Cisco Nexus 5500 Troubleshooting Guide - Troubleshooting System Management Issues [Cisco Nexus 5000 Series Switches]

Table Of Contents

Troubleshooting System Management Issues

SNMP

SNMP memory usage continuously increasing

SNMP not responding

SNMP not responding and show snmp command reports SNMP has timed out

Not able to perform SNMP SET operation

SNMP on BRIDGE-MIB

Logging

System is not responsive

Syslog server not getting messages from DUT

Traps

Traps not received

DNS

DNS resolution not working correctly

Specified domain not removed from domain-list

Troubleshooting System Management Issues

The system management features of the Cisco Nexus 5000 Series switch allow you to monitor and manage your network for efficient device use, role-based access control, SNMP communications, diagnostics, and logging.

This chapter describes how to identify and resolve problems that can occur with system management and the Cisco Nexus 5000 Series switch.

This chapter includes the following sections:

•SNMP

•Logging

•Traps

•DNS

SNMP

SNMP memory usage continuously increasing

The show proc mem | inc snmp command shows continuously increasing SNMP memory usage.

Possible Cause

SNMP memory usage increases when SNMP requests are processed from different monitoring stations. Typically, this situation stabilizes over time. If the memory increases continuously without stabilizing, then some of the SNMP requests are causing a memory leak.

Solution

Review the output from the show system internal snmp mem-stats detail command.

Take example snapshots with the following commands while processing SNMP requests:

•show clock

•show system internal mem-stats detail

•show tech snmp

SNMP not responding

No response or delayed response for SNMP request.

Possible Cause

If the switch CPU utilization is high during the SNMP operations such as GET, GETNEXT and WALK, the response may be very slow or there is no responsethat results in a time-out.

Solution

While SNMP is not responding, check CPU utilization with the following commands:

•show proc cpu history

•show proc cpu sort

The output from this command shows which Nexus 5000 component is using the greatest amount of CPU resources.

SNMP not responding and show snmp command reports SNMP has timed out

SNMP is not responding and the show snmp command reports that SNMP has timed out.

Possible Cause

The SNMP process might have exited, but the process did not crash.

Solution

Use show system internal sysmgr service name snmpd command which should show the state to be"SRV_STATE_HANDSHAKED.

Example:
Service "snmpd" ("snmpd", 74):
UUID = 0x1A, PID = 4131, SAP = 28
State: SRV_STATE_HANDSHAKED (entered at time Mon Jun 14 17:12:15 2010).
Restart count: 1
Time of last restart: Mon Jun 14 17:12:14 2010.
The service never crashed since the last reboot.
Tag = N/A
Plugin ID: 0
Not able to perform SNMP SET operation

The following error appears when trying to perform the SNMP SET operation:
bash-2.05b$ snmpset -v2c -c private 10.78.25.211 .1.3.6.1.4.1.9.9.305.1.1.6.0 i 1
Error in packet.
Reason: notWritable
Possible Cause

The SNMP community does not have write permission.

Solution

Check the output of the show snmp community command to ensure that the write permission is enabled.

Example:
Community            Group / Access      context    acl_filter
private               network-operator               
public                network-admin 
Only "network-admin" has write permissions.
                    snmpset -v2c -c public 10.78.25.211 .1.3.6.1.4.1.9.9.305.1.1.6.0 i 1
                   enterprises.9.9.305.1.1.6.0 = 
SNMP on BRIDGE-MIB

The SNMP GET on BRIDGE-MIB operation does not return correct values and results in errors.

Possible Cause

The BRIDGE-MIB may not be supported.

Solution

Check the release notes to make sure that BRIDGE-MIB is supported on NX-OS Release 4.2(1) or later releases.

Logging

System is not responsive

System performance is significantly slower or non responsive.

Possible Cause

Some system resources may be over-utilized. For example, an incorrect logging level might generate many messages resulting in an impact on system resources.

Solution

Check the logging level on the chassis. If you have a logging level setting, such as 6 or 7, many messages are generated and performance can be impacted. Use the following commands to display the amount of resources that are being used.

•show proc cpu | inc syslogd

•show proc cpu

•show run | inc logging

•show system resource

Syslog server not getting messages from DUT

Although the syslog server is configured, the destination syslog server is not receiving messages from DUT.

Possible Cause

Syslog server might not be accessible or the logging level might not be appropriate.

