Zhone IPD Troubleshooting

Troubleshooting
Network Extenders
 TNE / ENE Questions?
Unable to login Remote TNE / ENE

1)The first thing to verify is that you have the correct default
gateway configured in the TNE / ENE unit.
2)Can you get web access to the unit from the Ethernet ports of the
TNE / ENE unit?
3) Is this the only TNE unit that you can't access?
4) Do you have other TNE units that you can web into?
5) Are you trying to access the TNE through the T1 ports?
6) If you can't access any other units, do you have a firewall
between you and the TNE unit?
7) Do you have a duplicate IP address in your network?
8) What is the IP address, mask, and gateway of the TNE?
9) If you can get access to the ethernet ports of the TNE and can
access web management from there, can you send me the
nvr_backup file from the unit? To get this file, you need to tftp it.
10)The command is: tftp -i 192.168.254.252 get
nvr_backup.bin.Password where the IP address is the address of
your TNE unit, and the Password is your superuser password for
the unit.
 IPD Performance Issues with TNEs:

If performance is really bad

1.On TNExxxx or other network extender:
Check provider vs subscriber setup. On the TIM1500
card this is set to Provider, so the endpoint has to be
Subscriber.
Any upgrades or modifications to this unit recently?
Check TIM1500 line card and check for dropped
packets. Look at line rates.
Are other TNEs doing this?
Check code level. Try a downgrade if recently upgraded.
 Port Level Statistics
%Utilization, Rate, Max, Ave,
Packet Count, Octet Count
WAN Non-Unicast RX
WAN Non-Unicast TX
WAN Unicast RX
WAN Unicast TX

%Utilization and Rate

Total RX
Total TX

Loop detect Count, MAC, Loc.

Up Time (Slot and Port)

Down Time & Link Down Count
Total Link Up and Down Time
Near End RSI (ADSL/ADSL2+)
Far End RSI (ADSL/ADSL2+)
WAN Error Count Rx
Dropped Pkts Tx Overflow
Packet Drop from Config
IPD Management Dropped packets
explained:
The Statistics Information page of a DSL port displays information about the DSL port.
The Stats counters will never reset unless you clear them with the reset button or
reset the BSX or management card.
The [WAN Error Count RX] is any packet that is being dropped on the DSL line
from the modem to the Access card. Ex: AIM24000-48
The [Dropped Packets TX Overflow] are packets that are dropped if there is
more ethernet traffic than the DSL port can forward. Ex: If your DSL port is set to
1Mb in the downstream direction and you try to send 2Mbs of data, you will see the
TX Overflow increment.
The [Dropped Packet Count] is the total number of packets that were dropped
due to the 9 reasons listed below it on the Stats screen. The counters will roll
over to 0 once they hit the maximum 4,294,967,295 which is the decimal equivalent
of 32 bits or 1s (1111111111111111111111111111111) binary.
Dropped packet Counts Explained:
Definitions:
Ingress - An Ingress packet are packets that are coming from the modem to the
Access card.
Egress Packets that are coming from the network or Uplink and going to the
modem.
IPD Management Dropped packets
explained:
Protocol Filter Ingress: Packets that are dropped from the modem
because they dont fall within the Protocol filter setting(s) on the
Configuration page for that port. Ex: If 0800 and 0806 are set, all other
traffic types will be dropped
Protocol Filter Egress: Packets that are being dropped from the core of
the network to the modem because they dont conform to the Protocol filter
that was set.
IP Range (Ingress): Packets from the modem are dropped if they dont fall
into any of the 4 IP Filter Ranges that are available
QoS VLAN Config ingress: Packets coming from the modem that do NOT
fall into any QoS VLAN Rule. With the release of firmware 1.02.02 on the
BSX card, limiting the Unlearned unicast, broadcast, and multicast traffic will
also increment this counter if the value set is exceeded.
QoS VLAN Config Egress: Packets coming from the network to the
modem that do NOT fall into any QoS VLAN rule. With the release of
firmware 1.02.02 on the BSX card, limiting the Unlearned unicast,
broadcast, and multicast traffic will also increment this counter if the value
set is exceeded.
IPD Management Dropped packets
explained:
QoS VLAN Config Egress: Packets coming from the network to the modem that do
NOT fall into any QoS VLAN rule. With the release of firmware 1.02.02 on the BSX
card, limiting the Unlearned unicast, broadcast, and multicast traffic will also
increment this counter if the value set is exceeded.
Database trusted/untrusted violation: If a Loop is detected in the chassis this box
will be checked. A packet coming from the network is considered Trusted and traffic
coming from a modem is Untrusted If a trusted MAC address (coming from the
Network) moves to a DSL port (Untrusted), it will be blocked for a minimum of 5
minutes and will increment the Dropped packet counter for every packet from that
source MAC address. Only the MAC address that is looped will be blocked and not
be able to be forwarded to the backplane. A hard loop facing a T1 port in the
DSLAM for example will cause all packets to be dropped on that port.
Database layer 2 port filter static or dynamic mac violation: If a MAC filter is
configured on a port this box will be checked if an unauthorized MAC address enters
the port
Database static mac moved from a configured port: This box will be checked if
the MAC Address from a configured port moves to another DSL port.
Other drop reason: Line errors or a port dropping link can cause this box to be
checked.
 Duplicate MAC & Network Loop
Detection and Prevention
When a source MAC address has been learned on an uplink port, that same MAC will
not be allowed to source traffic from a DSL or T1/E1 subscriber port until the MAC
has aged from the uplink (MAC is aged from the port 5 minutes after it has last
sourced traffic). When a source MAC is learned on a DSL or T1/E1 subscriber port
and then on an uplink port, the uplink port is always trusted over the subscriber port,
disallowing that MAC from transmitting traffic from the subscriber port until it has aged
from the uplink (5 minutes).

