简介
本文档介绍如何对Cisco IOS® XE平台上的移动技术进行故障排除。
先决条件
要求
Cisco 建议您了解以下主题:
使用的组件
本文档中的信息基于采用Cisco IOS XE软件的路由器。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
背景信息
对移动IP技术进行故障排除时,主要考虑的是蜂窝网接口和无线网络控制器(RNC)之间是否具有良好信号。您的Internet服务提供商(ISP)提供用于在移动节点和外地代理/本地代理(FA/HA)之间建立隧道的IP地址。
未在DMNR隧道0上建立移动节点
本部分提供移动网络(MN)上Tunnel0关闭的常见问题的解决方案。此网络图用作示例:
移动节点无法建立通向外部代理的Tunnel0。
MN#show ip int br | exclude unassigned
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1/0 192.0.2.254 YES NVRAM up up
Cellular0/0/0 203.0.113.1 YES NVRAM up up
Loopback1234 x.x.x.x YES NVRAM up up
诊断问题
1.检查MN上的配置,确认ISP提供的参数是正确的。
配置示例
|
ip mobile secure home-agent
spi 101 key hex <32 Hex digits> algorithm md5 mode prefix-suffix ip mobile router address < Non-routable IP address, local Loopback> home-agent
mobile-network < LAN network to be propagated over the tunnel> reverse-tunnel tunnel mode gre |
2.使用命令show ip mobile router确认发送到ISP的参数。
MN#show ip mobile router
Mobile Router
Enabled 05/29/23 21:57:14
Last redundancy state transition NEVER
Configuration:
Home Address x.x.x.x Mask 255.255.255.0
Home Agent 203.0.113.10 Priority 100 (best)
Registration lifetime 65534 sec
Retransmit Init 1000, Max 5000 msec, Limit 3
Extend Expire 120, Retry 3, Interval 10
Reverse tunnel required
Request GRE tunnel
Multi-path enabled, Requested metric: bandwidth
Mobile Networks: GigabitEthernet1/0 (192.0.2.0/255.255.255.0)
Monitor:
Status -Pending-
No active agent
No Tunnel
3.激活debug ip mobile router detail并检查系统日志中的MobRtrX消息。
MN#debug ip mobile router detail
Mobile router details debugging is on
MN#
*May 29 22:35:19.319: MobRtrX: Register timer to 203.0.113.2 (CoA 203.0.113.2) expired
*May 29 22:35:19.319: MobRtrX: Extsize 18 netcnt 1
*May 29 22:35:19.319: MobRtrX: 1) Mobile network 192.0.2.0/24
*May 29 22:35:19.319: MobRtrX: Roaming Interface Attributes: ID 6 BW 1000000
*May 29 22:35:19.319: MobRtrX: Status Pending -> Pending
*May 29 22:35:28.319:
MobRtrX: Register timer to 203.0.113.2 (CoA 203.0.113.2) expired
*May 29 22:35:28.319:
MobRtrX: Status Isolated -> Isolated ...
