test test-name: Specifies a test name, a case-insensitive string of 1 to 31 characters. To obtain the value range for this option, execute the diagnostic test ? command. If you do not specify this option, this command configures all test items.

test-item: Specifies a test item, a case-insensitive string of 1 to 31 characters. To obtain the value range for this option, execute the diagnostic test test-name ? command.

Usage guidelines

You can perform diagnostic troubleshooting for services running on the device only after you enable diagnostic troubleshooting.

By default, diagnostic troubleshooting is enabled for all services to facilitate device maintenance at any time. Some tests require history running data to perform diagnostic troubleshooting. After you enable diagnostic troubleshooting for a service, the service module will record the running data monitored by the test item in such tests in the GOLD module for the GOLD module to perform diagnostic troubleshooting. Recording running data consumes device resources and affects system performance. If you are not concerned about the running status of a specific service, you can disable diagnostic troubleshooting for a test item to reduce the impact on system performance.

Examples

# Enable diagnostic troubleshooting for SNMP packet processing failures.

<Sysname> system-view

[Sysname] diagnostic troubleshooting snmp-agent packet-process-failure enable

Related commands

diagnostic troubleshooting test

diagnostic troubleshooting health enable

Use diagnostic health enable to enable health diagnostic troubleshooting for a service module.

Use undo diagnostic enable to disable health diagnostic troubleshooting for a service module.

Syntax

diagnostic troubleshooting health [ module module-name ] enable

undo diagnostic troubleshooting health [ module module-name ] enable

Views

System view

Default

Health diagnostic troubleshooting is enabled for service modules.

Predefined user roles

network-admin

Parameters

module module-name: Specifies a module by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, this command enables health diagnostic troubleshooting for all service modules supported on the device.

Usage guidelines

You can perform health diagnostic troubleshooting for services running on the device only after you enable health diagnostic troubleshooting.

With health diagnostic troubleshooting enabled and configuration completed for a service module, the service module records unhealthy service information in the GOLD module for the GOLD module to perform diagnostic troubleshooting. Recording such data consumes device resources and affects system performance. If you are not concerned about the health status of a service module, you can disable health diagnostic troubleshooting for that module to reduce the impact on system performance.

Examples

# Enable health diagnostic troubleshooting for the MPLS TE module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module te enable

Related commands

diagnostic troubleshooting health

CPU diagnostic troubleshooting commands

diagnostic troubleshooting test cpu high-ratio

Use diagnostic test cpu high-ratio to perform diagnostic troubleshooting for CPU usage threshold exceeding events.

Syntax

diagnostic troubleshooting test cpu high-ratio

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The system samples the CPU usage at 1-minute intervals. With diagnostic troubleshooting for CPU usage threshold exceeding events enabled, if the sample is greater than the CPU usage threshold, the device logs a CPU usage threshold exceeding event in the memory of the GOLD module. To configure the CPU usage threshold, use the monitor cpu-usage threshold command.

With this feature enabled, the device displays the following information to help you locate the high CPU usage issue:

· A maximum of seven CPU usage samples.

· A maximum of seven CPU usage threshold exceeding events.

· Information about the top five processes with the highest CPU usage when the most recent CPU usage threshold exceeding event occurred.

For more information about CPU usage alarms, see "Managing hardware resources" in Device Management Configuration Guide.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test cpu high-ratio enable command to enable diagnostic troubleshooting for CPU exceeding threshold events (enabled by default).

Examples

# Perform diagnostic troubleshooting for CPU usage threshold exceeding events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test cpu high-ratio

Slot 1 CPU 0 usage:

Time Usage

2022-07-25 02:37:52 30%

2022-07-25 02:32:16 28%

2022-07-25 02:22:16 28%

2022-07-25 02:12:16 27%

2022-07-25 02:52:16 29%

2022-07-25 01:32:16 28%

2022-07-25 01:12:16 25%

Slot 1 CPU 0 recent high usage records:

Time Severe threshold Minor threshold Usage

2022-07-25 02:18:52 80% 25% 30%

2022-07-25 02:18:53 80% 25% 28%

2022-07-25 02:22:16 80% 25% 28%

2022-07-25 02:12:16 80% 25% 27%

2022-07-25 02:52:16 80% 25% 29%

2022-07-25 01:32:16 80% 25% 28%

2022-07-25 01:12:16 80% 25% 25%

Top 5 slot 1 CPU 0 usage processes in the last record:

JID PID PRI State FDs HH:MM:SS Usage Name

1026 1026 120 S 1188 00:11:16 12.61% forward

999 999 120 S 190 00:00:37 5.55% ifmond

847 847 120 S 183 00:01:10 5.29% drv_app

983 983 120 S 94 00:01:00 4.76% diagd

1201 1201 120 S 199 00:02:09 4.26% pppd

Table 1 Command output

Field	Description
Slot 1 CPU 0 usage	CPU usage of CPU 0 in slot 1. A maximum of 7 events can be recorded.
Time	Time when the CPU usage was sampled.
Usage	CPU usage.
Slot 1 CPU 0 recent high usage records	CPU usage threshold exceeding events on CPU 0 of slot 1. A maximum of 7 events can be recorded.
Severe threshold	Severe CPU usage alarm threshold in percentage. If the sample is greater than the severe CPU usage threshold, the GOLD module logs a CPU usage threshold exceeding event.
Minor threshold	Minor CPU usage alarm threshold in percentage. If the sample is greater than the minor CPU usage threshold, the GOLD module logs a CPU usage threshold exceeding event.
Top 5 slot 1 CPU 0 usage processes in the last record	Information about the top five processes with the highest CPU usage on CPU 0 of slot 1 when the most recent CPU usage threshold exceeding event occurred.
JID	Job ID, which uniquely identifies a process. This ID can survive a process restart.
PID	Process ID.
PRI	Process priority. A process with a higher priority is scheduled the first.
State	State of the process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
FDs	Number of FDs used by the process.
HH:MM:SS	Uptime of the process after the most recent startup of the process. This field displays the uptime only in hours when the uptime is equal to or longer than 100 hours.
Name	Name of the process.

Related commands

diagnostic troubleshooting enable

monitor cpu-usage threshold (System Management Command Reference)

diagnostic troubleshooting test cpu overload

Use diagnostic troubleshooting test cpu overload to perform diagnostic troubleshooting for CPU overload events.

Syntax

diagnostic troubleshooting test cpu overload

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The system samples the CPU usage every time it runs the CPU overload monitoring diagnostic test. The sample is used for CPU overload diagnostic troubleshooting. To enable the CPU overload diagnostic test (enabled by default), use the diagnostic monitor enable command. The default execution interval for the CPU overload monitoring diagnostic test is 30 minutes. To set the interval, execute the diagnostic monitor interval command.

With diagnostic troubleshooting for CPU overload events enabled, if the difference between the current sample and the previous sample is greater than 10%, the device logs a CPU overload event in the memory of the GOLD module.

When you execute this command, the device displays the following information to help you locate the CPU overload issue:

· A maximum of seven CPU overload events.

· Information about the top five processes with the highest CPU usage when the most recent CPU overload event occurred.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test cpu overload enable command to enable diagnostic troubleshooting for CPU overload (enabled by default).

Examples

# Perform diagnostic troubleshooting for CPU overload events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test cpu overload

Slot 1 CPU 0 recent uasge burst records:

Time Usage(%)

2022-07-25 02:18:52 From 10 to 30

Top 5 slot 1 CPU 0 usage processes in the last record:

Process 1011 (forward)

TID LAST_CPU Stack PRI State HH:MM:SS:MSEC Name

1011 12 136K 120 S 0:8:24:620 forward

Thread (LWP 1011):

Switch counts: 1

User stack:

#0 0x00007fb893904dbd in syscall+0x1d/0x37

#1 0x00007fb896160748 in futex_async+0x48/0x50

#2 0x00007fb896161e98 in call_rcu_wait+0xa8/0xb5

#3 0x00007fb896162646 in call_rcu_thread+0x556/0x6ed

#4 0x00007fb899e742de in start_thread+0xfe/0x3e0

Kernel stack:

[<ffffffff9a1090b4>] futex_wait_queue_me+0xc4/0x120

[<ffffffff9a109d16>] futex_wait+0x116/0x270

[<ffffffff9a10bbf7>] do_futex+0x237/0xb40

[<ffffffff9a10c581>] SyS_futex+0x81/0x180

[<ffffffff9a87f3fb>] entry_SYSCALL_64_fastpath+0x1e/0xad

[<ffffffffffffffff>] 0xffffffffffffffff

Process 1016 (ifmond)

TID LAST_CPU Stack PRI State HH:MM:SS:MSEC Name

1016 5 136K 120 S 0:1:0:0 ifmond

Thread (LWP 1026):

Switch counts: 1

User stack:

#0 0x00007fb893904dbd in syscall+0x1d/0x37

#1 0x00007fb896160748 in futex_async+0x48/0x50

#2 0x00007fb896161e98 in call_rcu_wait+0xa8/0xb5

#3 0x00007fb896162646 in call_rcu_thread+0x556/0x6ed

#4 0x00007fb899e742de in start_thread+0xfe/0x3e0

Kernel stack:

[<ffffffff9a1090b4>] futex_wait_queue_me+0xc4/0x120

[<ffffffff9a109d16>] futex_wait+0x116/0x270

[<ffffffff9a10bbf7>] do_futex+0x237/0xb40

[<ffffffff9a10c581>] SyS_futex+0x81/0x180

[<ffffffff9a87f3fb>] entry_SYSCALL_64_fastpath+0x1e/0xad

[<ffffffffffffffff>] 0xffffffffffffffff

…

Table 2 Command output

Field	Description
Slot 1 CPU 0 recent uasge burst records	CPU overload events on CPU 0 of slot 1. A maximum of 7 events can be recorded.
Time	Time when the CPU usage was sampled.
Usage(%)	CPU usage in percentage.
Top 5 slot 1 CPU 0 usage processes in the last record	Information about the top five processes with the highest CPU usage on CPU 0 slot 1 when the most recent CPU overload event occurred.
Process 1011 (forward)	ID and name of the process.
TID	ID of the thread.
LAST_CPU	CPU where the process was running when the process was scheduled most recently.
Stack	Stack size, in KB.
PRI	Priority for the thread to use the CPU.
State	State of the thread: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
HH:MM:SS:MSEC	Uptime of the thread after the most recent startup of the thread.
Name	Name of the thread.
Thread (LWP 1026)	Sub thread of the thread to be tracked.
Switch counts	Number of calls for the thread.
User stack	User stack information. This field is displayed only for a user process.
Kernel stack	Kernel stack information. This field is displayed only for a kernel process.

Related commands

diagnostic monitor enable (System Management Command Reference)

diagnostic monitor interval (System Management Command Reference)

diagnostic troubleshooting enable

Memory diagnostic troubleshooting commands

diagnostic troubleshooting test memory high-ratio

Use diagnostic troubleshooting test memory high-ratio to perform diagnostic troubleshooting for insufficient free memory space events.

Syntax

diagnostic troubleshooting test memory high-ratio

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The system samples the free memory usage at 5-second intervals. With diagnostic troubleshooting for insufficient free memory space events enabled, if the sample is lower than the free memory usage threshold, the device logs a free memory threshold exceeding event in the memory of the GOLD module. To configure the free memory usage threshold, use the memory-threshold command.

When you execute this command, the device displays the current memory usage and the most insufficient free memory space events to help you locate the issue. The system can display a maximum of seven insufficient free memory space events.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test memory high-ratio enable command to enable diagnostic troubleshooting for insufficient free memory space events.

Examples

# Perform diagnostic troubleshooting for insufficient free memory space events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting memory high-ratio

Memory statistics are measured in KB:

Slot 1:

Total Used Free Shared Buffers Cached FreeRatio

Mem: 4046200 3571064 475136 0 128408 842768 11.7%

-/+ Buffers/Cache: 2599888 1446312

Swap: 998396 108704 889692

Container memory statistics are measured in KB:

Slot 1:

Total Used Free UsageRatio

Mem: 4046200 1459352 475136 36.1%

Slot 1 recent high memory usage records:

Time Threshold FreeRatio

2022-07-25 02:27:52 10% 6.6%

2022-07-24 02:22:16 10% 6.1%

2022-07-23 02:17:14 10% 6.2%

2022-07-22 02:12:13 10% 6.6%

2022-07-21 02:07:11 10% 6.5%

2022-07-20 02:02:13 10% 5.6%

2022-07-19 01:57:11 10% 6.4%

Table 3 Command output

Field	Description
Memory statistics are measured in KB:	Memory usage information on the physical device, in KB.
Mem	Memory usage information.
Total	Total size of the physical memory space that can be allocated. The memory space is virtually divided into two parts. The size of part 2 equals the total size minus the size of part 1. Part 1 is solely used for kernel code and kernel management. Part 2 can be allocated and used for such tasks as running service modules and storing files.
Used	Used physical memory.
Free	Free physical memory.
Shared	Physical memory shared by processes. This field displays two hyphens (--) if it is not supported.
Physical memory used for buffers.	Physical memory used for buffers. This field displays two hyphens (--) if it is not supported.
Cached	Physical memory used for caches. This field displays two hyphens (--) if it is not supported.
Caches	Physical memory used for caches.
FreeRatio	Free memory ratio.
-/+ Buffers/Cache	-/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the physical memory used by applications. -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the physical memory available for applications.
Swap	Memory space for swapping.
LowMem	Low-end memory usage.
HighMem	High-end memory usage.
Container memory statistics are measured in KB	Container memory usage information: · Total—Total size of the physical memory space that can be allocated in the Comware container, in KB. · Used—Used physical memory in the Comware container, in KB. · Free—Free physical memory in the Comware container, in KB. · UsageRatio—Free physical memory usage in the Comware container.
Slot 1 recent high memory usage records	Memory threshold exceeding events on CPU 0 of slot 1. A maximum of 7 events can be recorded.
Time	Time when the insufficient free memory space event occurred.
Threshold	Memory threshold.

Related commands

diagnostic troubleshooting enable

memory-threshold (System Management Command Reference)

diagnostic troubleshooting test memory overload

Use diagnostic troubleshooting test memory overload to perform diagnostic troubleshooting for memory overload events.

Syntax

diagnostic troubleshooting test memory overload

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The system samples the memory usage every time it runs the memory overload monitoring diagnostic test. The sample is used for memory overload diagnostic troubleshooting. To enable the memory overload diagnostic test (enabled by default), use the diagnostic monitor enable command. The default execution interval for the memory overload monitoring diagnostic test is 12 hours. To set the interval, execute the diagnostic monitor interval command.

With diagnostic troubleshooting for memory overload events enabled, if the different between the current sample and the previous sample is greater than 50M, the device logs a memory overload event in the memory of the GOLD module.

When you execute this command, the device displays the following information to help you locate the issue:

· A maximum of seven memory overload events.

· Information about the top five processes with the highest memory usage when the most recent memory overload event occurred.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test memory overload enable command to enable diagnostic troubleshooting for memory overload events.

Examples

# Perform diagnostic troubleshooting for memory overload events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting memory overload

Slot 1 recent memory usage burst records:

Time Memory used (MB)

2022-07-25 08:18:52 From 456 to 556

2022-07-25 07:18:52 From 456 to 556

2022-07-25 06:18:52 From 456 to 556

2022-07-25 05:18:52 From 456 to 556

2022-07-25 04:18:52 From 456 to 556

2022-07-25 03:18:52 From 456 to 556

2022-07-25 02:18:52 From 456 to 556

Slot 1 top 5 memory usage processes in the last record:

Process: scmd (jobID 1)

Total allocated memory: 393760 bytes

Total free memory: 144672 bytes

Heap usage of the job:

Tag UsedBlocks UsedBytes FreeBlocks FreeBytes

0x0 1412 362704 24 144304

0x1060000 2 96 0 0

0x1090000 0 0 3 240

0x10b0000 3 96 2 64

0x1120000 7 2496 0 0

0x1150000 1 64 1 64

0x1570000 1 11536 0 0

0x15a0000 26 16768 0 0

Process: aaa (jobID 2)

Total allocated memory: 393760 bytes

Total free memory: 144672 bytes

Heap usage of the job:

Tag UsedBlocks UsedBytes FreeBlocks FreeBytes

0x0 1412 362704 24 144304

0x1060000 2 96 0 0

0x1090000 0 0 3 240

0x10b0000 3 96 2 64

0x1120000 7 2496 0 0

0x1150000 1 64 1 64

0x1570000 1 11536 0 0

0x15a0000 26 16768 0 0

Table 4 Command output

Field	Description
Slot 1 recent memory usage burst records	Most recent memory overload events on slot 1. A maximum of 7 events can be recorded.
Time	Time when the memory overload event was triggered.
Memory used (MB)	Used memory in the last sample and the current sample in MB, respectively.
Slot 1 top 5 memory usage processes in the last record	Memory usage information for the top 5 processes with the highest memory usage increase.
Process: scmd (jobID 1)	Process with a name of scmd and job ID of 1.
Total allocated memory	Size of heap memory used by the process, in bytes.
Total free memory	Size of free heap memory for the process, in bytes.
Heap usage of the job	Heap memory usage of the process.
Tag	ID of the system internal software module.
UsedBlocks	Number of used memory blocks.
UsedBytes	Size of used memory, in bytes.
FreeBlocks	Number of free memory blocks.
FreeBytes	Size of free memory, in bytes.

Related commands

diagnostic monitor enable (System Management Command Reference)

diagnostic monitor interval (System Management Command Reference)

diagnostic troubleshooting enable

AAA diagnostic troubleshooting commands

diagnostic trouble-shooting health module aaa

Use diagnostic trouble-shooting health module aaa to perform health diagnostic troubleshooting for the AAA module.

Syntax

diagnostic trouble-shooting health module aaa

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to identify whether the AAA module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting health module aaa enable command to enable health diagnostic troubleshooting for the AAA module.

Examples

# Perform health diagnostic troubleshooting for the AAA module.

<Sysname> system-view

[Sysname] diagnostic trouble-shooting health module aaa

Start diagnose at 2023-03-25 08:53:55

please wait.Done.

End diagnose at 2023-03-25 08:53:56,Actual time:1 seconds.

Last system health for aaa:

------------------------------------------------------------

AAA Health Records

------------------------------------------------------------

PADS Type Detection time Description

AAA_RADIUS_RESOURCE_ERR2023-03-25,08:53:49 Failed to allocate PktID at packet resending.

------------------------------------------------------------

Total number of records: 1

Table 5 Command output

Field	Description
Start diagnose at	Time when health diagnostic troubleshooting started.
End diagnose at	Time when health diagnostic troubleshooting ended.
Actual time	Duration of the health diagnostic troubleshooting process, in seconds.
Last system health for aaa	Most recent health diagnostic troubleshooting for the AAA module.
AAA Health Records	Health Information troubleshooting for the AAA module.
PADS Type	Health event type. Options include: AAA_RADIUS_RESOURCE_ERR: Resource error of the AAA RADIUS module.
Detection time	Time when the event was triggered.
Description	Description of the event.
Total number of records	Total number of health events.

Related commands

diagnostic trouble-shooting health enable

diagnostic troubleshooting test aaa-fault abnormal-offline-record

Use diagnostic troubleshooting test aaa-fault abnormal-offline-record to perform diagnostic troubleshooting for unexpected user offline events on the AAA module.

Syntax

diagnostic troubleshooting test aaa-fault online-fail-record [ access-type { ipoe | lan-access | login | portal | ppp } | domain domain-name | interface interface-type interface-number | { ip-address ipv4-address | ipv6-address ipv6-address } | mac-address mac-address | s-vlan svlan-id [ c-vlan cvlan-id ] | slot slot-number | username user-name ] *

Views

System view

Predefined user roles

network-admin

Parameters

access-type: Specifies users by the access type.

ipoe: Specifies IPoE users.

lan-access: Specifies LAN users, such as 802.1X users and MAC authentication users.

portal: Specifies portal users.

ppp: Specifies PPP users.

domain domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

slot slot-number: Specifies a card by its slot number.

ip-address ipv4-address: Specifies a user by its IPv4 address.

ipv6-address ipv6-address: Specifies a user by its IPv6 address.

mac-address mac-address: Specifies a user by its MAC address in the format of H-H-H.

s-vlan svlan-id: Specifies an SVLAN by its VLAN ID in the range of 1 to 4094.

c-vlan cvlan-id: Specifies a CVLAN by its VLAN ID in the range of 1 to 4094.

username user-name: Specifies users using the specified username, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Application scenarios

After you execute this command, the device will execute the display aaa abnormal-offline-record command immediately. You can view the unexpected user offline events and locate the issue.

Prerequisites

Perform the following tasks before you execute this command:

· Use the aaa abnormal-offline-record enable command to enable unexpected user offline event recording.

· Use the diagnostic troubleshooting test aaa-fault abnormal-offline-record enable command to enable diagnostic troubleshooting for unexpected user offline events on the AAA module.

Restrictions and guidelines

If you do not specify any parameters, this command displays unexpected user offline events for all access users in the system.

Examples

# Perform diagnostic troubleshooting for unexpected user offline events of user abc on the AAA module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-fault abnormal-offline-record username abc

Start diagnose at 2023-03-25 09:44:36

please wait.Done.

End diagnose at 2023-03-25 09:44:37,Actual time:1 seconds.

Username: abc

Domain: system

MAC address: -

Access type: Telnet

Access interface: -

SVLAN/CVLAN: -/-

IP address: 1.1.1.2

IPv6 address: -

Online request time: 2023/03/25 09:41:37

Offline time: 2023/03/25 09:41:43

Offline reason: User disconnected from the server.

For more output information, see the display aaa online-fail-record command in User Access and Authentication Command Reference.

Related commands

aaa abnormal-offline-record enable (User Access and Authentication Command Reference)

diagnostic troubleshooting test aaa-fault abnormal-offline-record enable

display aaa abnormal-offline-record (User Access and Authentication Command Reference)

diagnostic troubleshooting test aaa-fault login-exception

Use diagnostic troubleshooting test aaa-fault login-exception to perform diagnostic troubleshooting for login exceptions.

Syntax

diagnostic troubleshooting test aaa-fault login-exception [ domain | line | local-user | role ]

Views

System view

Predefined user roles

network-admin

Parameters

domain: Specifies the display domain command.

line: Specifies the display line command.

local-user: Specifies the display local-user command.

role: Specifies the display role command.

Usage guidelines

Application scenarios

This command is applicable to scenarios where the following exceptions occur when a user tries to log in to the device through AAA:

· The user fails to log in to the device.

· The user is disabled from logging in to the device after the number of login attempts reaches the upper limit.

· The user does not have the privileges to some commands after login to the device.

· The user cannot create or edit a local user after it logs in to the device.

Log in to the device as a super administrator (with a role of network-admin, or level-15 user). Then execute this command on the device to display the configuration and check the AAA troubleshooting guide to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test aaa-fault login-exception enable command to enable diagnostic troubleshooting for login exceptions.

Restrictions and guidelines

If you do not specify any parameters, the device will execute the display domain, display local-user, display line, and display role commands immediately after this command is executed.

Examples

# Perform diagnostic troubleshooting for login exceptions and execute the display domain command.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-fault login-exception domain

Start diagnose at 2023-03-25 02:23:50

please wait.Done.

End diagnose at 2023-03-25 02:23:51,Actual time:1 seconds.

display domain info:

--------------------------------------------------------------------------------

Domain: system

Current state: Active

State configuration: Active

...

For more output information, see the display domain command in User Access and Authentication Command Reference.

Related commands

diagnostic troubleshooting test aaa-fault login-exception enable

display domain (User Access and Authentication Command Reference)

display line (Fundamentals Command Reference)

display local-user (User Access and Authentication Command Reference)

display role (Fundamentals Command Reference)

diagnostic troubleshooting test aaa-fault online-fail-record

Use diagnostic troubleshooting test aaa-fault online-fail-record to perform diagnostic troubleshooting for user online failure events.

Syntax

Views

System view

Predefined user roles

network-admin

Parameters

access-type: Specifies users by the access type.

ipoe: Specifies IPoE users.

lan-access: Specifies LAN users, such as 802.1X users and MAC authentication users.

portal: Specifies portal users.

ppp: Specifies PPP users.

domain domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

slot slot-number: Specifies a card by its slot number.

ip-address ipv4-address: Specifies a user by its IPv4 address.

ipv6-address ipv6-address: Specifies a user by its IPv6 address.

mac-address mac-address: Specifies a user by its MAC address in the format of H-H-H.

s-vlan svlan-id: Specifies an SVLAN by its VLAN ID in the range of 1 to 4094.

c-vlan cvlan-id: Specifies a CVLAN by its VLAN ID in the range of 1 to 4094.

username user-name: Specifies users using the specified username, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Application scenarios

After you execute this command, the device will execute the display aaa online-fail-record command immediately. You can view the user online failure records and locate the issue.

Prerequisites

Perform the following tasks before you execute this command:

· Use the aaa online-fail-record enable command to enable user online failure recording.

· Use the diagnostic troubleshooting test aaa-fault online-fail-record enable command to enable diagnostic troubleshooting for user online failure events.

Restrictions and guidelines

If you do not specify any parameters, this command displays online failure events for all access users in the system.

Examples

# Perform diagnostic troubleshooting for user online failure events through telnet.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-fault online-fail-record username telnet

Start diagnose at 2023-03-25 02:47:54

please wait.Done.

End diagnose at 2023-03-25 02:47:55,Actual time:1 seconds.

display aaa online-fail-record username telnet

Username: telnet

Domain: system

MAC address: -

Access type: Telnet

Access interface: -

SVLAN/CVLAN: -/-

IP address: 192.168.100.60

IPv6 address: -

Online request time: 2023/03/25 02:44:14

Online failure reason: The local user doesn't exist.

For more output information, see the display aaa online-fail-record in User Access and Authentication Command Reference.

Related commands

aaa online-fail-record enable (User Access and Authentication Command Reference)

diagnostic troubleshooting test aaa-fault online-fail-record enable

display aaa online-fail-record (User Access and Authentication Command Reference)

diagnostic troubleshooting test aaa-fault password-control-exception

Use diagnostic troubleshooting test aaa-fault password-control-exception to perform diagnostic troubleshooting for local password control exceptions.

Syntax

diagnostic troubleshooting test aaa-fault password-control-exception

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

When password control is enabled on the device, login password configuration and update for local users will be controlled. If local user password control has exceptions, local user creation or local user password configuration failure might occur, or the system might require a password change upon user login.

To locate such issues, you can log in to the device as a super administrator (with a role of network-admin, or level-15 user). Then execute this command on the device to display the configuration and check the password control troubleshooting guide to locate the issue.

After you execute this command, the device will execute the display memory-threshold, display password-control, and display local-user commands in turn immediately.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test aaa-fault password-control-exception enable command to enable diagnostic troubleshooting for local password exceptions.

Examples

# Perform diagnostic troubleshooting for local password control exceptions.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-fault password-control-exception

Start diagnose at 2023-03-25 03:01:28

please wait.Done.

End diagnose at 2023-03-25 03:01:29,Actual time:1 seconds.

display memory-threshold info:

--------------------------------------------------------------------------------

Free memory threshold:

Minor: 80M

Severe: 48M

Critical: 32M

Normal: 128M

Current memory state: Normal

...

display password-control info:

--------------------------------------------------------------------------------

Password control: Disabled (device management users)

Disabled (network access users)

Password aging: Enabled (90 days)

Password length: Enabled (10 characters)

...

display local-user info:

--------------------------------------------------------------------------------

Device management user admin:

State: Active

Service type: HTTP

User group: system

...

For more information about the output, see display memory-threshold in System Management Command Reference, display password-control and display local-user in User Access and Authentication Command Reference.

Related commands

display local-user (User Access and Authentication Command Reference)

display memory-threshold (System Management Command Reference)

display password-control (User Access and Authentication Command Reference)

diagnostic troubleshooting test aaa-process local

Use diagnostic troubleshooting test aaa-process local to perform diagnostic troubleshooting for local authentication user online exceptions.

Syntax

diagnostic troubleshooting test aaa-process local [ interface interface-type interface-number | username user-name ] * [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

username user-name: Specifies users using the specified username, a case-sensitive string of 1 to 253 characters.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 1 to 60 seconds. The default value is 60 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

Application scenarios

This command is used to identify the causes of anomalies during the user onboarding process in AAA. When this command is executed, the system continuously collects exception information during local authentication, authorization, and accounting processes for access users. It then output the faults that occurred during the diagnostic period and detailed reasons for these faults after diagnostic troubleshooting completes.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test aaa-process local enable command to enable diagnostic troubleshooting for local authentication user online exceptions.

Restrictions and guidelines

If you do not specify any parameters, this command displays online failure events for all local authentication users in the system.

Examples

# Perform diagnostic troubleshooting for local authentication user online exceptions.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-process local username telnet diagnostic-time 60

Start diagnose at 2023-03-25 03:13:27, Estimated time:60 seconds.

Please wait..............................................................Done.

End diagnose at 2023-03-25 03:14:28, Actual time:61 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

Datatime: 2023-03-25 03:13:37:377, Interface: N/A, Access type: telnet

User name: telnet

Reason: User not found.

Datatime: 2023-03-25 03:14:18:896, Interface: N/A, Access type: telnet

User name: telnet

Reason: User not found.

--------------------------------------------------------------------------------

Table 6 Command output

Field	Description
Start diagnose at	Time when health diagnostic troubleshooting started.
Estimated time	Estimated duration of the health diagnostic troubleshooting process, in seconds.
End diagnose at	Time when health diagnostic troubleshooting ended.
Actual time	Actual duration of the health diagnostic troubleshooting process, in seconds.
Diagnosis report	Diagnostic information.
Datatime	Time when the failure occurred.
Interface	Interface through which the user accesses the network. This field displays a hyphen (-) if the system failed to obtain the access interface.
Access type	Access type of the user: · terminal—Terminal users, for example, users that log in from the console port. · command—CLI-authorized users.
User name	Username.
Reason	Failure reason.

Related commands

diagnostic troubleshooting test aaa-process local enable

diagnostic troubleshooting test aaa-process online-offline-record

Use diagnostic troubleshooting test aaa-process online-offline-record to perform diagnostic troubleshooting for user online and offline exceptions.

Syntax

diagnostic troubleshooting aaa-process online-offline-record [ access-type { ipoe | lan-access | login | portal | ppp } | interface interface-type interface-number | username user-name ] * [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

access-type: Specifies users by the access type.

ipoe: Specifies IPoE users.

lan-access: Specifies LAN users, such as 802.1X users and MAC authentication users.

portal: Specifies portal users.

ppp: Specifies PPP users.

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

username user-name: Specifies users using the specified username, a case-sensitive string of 1 to 253 characters.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 1 to 600 seconds. The default value is 60 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

Application scenarios

This command helps identify the reasons for user online and offline exceptions. When this command is executed, the system continuously collects user online and offline information and outputs user online failure information and offline information during the diagnostic troubleshooting period.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test aaa-process online-offline-record enable command to enable diagnostic troubleshooting for user online and offline exceptions.

Restrictions and guidelines

If you do not specify any parameters, this command displays online failure events and offline information for all access users in the system.

Examples

# Perform diagnostic troubleshooting for online and offline exceptions for user telnet, with a diagnostic duration of 30 seconds.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-process online-offline-record username telnet

Start diagnose at 2023-03-25 05:49:46, Estimated time:30 seconds.

Please wait................................Done.

End diagnose at 2023-03-25 05:50:17, Actual time:31 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

Datatime: 2023-03-25 05:50:00:603, Interface: N/A, Access type: login

User name: telnet

Reason: Authentication failed.

--------------------------------------------------------------------------------

Table 7 Command output

Field	Description
Start diagnose at	Time when health diagnostic troubleshooting started.
Estimated time	Estimated duration of the health diagnostic troubleshooting process, in seconds.
End diagnose at	Time when health diagnostic troubleshooting ended.
Actual time	Actual duration of the health diagnostic troubleshooting process, in seconds.
Diagnosis report	Diagnostic information.
Datatime	Time when the failure occurred.
Interface	Interface through which the user accesses the network. This field displays a hyphen (-) if the system failed to obtain the access interface.
Access type	Access type of the user: · ppp—PPP users. · lan-access—LAN access users. · login—Login users. · portal—Portal users. · ipoe—IPoE users.
User name	Username.
Reason	Failure reason.

Related commands

diagnostic troubleshooting test aaa-process online-offline-record enable

diagnostic troubleshooting test aaa-process remote

Use diagnostic troubleshooting test aaa-process remote to perform diagnostic troubleshooting for remote authentication user online exceptions.

Syntax

diagnostic troubleshooting test aaa-process remote [ interface interface-type interface-number | username user-name ] * [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

username user-name: Specifies users using the specified username, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Application scenarios

This command identifies the reasons for AAA remote authentication user online exceptions. When this command is executed, the system continuously collects exception information occurred during authentication, authorization, and accounting by remote RADIUS, HWTACACS, and LDAP servers and outputs failure information during the diagnostic troubleshooting period.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test aaa-process remote enable command to enable diagnostic troubleshooting for remote authentication user online exceptions.

Restrictions and guidelines

If you do not specify any parameters, this command displays online failure events and offline information for all remote authentication users in the system.

Examples

# Perform diagnostic troubleshooting for remote authenticated user to log on exceptions for user abc, with a diagnostic duration of 30 seconds.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test aaa-process remote username abc diagnostic-time 120

Start diagnose at 2023-03-25 09:01:10, Estimated time:60 seconds.

Please wait..............................Done.

End diagnose at 2023-03-25 09:01:41, Actual time:31 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

Datatime: 2023-03-25 09:01:33:758, Interface: N/A, Access type: TELNET

User name: abc

Reason: [RADIUS] Server unreachable.

Table 8 Command output

Field	Description
Start diagnose at	Time when health diagnostic troubleshooting started.
Estimated time	Estimated duration of the health diagnostic troubleshooting process, in seconds.
End diagnose at	Time when health diagnostic troubleshooting ended.
Actual time	Actual duration of the health diagnostic troubleshooting process, in seconds.
Diagnosis report	Diagnostic information.
Datatime	Time when the failure occurred.
Interface	Interface through which the user accesses the network. This field displays a hyphen (-) if the system failed to obtain the access interface.
Access type	Access type of the user: · Terminal—Terminal users, for example, users that log in from the console port. · Command—CLI authorized users.
Username	Username.
Reason	Failure reason.

Related commands

diagnostic troubleshooting test aaa-process remote enable

LDP diagnostic troubleshooting commands

diagnostic troubleshooting health module ldp

Use diagnostic troubleshooting health module ldp to enable health diagnostic troubleshooting for the LDP module.

Syntax

diagnostic troubleshooting health module ldp

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to identify whether the LDP module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

For this command to take effect, first use the diagnostic troubleshooting health module ldp enable command to enable health diagnostic troubleshooting for the LDP module.

Examples

# Perform health diagnostic troubleshooting for the LDP module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module ldp enable

[Sysname] diagnostic troubleshooting health module ldp

Show LDP health events:

--------------------------------------------------------------------------------

Health event Detect time Description

--------------------------------------------------------------------------------

RES_LABEL_ALLOC_FAIL 2022-4-20 10:01:50 Failed to alloc labels to LDP. (ErrorCode=[1] )

Table 9 Command output

Field	Description
Health event	Health event type: · RES_LABEL_ALLOC_FAIL—The system fails to allocate LDP labels. · RES_LABEL_ALLOC_RESUME—The number of available LDP labels has restored.
Detect time	Time when the event was triggered.
Description	Description of the event.

Related commands

diagnostic troubleshooting health enable

diagnostic troubleshooting test neighbor-create-abnormal ldp

Use diagnostic troubleshooting test neighbor-create-abnormal ldp to perform diagnostic troubleshooting for LDP session setup failure events.

Syntax

diagnostic troubleshooting test neighbor-create-abnormal ldp { local [ vpn-instance vpn-instance-name ] peer peer-lsr-id interface interface-type interface number | remote peer peer-lsr-id } [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

local: Specifies a local LDP session.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command performs diagnostic troubleshooting for LDP session setup failure events for the public network.

peer peer-lsr-id: Specifies an LDP peer by its LSR ID.

interface-type interface-number: Specifies an interface by its type and number.

remote peer peer-lsr-id: Specifies a remote LDP peer by its LSR ID.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 1 to 60seconds. The default value is 30 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test neighbor-create-abnormal ldp enable command to enable diagnostic troubleshooting for LDP session setup failure events.

With health diagnostic troubleshooting enabled and configuration completed for the LDP module, the LDP module records LDP session setup failure events in the GOLD module for the GOLD module to perform diagnostic troubleshooting.

Recording LDP session setup failure events consumes device resources and affects system performance. If you are not concerned about the running status of the LDP module, you can disable diagnostic troubleshooting for LDP session setup failure events.

Examples

# Perform diagnostic troubleshooting for LDP session setup failure events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test neighbor-create-abnormal ldp enable

[Sysname] diagnostic troubleshooting test neighbor-create-abnormal ldp remote peer 2.2.2.2

Start diagnose at 2022-09-29 06:41:20, Estimated time:30 seconds.

Please wait.....................Done.

End diagnose at 2022-09-29 06:41:40, Actual time:30 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

PeerID Status Reason

2.2.2.2 NOT_EXISTENT No LSR-ID

--------------------------------------------------------------------------------

Table 10 Command output

Field	Description
Peer ID	LSR ID of the LDP peer.
Status	LDP session status: · NOT_EXISTENT—The session does not exist. · INITIALIZED—The session is being initialized. · OPEN_SENT—The session has sent an Init message and is waiting for the Init message from the peer. · OPEN_RECV—The session has been sent an Open message and is waiting for the Open message from the peer. · OPER—The session is in up state.
Reason	Reason why the LDP session cannot be set up: · Device in memory-threshold. · No LSR-ID. · Local interface down. · Local interface has no IPv4 address. · Local interface has no MPLS capability. · Local interface has no LDP capability. · No hello packet received. · No target peer.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test neighbor-flap ldp

Use diagnostic troubleshooting test neighbor-flap ldp to perform diagnostic troubleshooting for LDP peer down events.

Syntax

diagnostic troubleshooting test neighbor-flap ldp [ [ vpn-instance vpn-instance-name ] peer peer-id ]

Views

System view

Predefined user roles

network-admin

Parameters

peer peer-lsr-id: Specifies an LDP peer by its LSR ID.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test neighbor-flap ldp enable command to enable diagnostic troubleshooting for LDP peer down events.

With health diagnostic troubleshooting enabled and configuration completed for the LDP module, the LDP module records LDP peer down events in the GOLD module for the GOLD module to perform diagnostic troubleshooting. Recording LDP peer down events consumes device resources and affects system performance. If you are not concerned about the running status of the LDP module, you can disable diagnostic troubleshooting for LDP peer down events.

Examples

# Perform diagnostic troubleshooting for down events of the LDP peer at 2.2.2.2.

<Sysname> system-view

[Sysname] diagnostic troubleshooting neighbor-flap ldp enable

[Sysname] diagnostic troubleshooting neighbor-flap ldp peer 2.2.2.2

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait......................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

PeerID Down time Duration time Reason

2.2.2.2 2022-04-01 10:15:35 1h32m19s Interface not operational

--------------------------------------------------------------------------------

Table 11 Command output

Field	Description
PeerID	LSR ID of the LDP peer.
Down time	Time when the LDP peer was down.
Duration time	Duration that the peer is in down state.
Reason	Reason that the LDP peer was down: · Interface not operational. · MPLS disabled on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · VPN instance changed on interface. · LDP instance deleted. · Targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · Session protection disabled targeted peer. · OSPF Remote LFA disabled targeted peer. · IS-IS Remote LFA disabled targeted peer. · Process deactivated. · Failed to receive the initialization message. · Graceful restart reconnect timer expired. · Failed to recover adjacency by NSR. · Failed to upgrade session by NSR. · Closed the GR session. · Keepalive hold timer expired. · Hello hold timer expired. · Session reset. · TCP connection down. · Received a fatal notification message. · Internal error. · Memory in critical state. · Transport address changed on interface. · MD5 password changed.

MPLS TE diagnostic troubleshooting commands

diagnostic troubleshooting health module te

Use diagnostic troubleshooting health module te to enable health diagnostic troubleshooting for the MPLS TE module.

Syntax

diagnostic troubleshooting health module te

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to identify when the MPLS TE module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

For this command to take effect, first use the diagnostic troubleshooting health module te enable command to enable health diagnostic troubleshooting for the MPLS TE module.

Examples

# Perform health diagnostic troubleshooting for the MPLS TE module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module te enable

[Sysname] diagnostic troubleshooting health module te

Show TE health events:

--------------------------------------------------------------------------------

Health event Detect time Description

--------------------------------------------------------------------------------

BSID_ALLOC_FAILED 2022-4-20 10:01:50 Tunnel 1 allocated

binding-sid label

15999 failed.

Table 12 Command output

Field	Description
Health event	Health event type. The value is BSID_ALLOC_FAILED, which indicates that the MPLS TE tunnel has failed to apply for a BSID.
Detect time	Time when the event was triggered.
Description	Description of the event.

Related commands

diagnostic troubleshooting health module te enable

diagnostic troubleshooting test te-tunnel establish-abnormal

Use diagnostic troubleshooting test te-tunnel establish-abnormal to perform diagnostic troubleshooting for MPLS TE tunnel setup failure events.

Syntax

diagnostic troubleshooting test te-tunnel establish-abnormal tunnel tunnel-id [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

tunnel tunnel-id: Specifies a tunnel ID.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 10 to 300 seconds. The default value is 120 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test te-tunnel establish-abnormal enable command to enable diagnostic troubleshooting for MPLS TE tunnel setup failure events.

With health diagnostic troubleshooting enabled and configuration completed for the MPLS TE module, the LDP module records MPLS TE tunnel setup failure events in the GOLD module for the GOLD module to perform diagnostic troubleshooting. Recording MPLS setup failure events consumes device resources and affects system performance. If you are not concerned about the running status of the MPLS TE module, you can disable diagnostic troubleshooting for MPLS TE tunnel setup failure events.

Examples

# Perform diagnostic troubleshooting for tunnel setup failure events of MPLS TE tunnel 1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test te-tunnel establish-abnormal enable

[Sysname] diagnostic troubleshooting test te-tunnel establish-abnormal tunnel 1

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait......................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

(M): Modify LSP

--------------------------------------------------------------------------------

Tunnel Name: Tunnel1

Ingress LSR ID: 1.1.1.1 Egress LSR ID: 3.3.3.3

LSP type : Main Detect time: 2022-4-20 10:01:50

Reason: RSVP not configured on interface GE2/0/1 with IP address 10.1.1.1 on LSR 1.1.1.1.

LSP type : Hot-standby Detect time: 2022-4-20 10:01:52

Reason: CSPF computation failed.

--------------------------------------------------------------------------------

Table 13 Command output

Field	Description
LSP type	LSP type. Options include: · Main. · Hot-standby. · (M)—LSP through MBB.
Detect Time	Time when the diagnostic troubleshooting result was obtained.
Reason	Reason for the MPLS TE tunnel setup failure: · Establish success. · The destination not configured. · The MPLS LSR-ID not configured. · The MPLS TE not configured. · The tunnel has been shut down. · LSPM isn't running. · SRM isn't running. · RSVP isn't running. · LSPM isn't running. · No out segment of the SR label. · Segment routing path compute failed. · Segment routing path verification failed. · Equal-cost backup LSP not supported. · Backup LSP is the same as main LSP. · SR path compute element not respond. · Backup LSP sharing the same SRLG with the main LSP. · Main and backup LSPs can't be equal-cost paths. · SR out segment is tunnel itself. · SR out segment is too deep. · Modify unchanged. · RSVP path compute failed. · RSVP not configured on interface GE2/0/1 of LSR 1.1.1.1. · RSVP signaling error(24,1) occurred on the LSR 1.1.1.1. · RSVP LSP can't be established with nextsid in explicit-path. · RSVP downstream is not responding. · RSVP busy. · Unreferenced to any static CRLSP or SRLSP. · Static CRLSP is down. · Static CRLSP busy. · LSP or tunnel BFD down. · Delegated tunnel without PCE update. · Minor memory-threshold. · Critical memory-threshold. · Unknown error. · Backup LSP is the same as main LSP.

Related commands

diagnostic troubleshooting test te-tunnel establish-abnormal enable

MPLS L2VPN diagnostic troubleshooting commands

diagnostic troubleshooting health module l2vpn

Use diagnostic troubleshooting health module l2vpn to perform heath diagnostic troubleshooting for the MPLS L2VPN module.

Syntax

diagnostic troubleshooting health module l2vpn

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to identify when the MPLS L2VPN module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

For this command to take effect, first use the diagnostic troubleshooting health module l2vpn enable command to enable health diagnostic troubleshooting for the MPLS L2VPN module.

Examples

# Perform health diagnostic troubleshooting for the MPLS L2VPN module.

<Sysname> system

[Sysname] diagnostic troubleshooting health module l2vpn enable

[Sysname] diagnostic troubleshooting health module l2vpn

Show L2VPN health events:

--------------------------------------------------------------------------------

Health event Detect time Description

LABEL_NOT_ALLOCATED 04-15 07:37:06 ESI failed to apply for the label.

(IfName=Vpna)

LABEL_NOT_ALLOCATED 04-15 07:37:06 Upwesi failed to apply for the

label.(VsiName=Vpna,PwId=200)

LABEL_NOT_ALLOCATED 04-15 07:37:06 EVPN VPLS failed to apply for the

label.(VsiName=Vpna)

LABEL_NOT_ALLOCATED 04-15 07:37:06 EVPN VPWS failed to apply for the

label.(XcgName=Xpna)

VN_EXCEED 04-15 07:38:16 Too many VNs.(

VsiName=Vpna,IpAaddr=1.1.1.1,PwId=200)

SRV6SID_NOT_ALLOCATED 04-15 07:38:16 SRv6 SID alloc failed.(VsiName=Vpna)

CONNECT_FAIL 04-15 07:38:16 The connection between l2vpn and l3vpn

failed. (ModeName=L3vpn)

AC_VIBRATE 04-15 07:38:16 AC flapping.(Minute=10,DataNum=20,

OscillationNum=30)

PW_VIBRATE 04-15 07:38:16 PW flapping.(Minute=10,DataNum=20,

OscillationNum=30)

COMMUNICATION_FAIL 04-15 07:38:16 RIB tunnel exception.(IpAddr=

10.1.1.2)

SMOOTH_SUCCESS 04-15 07:38:16 After l2vpn and ldp are smoothed,10 pwm

data are aged.(DataType=Ldp,Uismooth=10)

SMOOTH_EXCEED 04-15 07:38:16 L2vpn timed out for 60 minutes waiting for

ldp smooth end.(DataType=Ldp)

HA_RECOVER_FAIL 04-15 07:38:16 VSI vpna link ID HA recovery failed.

Table 14 Command output

Field	Description
Diag_Type	Health event type: · LABEL_NOT_ALLOCATED. · LINKID_NOT_ALLOCATED. · VN_EXCEED. · SRV6SID_NOT_ALLOCATED. · CONNECT_FAIL. · COMMUNICATION_FAIL. · HA_RECOVER_FAIL. · SMOOTH_EXCEED. · SMOOTH_SUCCESS. · PW_VIBRATE. · AC_VIBRATE.
Detect-Time	Time when the event was detected.
Description	Description of the event.

Related commands

diagnostic troubleshooting health module l2vpn enable

diagnostic troubleshooting test l2vpn-pw establish-abnormal

Use diagnostic troubleshooting test l2vpn-pw establish-abnormal to perform diagnostic troubleshooting for PW setup failure events.

Syntax

diagnostic troubleshooting test l2vpn-pw establish-abnormal { vsi vsi-name | xconnect-group-name group-name connection connection-name } peer ip-address pw-id pw-id

Views

System view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters.

xconnect-group-name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters.

connection connection-name: Specifies a cross-connect by its name, a case-sensitive string of 1 to 20 characters. The name cannot contain hyphens (-).

peer ip-address: Specifies a peer PE by its LSR ID.

pw-id pw-id: Specifies the PW ID in the range of 1 to 4294967295.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test l2vpn-pw establish-abnormal enable command to enable diagnostic troubleshooting for PW setup failure events.

With health diagnostic troubleshooting enabled and configuration completed for the MPLS L2VPN module, the MPLS L2VPN module records PW setup failure events in the GOLD module for the GOLD module to perform diagnostic troubleshooting.

Recording PW setup failure events consumes device resources and affects system performance. If you are not concerned about the running status of the MPLS L2VPN module, you can disable diagnostic troubleshooting for PW setup failure events.

Examples

# Perform diagnostic troubleshooting for setup events of the PW in the VSI with a name of vpna.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test l2vpn-pw establish-abnormal enable

[Sysname] diagnostic troubleshooting test l2vpn-pw establish-abnormal vsi vpna peer 1.1.1.9 pw-id 1

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait......................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

--------------------------------------------------------------------------------

Peer IP PW ID PW Type Reason(All need resolved)

1.1.1.9 1 vlan MTU not match

--------------------------------------------------------------------------------

Table 15 Command output

Field	Description
Peer IP	IP address of the peer PE.
PW Type	Data encapsulation type for the MPLS PW. Optional data encapsulation types for an MPLS PW include Ethernet and VLAN. This field displays a hyphen (-) if no data encapsulation type is specified for the MPLS PW.
Reason	Reason why the PW went down: · BFD session for PW down. · BGP RD was deleted. · BGP RD was empty. · Control word not match. · Encapsulation not match. · Label not allocated. · LDP interface parameter not match. · Local and remote LDP PWs have different TAIIs. · Non-existent remote LDP PW. · Local AC Down. · Local AC was non-existent. · Local LDP PW VN defect. · Local LDP PW was not sent mapping message. · Local VSI Down. · MTU not match. · Remote AC Down. · Remote LDP PW VN defect. · PW down after created. · Tunnel Down.

Related commands

diagnostic troubleshooting test l2vpn-pw establish-abnormal enable

diagnostic troubleshooting test l2vpn-pw flap

Use diagnostic troubleshooting test l2vpn-pw flap to perform diagnostic troubleshooting for PW down events.

Syntax

diagnostic troubleshooting test l2vpn-pw flap { vsi vsi-name | xconnect-group-name group-name connection connection-name } peer ip-address pw-id pw-id

Views

System view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters.

xconnect-group-name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters.

connection connection-name: Specifies a cross-connect by its name, a case-sensitive string of 1 to 20 characters. The name cannot contain hyphens (-).

peer ip-address: Specifies a peer PE by its LSR ID.

pw-id pw-id: Specifies the PW ID in the range of 1 to 4294967295.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test l2vpn-pw flap enable command to enable diagnostic troubleshooting for PW down events.

With health diagnostic troubleshooting enabled and configuration completed for the MPLS L2VPN module, the MPLS L2VPN module records PW down events in the GOLD module for the GOLD diagnostic perform diagnostic troubleshooting.

Recording PW down events consumes device resources and affects system performance. If you are not concerned about the running status of the MPLS L2VPN module, you can disable diagnostic troubleshooting for PW down events.

Examples

# Perform diagnostic troubleshooting for PW down events of the PW in the VSI with a name of vpna.

<Sysname> system

[Sysname] diagnostic troubleshooting test l2vpn-vsi-pw flap vsi vpna peer 1.1.1.9 pw-id 1

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait......................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

----------------------------------------------------------------------------------------Peer IP PW ID PW type State Change time Reason

1.1.1.9 1 vlan Down->Up 2018/08/01 07:33:22 Tunnel Up

1.1.1.9 1 vlan Up->Down 2018/08/01 07:29:58 Tunnel Down

Table 16 Command output

Field	Description
Peer IP	IP address of the peer PE.
PW ID	ID of the PW.
PW type	Data encapsulation type for the MPLS PW. Optional data encapsulation types for an MPLS PW include Ethernet, VLAN, and Unknown. This field displays a hyphen (-) if no data encapsulation type is specified for the MPLS PW.
State	State change of the PW.
Change time	Time when the PW state changed.
Reason	Reason why the PW went down: · BFD session for PW down. · BGP RD was deleted. · BGP RD was empty. · Control word not match. · Encapsulation not match. · Label not allocated. · LDP interface parameter not match. · Local and remote LDP PWs have different TAIIs. · Non-existent remote LDP PW. · Local AC Down. · Local AC was non-existent. · Local LDP PW VN defect. · Local LDP PW was not sent mapping message. · Local VSI Down. · MTU not match. · Remote AC Down. · Remote LDP PW VN defect. · PW down after created. · Tunnel Down.

Related commands

diagnostic troubleshooting test l2vpn-pw flap enable

Ping diagnostic troubleshooting commands

diagnostic troubleshooting test ping failed-reason

Use diagnostic troubleshooting test ping failed-reason to perform diagnostic troubleshooting for ping failure events.

Syntax

diagnostic troubleshooting test ping failed-reason [ -a source-ip | -f | -i interface-type interface-number | -s packet-size | -t timeout ] [ vpn-instance vpn-instance-name ] { ip-address ipv4-address | ipv6-address ipv6-address }

Views

System view

Predefined user roles

network-admin

Parameters

-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.

-f: Sets the "Don’t Fragment" bit in the IP header.

-i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests.

-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 9600, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it determines that the ICMP echo reply has timed out.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

ip-address ipv4-address: Specifies IPv4 trap packets by its destination IPv4 address.

ipv6-address ipv6-address: Specifies IPv6 trap packets by its destination IPv6 address.

Usage guidelines

Operating mechanism

When you execute this command, the device uses the parameters specified from the CLI to ping a specific IP address and displays the ping result. If the ping operation fails, the device displays the failure reason to help you locate the issue.

For more information about the ping utility, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test ping failed-reason enable command to enable diagnostic troubleshooting for ping failure events (enabled by default).

Examples

# Perform diagnostic troubleshooting for the ping operation to the destination at 2.1.1.1. The outgoing interface is Gigabitethernet 1/0/1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test ping fail-reason –i gigabitethernet 1/0/1 ip 2.1.1.1

Diagnosis report:

Ping failed.

Failure reason: An incorrect outgoing interface was specified.

# Perform diagnostic troubleshooting for the ping operation to the destination at 1.1.1.1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test ping fail-reason ip-address 1.1.1.1

Diagnosis report:

Ping succeeded.

Table 17 Command output

Field	Description
Diagnosis report	Diagnosis report
Failure reason	For the failure reason, see Table 18.

Table 18 Ping failure reason description

Field
The link transmission delay is too long.
The ping packet is too large and discarded.
An incorrect outgoing interface was specified.
No reachable routes exist between the source and destination IPs.
The specified destination VPN is incorrect.
No APR entry to the destination exists.
No FIB entry to the destination exists.
ICMP packets are discarded due to ICMP attack defense.
Unknown reason.

Related commands

diagnostic troubleshooting enable

SNMP diagnostic troubleshooting commands

diagnostic troubleshooting test snmp-agent packet-process-failure

Use diagnostic troubleshooting test snmp-agent packet-process-failure to perform diagnostic troubleshooting for SNMP packet processing failure events.

Syntax

diagnostic troubleshooting test snmp-agent packet-process-failure [ ip-address ipv4-address | ipv6-address ipv6-address ] [ vpn-instance vpn-instance-name ] [ diagnose-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

ip-address ipv4-address: Specifies an IPv4 address. For received SNMP packets, this address is used to filter SNMP source addresses. For sent SNMP packets, this address is used to filter SNMP destination addresses.

ipv6-address ipv6-address: Specifies an IPv6 address. For received SNMP packets, this address is used to filter SNMP source addresses. For sent SNMP packets, this address is used to filter SNMP destination addresses.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 60 to 1800 seconds. The default value is 300 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

Operating mechanism

When you execute this command, the device records SNMP packet sending and receiving failure events within the diagnostic troubleshooting period. When the period is reached, the device displays the events for you to locate the issue.

For more information about configuring SNMP, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test snmp-agent packet-process-failure enable command to enable diagnostic troubleshooting for SNMP packet processing failure events (enabled by default).

Examples

# Perform diagnostic troubleshooting for SNMP packet processing failure events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test snmp-agent packet-process-failure ip-address 1.1.1.1

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait.....................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

SNMP global statistics

SNMP packets received: 4

SNMP packets sent: 4

Receiving failure detailed information:

RecvTime : 2022-06-07, 15:20:38:230

ReqID : 0

SourceIP/VPN : 10.1.1.1/--

Verison/PDU type: v3/--

FailReason : Unknown user name.

Solution : Please check the corresponding configuration.

RecvTime : 2022-06-07, 15:20:38:230

ReqID : 0

SourceIP/VPN : 10.1.1.1/--

Verison/PDU type: v3/--

FailReason : Unknown username.

Solution : Please check the corresponding configuration.

RecvTime : 2022-06-07, 15:20:38:230

ReqID : 0

SourceIP/VPN : 10.1.1.1/--

Verison/PDU type: v3/--

FailReason : Unknown username.

Solution : Please check the corresponding configuration.

Sending failure detailed information:

SendTime : 2022-06-10, 19:30:35:288

ReqID : 1683

DestIP/VPN : 10.1.1.15/vpn1

Verison/PDU type : v3/--

FailReason : SNMP PDUs had OuttooBig error-status.

Solution : Please check the corresponding configuration.

SendTime : 2022-06-10, 19:30:35:288

ReqID : 1683

DestIP/VPN : 10.1.1.15/vpn1

Verison/PDU type : v3/--

FailReason : SNMP PDUs had OuttooBig error-status.

Solution : Please check the corresponding configuration.

Table 19 Command output

Field	Description
RecvTime	Time when the SNMP packets were received.
SendTime	Time when the SNMP packets were sent.
ReqID	Request ID carried in the SNMP packets.
SourceIP/VPN	Source IP address and VPN information in the received SNMP packets.
DestIP/VPN	Destination IP address and VPN information in the sent SNMP packets.
FailReason	For the failure reason, see Table 20.
Solution	Solution for the failure. The value is Please check the corresponding configuration.

Table 20 SNMP packet processing failure reason

Field
Unknown securitymodel
Invalid messages
Unknown PDU handlers
Unsupported security level
Message is not in the time window
Unknown username
Unknown engine IDs
Wrong digests
Decryption error
Unsupported version
ASN.1 or BER errors in the process of decoding
Unknown SNMP community name
Operation not supported by the community
SNMP PDUs had an IntooBig error
SNMP PDUs had an InnoSuchName error
SNMP PDUs had an InBadValue error
SNMP PDUs had an IngenErr error
SNMP PDUs had an OuttooBig erro
SNMP PDUs had an OutnoSuchName error
SNMP PDUs had an OutBadValue error
SNMP PDUs had an OutgenErr error
Alternate response class PDUs dropped silently
Forwarded confirmed class PDUs dropped silently
Unavailable contexts
Unknown contexts

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test snmp-agent packet-process-time

Use diagnostic troubleshooting test snmp-agent packet-process-time to perform diagnostic troubleshooting for long SNMP packet processing duration events.

Syntax

diagnostic troubleshooting test snmp-agent packet-process-time [ ip-address ipv4-address | ipv6-address ipv6-address ] [ vpn-instance vpn-instance-name ] [ diagnose-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

ip-address ipv4-address: Specifies the source IPv4 address in the received IPv4 SNMP packets.

ipv6-address ipv6-address: Specifies the source IPv6 address in the received IPv6 SNMP packets.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

Usage guidelines

Operating mechanism

When you execute this command, the device records SNMP packet processing durations within the diagnostic troubleshooting period. When the period is reached, the device displays the durations for you to locate the issue.

For more information about configuring SNMP, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test snmp-agent packet-process-time enable command to enable diagnostic troubleshooting for long SNMP packet processing duration events (enabled by default).

Examples

# Perform diagnostic troubleshooting for long SNMP packet processing duration events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting snmp-agent packet-process-time

Started at: 2022-06-29 07:08:38, estimated duration: 30 seconds.

Please wait......................

Ended at: 2022-06-29 07:09:08, actual duration: 30 seconds.

Diagnosis report:

SNMP global statistics

SNMP packets received : 2

RecvTime : 2022-06-08, 09:07:20:568

ReqID : 1121

SourceIP/VPN : 10.1.1.1/-

Version/PDU type: v2c/get-next

SNMPTime (ms) : 0

APPTime (ms) : 0

TotalTime (ms) : 0

VBNum : 3

VB : sysUpTime.0(1.3.6.1.2.1.1.3.0)=1008561, sysName.0(1.3.6.1.2.1.1.5.0)=Sysname, sysServices.0(1.3.6.1.2.1.1.7.0)=86

RecvTime : 2022-06-08, 10:25:20:568

ReqID : 1650

SourceIP/VPN : 10.1.1.5/-

Version/PDU type: v1/get-next

SnmpTime(ms) : 0

AppTime(ms) : 0

TotalTime(ms) : 0

VBNum : 3

VB : sysUpTime.0(1.3.6.1.2.1.1.3.0)=100881, sysName.0(1.3.6.1.2.1.1.5.0)=Sysname, sysServices.0(1.3.6.1.2.1.1.7.0)=65

Table 21 Command output

Field	Description
RecvTime	Time when the SNMP packets were received.
ReqID	Request ID carried in the SNMP packets.
SNMPTime (ms)	Packet processing duration for the SNMP plug-in, in milliseconds.
APPTime (ms)	Packet processing duration for the SNMP process, in milliseconds.
TotalTime (ms)	Total packet processing duration, in milliseconds.
VBNum	Number of variable bindings in the SNMP packets.
VB	Variable binding information. A maximum of eight entries can be displayed.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test snmp-agent trap-send-failure

Use diagnostic troubleshooting test snmp-agent trap-send-failure to perform diagnostic troubleshooting for SNMP notification sending failure events.