A source MAC address defined in the L2 Filters table of one subscriber port will not
be allowed to source traffic from any other subscriber port until the L2 filter entry is
deleted.
Learned source MAC addresses which are NOT defined in any subscriber L2 filter
tables are allowed to move freely between subscriber ports on the same line card.
Learned source MAC addresses not defined in any subscriber L2 filter tables are
allowed to move between different line card subscriber ports as long as the source
MAC has not been flooded between line cards from VLAN Flood or the source MAC
is transmitting to an unknown destination This causes the source MAC to be
learned on the line card backplane connection (or uplink).
 Duplicate MAC & Network Loop
Detection and Prevention
When two subscriber ports are accidentally bridged together or some other type of
adverse condition creates or simulates a network loop, where a source MAC
address is learned from multiple locations, the same logic mentioned above will
occur:
A. If the source MAC is duplicated on subscriber ports, but not learned on an
uplink port, the MAC is allowed to source traffic from the first learned
subscriber port, but not on the second learned subscriber port until it has aged
from the first.
B. If the source MAC is learned on both a subscriber port and an uplink port, the
MAC is allowed to source traffic from the uplink but not from the subscriber
port until it has aged from the uplink.
Source MAC address duplication will cause an SNMP trap to be sent (if
snmpSecurity_Events Trap is enabled) and the port LED in web management to
change to orange, indicating a MAC movement/duplication violation where
traffic from the duplicated source MAC has been blocked. The SNMP Trap,
Diagnostics Loop Detect/MAC Movement Summary, and Port Statistics indicate
the orange LED slot and port, the number of times packets have been dropped due
to the violation, and the valid slot/port location of the source MAC address. The port
LED will remain orange in web management until the port statistics have been reset
AND the duplicate MAC stops sourcing traffic until it has aged from the original port.
 Duplicate MAC & Network Loop
The slot/port location is only meaningful when the valid location of the source MAC is
on another subscriber port. When the valid location of the source MAC is located on
an uplink port, the slot/port will indicate the slot of the violated MAC and the
backplane port number of the violated MAC (a port number higher than the number of
front panel ports available for that slot).
protocol filter ingress packet received by BLC subscriber port dropped from protocol filter
match/mismatch.
protocol filter egress packet destined out BLC subscriber port dropped from protocol filter
match/mismatch.
IP range (ingress) packet received by BLC subscriber port dropped from IP filter mismatch.
QoS VLAN config ingress packet received by BLC subscriber port dropped because incoming
VLAN tag does not match port VLAN configuration
QoS VLAN config egress packet destined out BLC subscriber port dropped because VLAN tag
does not match port VLAN configuration
Database trusted/untrusted violation source MAC address learned on BLC uplink has also been
learned on the subscriber port. Traffic originating from this source MAC on this subscriber
port will be dropped until the MAC has been aged from the BLC uplink port (5 minute age
time). The purpose of this feature is to prevent subscribers from spoofing the MAC addresses
of important network resources (such as default gateway and servers).
Database static mac moved from a configured port a MAC address defined in a layer 2 port filter
has been learned on a port other than the one where the layer 2 port filter has been defined.
This source MAC will not be allowed to transmit on any subscriber port other than the one
where the filter for this particular MAC has been defined.
Other drop reason packets dropped during DSL link up or there is no destination for the packet
 IPD12000/4000 Traffic Flow

SUBSCRIBER PORT to UPLINK PORT (Default)

By default, all subscriber traffic entering the line card (DSL or
T1/E1), gets forwarded out the [BSX8000-5] uplink ports only. No
communication takes place between line card subscriber ports.
Traffic entering the BSX8000-5 uplink ports with a known (learned)
destination address only gets forwarded to the subscriber port of
that address. Traffic with an unknown destination address and
broadcast traffic entering the BSX8000-5 uplink port gets forwarded
to all subscriber ports. If 802.1q VLAN tagging is used, this
unknown and broadcast traffic only gets forwarded to
subscriber ports configured with a matching VLAN ID. By
default, all VLAN tagged traffic and untagged traffic is allowed to
pass through all uplink ports.
 IPD12000/4000 Traffic Flow

SUBSCRIBER PORT to SUBSCRIBER PORT and UPLINK PORT

The line card ports may be configured to override this default behavior to allow communication
between subscriber ports using a feature called VLAN Flood. Groups of subscriber ports may
be configured with a common VLAN ID with the VLAN mode set to VLAN Flood. This allows
communication between subscriber ports configured with the same VLAN ID AND to the
[BSX8000-5] uplink ports.

Enable VLAN Flood for Subscriber-to-Subscriber Traffic

 IPD12000/4000 Traffic Flow
SUBSCRIBER PORT to SUBSCRIBER PORT but NOT to UPLINK PORT
If it is desirable to allow communication between subscriber ports, but not to the uplink ports,
VLAN Flood may be enabled as described in the previous slide, and the BSX8000-5 uplink
ports may be configured to disallow specified VLAN IDs on a port-by-port basis.

Uplink VLAN Membership Configuration

Backups & New Code Upgrades
Check code release and what is the size of the file? To upgrade the
IPD unit, you need a TFTP client, not a server.

> tftp
-i 192.168.254.252 get nvr_backup.bin.Password
where the IP address is the address of your IPD unit, and the Password is
your superuser password for the unit.

Do you use the command " get nvr_backup.bin.Password to get the backup
file?
If you used the command "get nvr_cfg.bin.Password, this would not save the
management configurations such as the IP address and subnet mask.
Example of TFTP on PC:
If you have a Windows PC the command to use is:
tftp -i 192.168.254.252 put c:\ethX_01_01.bin where the IP address
is the IP of the ETHX box and the ethx1_01_01.bin is the filename.