Solution

•Check to see if the destination syslog server is accessible from VRF management. Use the ping <dest-ip> vrf management command to ping the server.

•Check that the syslog configuration on the DUT has use-vrf management.

Example:
logging server 10.193.12.1 5 use-vrf management
•Check that the appropriate logging level is enabled to send logging messages. Use the show logging info command. If the logging level is not appropriate, then set the appropriate level using the logging level <feature> <log-level> command.

Traps

Traps not received

The results of traps are not received.

Possible Cause

The traps might not be enabled or the SNMP host might not be accessible.

The following are possible causes:

•Traps might not be enabled.

•The SNMP host might not be accessible.

•A firewall might be blocking access.

•An access list might be blocking UDP port 162.

Solution

Use the following commands to check whether the proper VRF is configured for the SNMP host and that the trap is enabled:

•snmp-server enable traps <trapname>

•snmp-server host <x.x.x.x> use-vrf <vrf-name>

where x.x.x.x is the IP address of the trap receiving device.

DNS

DNS resolution not working correctly

When specifying a host name using DNS or VRF, the host name is not resolved and an error occurs.

Possible Cause

The DNS client is not configured correctly.

Solution

Use the following commands to configure the DNS client:

•config t

•vrf context management

•ip host name <address1 [address2... address6]>

•ip domain-name name [use-vrf <vrf-name>]

•ip domain-list name [use-vrf <vrf-name>]

•ip name-server <server-address1 [server-address2... server-address6]>< [use-vrf vrf-name>]

•ip domain lookup

•show hosts

•copy running-config startup-config

Specified domain not removed from domain-list

When using the no ip domain-list <name> command to remove a specified domain from the domain-list, only the most recently added domain is removed.

Possible Cause

The no ip domain-list <name> command is not locating the specified domain.

Solution

There are two possible workarounds:

•To remove a domain using the no ip domain-list <name> command that is not the most recently added domain to the domain-list, you must temporarily remove every domain in the domain-list until reaching the desired domain. Then you must add back the temporarily removed domains to the domain-list.

•An alternative approach is to copy the startup-config and delete the desired domain with a text editor. Then you must load the edited startup-config back onto the device.

