Use
tech-support commands for information about the DHCP application for debugging.
• show tech-support dhcp ipv4 snoop file filename
• show tech-support dhcp ipv4 snoop bridge-domain-name bridge-domain-id file
filename—View information for the specified bridge domain.
• show tech-support dhcp ipv4 snoop profile-name profilename file filename—View
information for the specified profile.
Action Commands
Use the following CLI commands to clear DHCP snoop binding states:
• clear dhcp ipv4 snoop binding—Clears all DHCP snoop client bindings.
• clear dhcp ipv4 snoop binding bridge-domain bridge-domain-name—Clears all DHCP snoop
client bindings in the specified bridge domain.
• clear dhcp ipv4 snoop binding mac-address macaddress—Clears the DHCP snoop client
bindings with the specified MAC address.
L2VPN Commands
DHCP snoop is enabled on L2VPN ACs by attaching a DHCP snoop profile to a bridge domain or AC.
The DHCP snoop trusted attribute is configured on an AC according to the value of the trusted attribute
in the DHCP snoop profile. L2VPN CLI commands are used to display the status of DHCP snoop
attributes on L2VPN bridge domains and ACs.
• show l2vpn bridge-domain bd-name bridgename detail—View the L2VPN DHCP snoop
configuration for the specified bridge domain.
• show l2vpn forwarding interface interface detail location location—View the L2VPN
DHCP snoop configuration for a specific interface.
L2Snoop Commands
L2Snoop receives and transmits DHCP snoop packets between NETIO and the DHCP snoop application
on the RSP.
show l2snoop statistics pcb all—View the L2SNOOP DHCP packet Rx/Tx statistics to and from
the DHCP snoop application on the RSP.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-229
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multiple Spanning Tree
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-230 OL-23591-02
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Troubleshooting Multiple Spanning Tree
Look for topology change notifications. Run the following command and look for TC 1:
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
OL-23591-02 9-231
Chapter 9 Troubleshooting L2VPN and Ethernet Services
Additional References—Command Reference and Configuration Guides
Step 1 To view the BPDUs being sent by MSTAG, run the following command.
RP/0/RSP0/CPU0:router# show spanning-tree mstag protocol-instance-id bpdu interface
interface-name
Step 2 Ensure that the forwarding state is set as it was programmed in the hardware.
Cisco IOS XR Troubleshooting Guide for the Cisco ASR 9000 Aggregation Services Router
9-232 OL-23591-02