要考虑的日志:
- 蜂窝接口向FA/HA发送注册信息,其中转交地址(CoA)是ISP端IP地址的一部分。
MobRtrX:到203.0.113.2(CoA 203.0.113.2)的注册计时器过期
- 发送允许通过隧道的网络通告。
MobRtrX:1)移动网络192.0.2.0/24
- MN等待HA的应答以创建隧道。
MobRtrX:状态待处理 — >待处理
- 已超过计时器。这被宣布为孤立。下一步是执行新请求。
MobRtrX:到203.0.113.2(CoA 203.0.113.2)的注册计时器过期
MobRtrX:状态隔离 — >隔离
4.验证是否已在路由器上执行注册。在此场景中,计数器重新启动以计数器00:00。
MN#show ip mobile router registration
Mobile Router Registrations:
Foreign agent 203.0.113.2:
Registration count 4, Interval 5 sec, On Cellular0/0/0
Care-of addr 203.0.113.2, HA addr 203.0.113.10, Home addr x.x.x.x
Lifetime requested 01:00:00 (3600)
Flags sbdmG-T-, Identification E81FACF1.53E5A9D0
Register next time 00:00:02
Extensions:
Mobile Network 192.0.2.0/24
MN-HA Authentication SPI 101
MN#show ip mobile router registration
Mobile Router Registrations:
Foreign agent 203.0.113.2:
Registration count 4, Interval 5 sec, On Cellular0/0/0
Care-of addr 203.0.113.2, HA addr 203.0.113.10, Home addr x.x.x.x
Lifetime requested 01:00:00 (3600)
Flags sbdmG-T-, Identification E81FACF1.53E5A9D0
Register next time 00:00:01
Extensions:
Mobile Network 192.0.2.0/24
MN-HA Authentication SPI 101
5.使用命令show ip mobile router traffic验证流量状态。
MN#show ip mobile router traffic
Mobile Router Counters:
Agent Discovery:
Solicitations sent 11, advertisements received 494
Agent reboots detected 0
Registration:
Register 988, Deregister 0 requests sent
Register 987, Deregister 0 replies received
Requests accepted 0, denied 0 by HA 0 / FA 0
Denied due to mismatched ID 0
Authentication failed for HA 0 / FA 0
Invalid extensions 0, ignored 0
Invalid home address 0, ID 987
Unknown HA 0 / FA 0
Gratuitous ARPs sent 0
Movement:
Came up on HA 0, on FA 0
Moved HA to FA 0, FA to FA 0, FA to HA 0
Better interface detected 0
New HA Registrations 0
Tunnel Traffic:
Packets received 0, sent 0
Mobile Router Counters:
Bytes received 0, sent 0
Services:
Redundancy state active 0, passive
重要日志:
- 移动节点发送数据包,以验证它是否连接到FA或设备是否已经从其位置移动;此消息是TTL 1的ICMP,在FA收到数据包后,它会以连接到Internet的点(通告)进行回复。
发出了11个请求,收到了通告494
- FA/HA接受要注册的移动节点。
HA 0/FA 0接受到0、拒绝0的请求<失败输出>
已接受请求2,被HA 0 / FA 1拒绝1 <工作输出>
6.继续控制平面中的嵌入式数据包捕获(EPC),以验证向FA注册的数据包,即从FA到移动节点的响应数据包的代码。这显示了失败的原因。
在捕获中,MN发送请求请求隧道,FA回复错误代码78。此代码表示由于数据包传输不正确,因此在MN和HA之间建立隧道时出现问题;由于此情况,FA发送超时。
未建立移动隧道(间歇性连接)
在这种情况下,问题出在ISP提供商没有创建与移动节点到FA的连接,这是在HA和移动节点之间创建隧道的第一步。
移动节点无法建立Tunnel0并维护稳定的隧道。
MN#show log | sec Tunnel
*May 30 17:11:08.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:17:01.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:23:27.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:29:16.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:30:45.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:34:07.719: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*May 30 17:35:16.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
1.检查指向Anthenna(RNC)的蜂窝信号
2.验证移动路由器状态。
MN#show ip mobile router
Mobile Router
Enabled 05/30/23 17:11:00
Last redundancy state transition NEVER
Configuration:
Home Address x.x.x.x Mask 255.255.255.0
Home Agent 203.0.113.10 Priority 100 (best) (current)
Registration lifetime 65534 sec
Retransmit Init 1000, Max 5000 msec, Limit 3