	Cisco Nexus 5500 Troubleshooting Guide
	Troubleshooting System Management Issues
Cisco Nexus 5500 Troubleshooting Guide Preface Troubleshooting Overview Troubleshooting FCoE Issues Troubleshooting Layer 2 Switching Issues Troubleshooting QoS Issues Troubleshooting SAN Switching Issues Troubleshooting Security Issues Troubleshooting System Management Issues Troubleshooting Virtual Port Channel Issues Troubleshooting Config-Sync Issues	Download this chapter Troubleshooting System Management Issues Download the complete book Cisco Nexus 5500 Troubleshooting Guide (PDF - 1 MB) Feedback Table Of Contents Troubleshooting System Management Issues SNMP SNMP memory usage continuously increasing SNMP not responding SNMP not responding and show snmp command reports SNMP has timed out Not able to perform SNMP SET operation SNMP on BRIDGE-MIB Logging System is not responsive Syslog server not getting messages from DUT Traps Traps not received DNS DNS resolution not working correctly Specified domain not removed from domain-list Troubleshooting System Management Issues The system management features of the Cisco Nexus 5000 Series switch allow you to monitor and manage your network for efficient device use, role-based access control, SNMP communications, diagnostics, and logging. This chapter describes how to identify and resolve problems that can occur with system management and the Cisco Nexus 5000 Series switch. This chapter includes the following sections: •SNMP •Logging •Traps •DNS SNMP SNMP memory usage continuously increasing The show proc mem \| inc snmp command shows continuously increasing SNMP memory usage. Possible Cause SNMP memory usage increases when SNMP requests are processed from different monitoring stations. Typically, this situation stabilizes over time. If the memory increases continuously without stabilizing, then some of the SNMP requests are causing a memory leak. Solution Review the output from the show system internal snmp mem-stats detail command. Take example snapshots with the following commands while processing SNMP requests: •show clock •show system internal mem-stats detail •show tech snmp SNMP not responding No response or delayed response for SNMP request. Possible Cause If the switch CPU utilization is high during the SNMP operations such as GET, GETNEXT and WALK, the response may be very slow or there is no responsethat results in a time-out. Solution While SNMP is not responding, check CPU utilization with the following commands: •show proc cpu history •show proc cpu sort The output from this command shows which Nexus 5000 component is using the greatest amount of CPU resources. SNMP not responding and show snmp command reports SNMP has timed out SNMP is not responding and the show snmp command reports that SNMP has timed out. Possible Cause The SNMP process might have exited, but the process did not crash. Solution Use show system internal sysmgr service name snmpd command which should show the state to be"SRV_STATE_HANDSHAKED. Example: Service "snmpd" ("snmpd", 74): UUID = 0x1A, PID = 4131, SAP = 28 State: SRV_STATE_HANDSHAKED (entered at time Mon Jun 14 17:12:15 2010). Restart count: 1 Time of last restart: Mon Jun 14 17:12:14 2010. The service never crashed since the last reboot. Tag = N/A Plugin ID: 0 Not able to perform SNMP SET operation The following error appears when trying to perform the SNMP SET operation: bash-2.05b$ snmpset -v2c -c private 10.78.25.211 .1.3.6.1.4.1.9.9.305.1.1.6.0 i 1 Error in packet. Reason: notWritable Possible Cause The SNMP community does not have write permission. Solution Check the output of the show snmp community command to ensure that the write permission is enabled. Example: Community Group / Access context acl_filter private network-operator public network-admin Only "network-admin" has write permissions. snmpset -v2c -c public 10.78.25.211 .1.3.6.1.4.1.9.9.305.1.1.6.0 i 1 enterprises.9.9.305.1.1.6.0 = SNMP on BRIDGE-MIB The SNMP GET on BRIDGE-MIB operation does not return correct values and results in errors. Possible Cause The BRIDGE-MIB may not be supported. Solution Check the release notes to make sure that BRIDGE-MIB is supported on NX-OS Release 4.2(1) or later releases. Logging System is not responsive System performance is significantly slower or non responsive. Possible Cause Some system resources may be over-utilized. For example, an incorrect logging level might generate many messages resulting in an impact on system resources. Solution Check the logging level on the chassis. If you have a logging level setting, such as 6 or 7, many messages are generated and performance can be impacted. Use the following commands to display the amount of resources that are being used. •show proc cpu \| inc syslogd •show proc cpu •show run \| inc logging •show system resource Syslog server not getting messages from DUT Although the syslog server is configured, the destination syslog server is not receiving messages from DUT. Possible Cause Syslog server might not be accessible or the logging level might not be appropriate. Solution •Check to see if the destination syslog server is accessible from VRF management. Use the ping <dest-ip> vrf management command to ping the server. •Check that the syslog configuration on the DUT has use-vrf management. Example: logging server 10.193.12.1 5 use-vrf management •Check that the appropriate logging level is enabled to send logging messages. Use the show logging info command. If the logging level is not appropriate, then set the appropriate level using the logging level <feature> <log-level> command. Traps Traps not received The results of traps are not received. Possible Cause The traps might not be enabled or the SNMP host might not be accessible. The following are possible causes: •Traps might not be enabled. •The SNMP host might not be accessible. •A firewall might be blocking access. •An access list might be blocking UDP port 162. Solution Use the following commands to check whether the proper VRF is configured for the SNMP host and that the trap is enabled: •snmp-server enable traps <trapname> •snmp-server host <x.x.x.x> use-vrf <vrf-name> where x.x.x.x is the IP address of the trap receiving device. DNS DNS resolution not working correctly When specifying a host name using DNS or VRF, the host name is not resolved and an error occurs. Possible Cause The DNS client is not configured correctly. Solution Use the following commands to configure the DNS client: •config t •vrf context management •ip host name <address1 [address2... address6]> •ip domain-name name [use-vrf <vrf-name>] •ip domain-list name [use-vrf <vrf-name>] •ip name-server <server-address1 [server-address2... server-address6]>< [use-vrf vrf-name>] •ip domain lookup •show hosts •copy running-config startup-config Specified domain not removed from domain-list When using the no ip domain-list <name> command to remove a specified domain from the domain-list, only the most recently added domain is removed. Possible Cause The no ip domain-list <name> command is not locating the specified domain. Solution There are two possible workarounds: •To remove a domain using the no ip domain-list <name> command that is not the most recently added domain to the domain-list, you must temporarily remove every domain in the domain-list until reaching the desired domain. Then you must add back the temporarily removed domains to the domain-list. •An alternative approach is to copy the startup-config and delete the desired domain with a text editor. Then you must load the edited startup-config back onto the device.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks