Overview of Troubleshooting
This chapter introduces the basic concepts, methodology, and general troubleshooting guidelines for problems that may occur when configuring and using the ASA 1000V.
This chapter includes the following sections:
•Overview of the Troubleshooting Process
•Overview of Best Practices
•Overview of Symptoms
•Troubleshooting with Logs
•Cisco Support Communities
•Contacting Cisco TAC or VMware Customer Support
•Obtaining Documentation and Submitting a Service Request
Overview of the Troubleshooting Process
To troubleshoot your configuration, perform the following steps:
Step 1 Collect information that defines the specific symptoms.
Step 2 Identify all potential problems that could be causing the symptoms.
Step 3 Eliminate each potential problem (from most likely to least likely) until the symptoms disappear.
Overview of Best Practices
Best practices are the recommended steps that you should take to ensure the correct operation of your configuration. We recommend the following general best practices:
•See the ASA 1000V release notes, VNMC 2.0 release notes, and Nexus 1000V release notes for the latest features, guidelines, limitations, and caveats.
•Enable system message logging. See the "Overview of Symptoms" section.
•Verify and troubleshoot any new configuration changes after implementing them.
This section introduces questions to ask when troubleshooting a problem with ASA 1000V or associated components. Use the answers to these questions to identify the scope of the problem and to plan a course of action.
This section includes the following topics:
By answering the questions in the following subsections, you can determine the paths you need to follow and the components that you should investigate further.
Answer the following questions to determine the status of your installation:
•Is this a newly installed system or an existing installation? (It could be a new host, switch, or VLAN).
•Has the host ever been able to see the network?
•Are you trying to solve an existing application problem (too slow, too high latency, excessively long response time) or did the problem show up recently?
•What changed in the configuration or in the overall infrastructure immediately before the applications started to have problems?
To discover a network problem, use the following general network troubleshooting steps:
Step 1 Collect information about problems in your system. See the "Collecting Information" section.
Step 2 Verify the configuration for your storage subsystems and servers.
This section highlights the tools that are commonly used to troubleshoot problems within your network. These tools are a subset of what you may use to troubleshoot your specific problem.
You should also have an accurate topology of your network to help isolate problem areas.
Enter the following commands and examine the outputs:
•show interfaces brief
•show tech support vsn
Overview of Symptoms
The symptom-based troubleshooting approach provides multiple ways to diagnose and resolve problems. By using multiple entry points with links to solutions, this guide best serves users who may have identical problems that are perceived by different indicators. Search this guide in PDF form, use the index, or rely on the symptoms and diagnostics listed in each chapter as entry points to access necessary information in an efficient manner.
Using a given a set of observable symptoms on a network, it is important to be able to diagnose and correct software configuration issues and inoperable hardware components so that the problems are resolved with minimal disruption to the network. Those problems and corrective actions include the following:
•Identify key ASA 1000V troubleshooting tools.
•Obtain packet captures, core dumps, and other diagnostic data for use by the TAC.
The system software sends the syslog (system) messages to the console (and, optionally, to a logging server on another system) during operation. Not all messages indicate a problem with your system. Some messages are only informational, while others might help diagnose problems with links, internal hardware, or the system software.
Troubleshooting with Logs
The ASA 1000V generates many types of system messages and sends them to a syslog server. You can view these messages on the console or through the Adaptive Security Device Manager (ASDM) to determine what events may have led up to the current problem condition.
Use the following commands to access and view logs in the ASA 1000V:
•show logging asdm—Displays ASDM syslog buffer content.
•show logging message—Displays enabled and disabled syslog messages at the non-default level.
•show logging queue—Displays the syslog message queue.
•show logging setting—Displays the syslog message settings.
You may be required to move files to or from the ASA 1000V. These files may include log, configuration, traceroute, or packet capture files.
The ASA 1000V always acts as a client, so that an FTP/HTTP/TFTP session always originates from the ASA 1000V and either pushes files to an external system or pulls files from an external system.
The copy command allows you to copy files between local and remote locations.
The following example shows the options available for the copy command:
/noconfirm Copies the file without a confirmation prompt.
/pcap Copies packets in libpcap format, which can be opened using a standard
packet analyzer tool such as Wireshark.
running-config Specifies the running configuration stored in memory.
startup-config Specifies the startup configuration stored in flash memory.
url Specifies the source or destination file to be copied.
/add-spid Specifies vPath headers included from packets to the exported pcap file.
Cisco Support Communities
For additional information, visit one of the following support communities:
•Cisco Support Community for Server Networking
•Cisco Communities: Nexus 1000V
•Cisco Communities: Network Management
•Cisco Communities: Security
Contacting Cisco TAC or VMware Customer Support
If you are unable to solve a problem after using the troubleshooting suggestions in this guide, contact a customer service representative for assistance and further instructions. Before you call, have the following information ready to help your service provider assist you as quickly as possible:
•Version of the Cisco Nexus 1000V and Cisco VNMC software that you are running
•Version of the ESX or ESXi and vCenter Server software that you are running
•Version of the ASA 1000V software that you are running
•Contact phone number
•Brief description of the problem
•Brief explanation of the steps that you have already taken to isolate and resolve the problem
If you purchased the ASA 1000V and support contract from Cisco, contact the Technical Assistance Center (TAC). Cisco provides L1, L2, and L3 support.
If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco, contact Cisco Technical Support at the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtm
If you purchased the ASA 1000V from Cisco and an SNS through VMware, contact VMware for Cisco Nexus 1000V support. VMware provides L1 and L2 support. Cisco provides L3 support.
After you have collected this information, see the "Obtaining Documentation and Submitting a Service Request" section.
For more information about the steps to take before calling Technical Support, see the "Collecting Information" section.
For more information about the individual components that comprise the ASA 1000V, see the following documentation:
•Cisco Nexus 1000V
•Cisco Virtual Network Management Center (VNMC)
•(Optional) Cisco Virtual Security Gateway (VSG), Version 1.4
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.