Extend Expire 120, Retry 3, Interval 10
Reverse tunnel required
Request GRE tunnel
Multi-path enabled, Requested metric: bandwidth
Mobile Networks: GigabitEthernet1/0 (192.0.2.0/255.255.255.0)
Monitor:
Status -Pending-
No active agent
No Tunnel
4.启用debug ip mobile router并验证日志。
MN#debug ip mobile router
Mobile router debugging is on
*May 30 18:29:53.103: MobRtr: Delete FA 203.0.113.2 CoA 203.0.113.2 int Cellular0/0/0
*May 30 18:29:53.103: MobRtr: Delete reg to FA 203.0.113.2 (CoA 203.0.113.2) int Cellular0/0/0
*May 30 18:29:53.103: MobRtr: Delete default route (Tunnel0)
*May 30 18:29:53.107: MobRtr: Delete host route to HA 203.0.113.10 via 203.0.113.2 (Cellular0/0/0)
*May 30 18:29:53.107: MobRtr: Delete GW 203.0.113.2
*May 30 18:29:53.111: MobRtr: Status Registered -> Isolated
*May 30 18:29:53.111: MobRtr: Delete tunnel Tunnel0 s x.x.x.x d 203.0.113.10
*May 30 18:30:04.159: MobRtr: New agent 203.0.113.2 CoA 203.0.113.2 int Cellular0/0/0 MAC ca03.429d.0038
*May 30 18:30:04.163: MobRtr: Register reason: left home
*May 30 18:30:04.167: HA entry 203.0.113.10 updated with RegID E820BF2C
*May 30 18:30:04.171: MobRtr: Register to FA 203.0.113.2 CoA 203.0.113.2 home x.x.x.x HA 203.0.113.10 life 36000
int Cellular0/0/0 flag sbdmGT cnt 0 id E820BF2C.2AEC80C8
*May 30 18:30:04.171: MobRtr: Status Isolated -> Pending
*May 30 18:30:04.319: MobRtr: MN rcv accept (0) reply on Cellular0/0/0 from 203.0.113.2 lifetime 36000
id E820BF2C.2AEC80C8
*May 30 18:30:04.323: MobRtr: No Active FA
*May 30 18:30:04.323: MobRtr: Status Pending -> Registered
*May 30 18:30:04.387: MobRtr: Add host route to HA 203.0.113.10 via 203.0.113.2 (Cellular0/0/0) 0
*May 30 18:30:04.391: MobRtr: Add default route via 203.0.113.2 (Tunnel0) 0
MN#
*May 30 18:30:04.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
重要日志:
- 由于连接不稳定,Care of Address(CoA)被断开,因此,通过Tunnel0的默认路由与MN和HA之间的连接一起从MN中删除。这将导致调试处于“隔离”状态。
MobRtr:删除FA 203.0.113.2 CoA 203.0.113.2 int Cellular0/0/0
MobRtr:删除默认路由(Tunnel0)
MobRtr:删除通过203.0.113.2(Cellular0/0/0)到HA 203.0.113.10的主机路由
MobRtr:状态已注册 — >隔离
MobRtr:删除隧道Tunnel0 s x.x.x.x d 203.0.113.10
- 移动节点将ID发送到FA以建立新隧道。
HA条目203.0.113.10已使用RegID E820BF2C更新
MobRtr:注册到FA 203.0.113.2 CoA 203.0.113.2 home x.x.x.x HA 203.0.113.10 life 36000 int Cellular0/0/0 flag sbdmGT cnt 0 id E820BF2C.2AEC80C8
MobRtr:状态已隔离 — >待处理
- 移动节点从HA接收代码0并注册此连接,创建指向MN和HA的主机路由。创建隧道后,默认路由将发送到HA。
MobRtr: 从203.0.113.2生存期36000 id E820BF2C.2AEC80C8到Cellular0/0/0的MN rcv接受(0)应答
MobRtr:状态待处理 — >已注册
MobRtr:添加通过203.0.113.2(Cellular0/0/0)0到HA 203.0.113.10的主机路由
MobRtr:通过203.0.113.2(Tunnel0)0添加默认路由
5 — 继续控制平面中的嵌入式数据包捕获(EPC),验证从MN到FA的数据包,反之亦然。
在捕获中,MN发送请求。HA未收到响应,因此FA使用代码80回复网络,但网络无法到达。
在本场景中,问题在于ISP路径不稳定。HA和FA之间的通信不稳定,并且不会在它们之间创建隧道来传输数据包。
值代码
64 |
原因未指定 |
65 |
管理性禁止 |
66 |
资源不足 |
67 |
移动节点身份验证失败 |
68 |
Home Agent身份验证失败 |
69 |
请求的生命期过长 |
70 |
格式不正确的请求 |
71 |
格式不正确的回复 |
72 |
请求的封装不可用 |
73 |
保留和不可用 |
77 |
转交地址无效 |
78 |
注册超时 |
80 |
Home Network Unreachable(收到ICMP错误) |
81 |
Home Agent Host Unreachable(收到ICMP错误) |
82 |
Home Agent Port Unreachable(收到ICMP错误) |
88 |
Home Agent Unreachable(收到其他ICMP错误) |