Syntax

diagnostic troubleshooting test snmp-agent trap-send-failure [ ip-address ipv4-address | ipv6-address ipv6-address ]

Views

System view

Predefined user roles

network-admin

Parameters

ip-address ipv4-address: Specifies IPv4 notification packets by its destination IPv4 address.

ipv6-address ipv6-address: Specifies IPv6 notification packets by its destination IPv6 address.

Usage guidelines

Operating mechanism

With diagnostic troubleshooting for SNMP notification sending failure events enabled, the device records the relevant information in the GOLD module. When you perform diagnostic troubleshooting for SNMP notification sending failure events, the device displays the information to help you locate the issue.

For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test snmp-agent trap-send-failure enable command to enable diagnostic troubleshooting for SNMP notification sending failure events (enabled by default).

Examples

# Perform diagnostic troubleshooting for SNMP notification sending failure events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test snmp-agent trap-send-failure

Trap name: coldStart

Target host:

Host 1:

IP address : 192.168.1.1

SendTime : 2022-06-08 15:50:31:296

SecurityName : abc

Version : v3

VBNum : 2

VB : sysUpTime.0=286976,snmpTrapOID.0=1.3.6.1.6.3.1.1.5.1

Host 2:

IP address : 192.168.1.35

SendTime : 2022-06-08 15:55:32:368

SecurityName : def

Version : v2c

VBNum : 2

VB : sysUpTime.0=365898, snmpTrapOID.0=1.3.6.1.6.3.1.1.5.1

Trap name : warmStart

Target host:

Host 1:

IP address : 192.168.1.1

SendTime : 2022-06-08 15:55:36:259

SecurityName : abc

Version : v2c

VBNum : 2

VB : sysUpTime.0=687682, snmpTrapOID.0=1.3.6.1.6.3.1.1.5.2

Host 2:

IP address : 192.168.1.35

SendTime : 2022-06-08 16:15:12:566

SecurityName : def

Version : v3

VBNum : 2

VB : sysUpTime.0=351528, snmpTrapOID.0=1.3.6.1.6.3.1.1.5.2

Table 22 Command output

Field	Description
VBNum	Number of variable bindings in the SNMP packets.
VB	Variable binding information. A maximum of eight entries can be displayed.

Related commands

diagnostic troubleshooting enable

BGP diagnostic troubleshooting commands

diagnostic troubleshooting health module bgp

Use diagnostic troubleshooting health module bgp to perform health diagnostic troubleshooting for the BGP module.

Syntax

diagnostic troubleshooting health module bgp

Views

System view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting health module bgp enable command to enable health diagnostic troubleshooting for the BGP module.

Use this command to identify whether the BGP module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

The system can perform health diagnostic troubleshooting for one module at a time.

Examples

# Perform health diagnostic troubleshooting for the BGP module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module bgp

Start diagnose at 2022-11-21 08:08:44

please wait.Done.

End diagnose at 2022-11-21 08:08:45,Actual time:1 seconds.

PADS_Type Time Reason

OPEN_ERROR 01-27 20:23:30 wrong AS number(Instance=bgp1, peer=1.1.1.1, VPN

instance=vpn1)

HEADER_ERROR 01-27 20:23:30 bad message length(Instance=bgp1, peer=2.1.1.1,

VPN instance=vpn1)

Table 23 Command output

Field	Description
PADS_Type	Error type: · HEADER_ERROR. · OPEN_ERROR. · UPDATE_ERROR. · FSM_ERROR. · SESSION_CEASE.
Time	Time when health diagnostic troubleshooting information was recorded.
Reason	Reason for the unhealthy event and information about the BGP sessions that trigged the event. The session format is Instance=instance, peer=peer, VPN instance=instance-name. instance represents the BGP instance to which the BGP session belongs. peer represents the peer IP address. Instance-name represents the VPN instance to which the BGP session belongs. When the BGP session is on the public network, instance-name is empty. Reasons include the following: · Reason corresponding to the HEADER_ERROR unhealthy type: ¡ invalid Marker field: The value for the Marker field in the BGP header is not all Fs. ¡ bad message length. ¡ bad message type. · Reason corresponding to the OPEN_ERROR unhealthy type: ¡ version unsupported. ¡ wrong AS number. ¡ BGP identifier conflicted. ¡ unsupported optional parameter. ¡ authentication failure. ¡ unacceptable hold time. ¡ unsupported capability type. · Reason corresponding to the UPDATE_ERROR unhealthy type: ¡ malformed attribute list. ¡ unrecognized well known attribute. ¡ well known attribute missing. ¡ attribute flags error. ¡ attribute length error. ¡ invalid NEXT HOP Attribute. ¡ optional attribute error. ¡ invalid destination network. ¡ malformed AS path attribute. · Reason corresponding to the FSM_ERROR unhealthy type: ¡ receive unexpected message in OpenSent state. ¡ receive unexpected message in OpenConfirm state. ¡ receive unexpected message in Established state. · Reason corresponding to the SESSION_CEASE unhealthy type: ¡ maximum number of prefixes reached. ¡ administrative shutdown. ¡ address family deleted. ¡ administrative reset. ¡ connection rejected. ¡ other configuration change. ¡ connection collision resolution. ¡ insufficient of resources.

Related commands

diagnostic troubleshooting health enable

diagnostic troubleshooting test establish-abnormal bgp

Use diagnostic troubleshooting test establish-abnormal bgp to perform diagnostic troubleshooting for BGP session setup failure events in a BGP instance.

Syntax

diagnostic troubleshooting test establish-abnormal bgp [ instance instance-name ] [ vpn-instance vpn-instance-name ]

Views

System view

Predefined user roles

network-admin

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command performs diagnostic troubleshooting for BGP session setup failure events in the default BGP instance.

vpn-instance vpn- instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command performs diagnostic troubleshooting for BGP session setup failure events on the public network.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test establish-abnormal bgp enable command to enable diagnostic troubleshooting for BGP session setup failure events (enabled by default).

With diagnostic troubleshooting for BGP session setup failure events enabled, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

For more information about GOLD, see Network Management and Monitoring Configuration Guide.

When the system is performing diagnostic troubleshooting for an event, do not start diagnostic troubleshooting for any other events.

Examples

# Perform diagnostic troubleshooting for BGP session setup failure events in the default BGP instance.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test peer-establish-abnormal bgp

Start diagnose at 2022-11-21 08:08:44

please wait.Done.

End diagnose at 2022-11-21 08:08:45,Actual time:1 seconds.

BGP local router ID: 10.1.1.1

IPv4-family for VPN instance vpn1:

Peer Time State Reason

1.1.1.1 01-27 20:23:30 OpenConfirm memory threshold was reached

2.1.1.1 01-27 20:23:30 OpenConfirm bad message head

Table 24 Command output

Field	Description
Time	Time when the BGP session setup failure occurred.
State	State of the BGP session when the BGP session setup failure occurred.
Reason	BGP session setup failure reason: · router ID missing. · memory threshold was reached. · peer limit was reached. · peer not exist. · direct EBGP session source interface check failed. · source interface update failed upon TCP reconnection. · TCP connection-socket bind failed. · TCP connection failed. · TCP connection info not exist. · send buffer full. · bad message head. · bad message length. · bad message type. · received messages not matching the FSM state. · inconsistent BGP version or holdtime. · failed to parse optional parameters in open message. · not enabled peer in correct address family. · inconsistent AS number. · conflicting router id. · keepalive message sending failed. · failed to obtain TCP connection info in openconfirm state. · failed to create keepalive timer.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test flap bgp

Use diagnostic troubleshooting test flap bgp to perform diagnostic troubleshooting for BGP session down events in a BGP instance.

Syntax

diagnostic troubleshooting test flap bgp [ instance instance-name ] [ vpn-instance vpn-instance-name ]

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command performs diagnostic troubleshooting for BGP session down events on the public network.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test flap bgp enable command to enable diagnostic troubleshooting for BGP session down events (enabled by default).

With diagnostic troubleshooting for BGP session down events enabled, the device records the session down information in the memory of the GOLD module automatically. When you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

For more information about GOLD, see Network Management and Monitoring Configuration Guide.

When the system is performing diagnostic troubleshooting for an event, do not start diagnostic troubleshooting for any other events.

Examples

# Perform diagnostic troubleshooting for BGP session down events in the default BGP instance.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test flap bgp

Start diagnose at 2022-11-21 08:08:44

please wait.Done.

End diagnose at 2022-11-21 08:08:45,Actual time:1 seconds.

BGP local router ID: 10.1.1.1

IPv4-family for VPN instance vpn1:

Peer Time State Reason

1.1.1.1 01-27 20:23:30 Established->Idle address family deleted

Table 25 Command output

Field	Description
Time	Time when the BGP session went down.
State	State change of the BGP session after it went down.
Reason	Reason why the BGP session went down: · connection not synchronized. · bad message length. · bad message type. · withdrawn message too long. · route attribute length too long. · route attribute appears multiple times. · route attribute length field shorter than 2 bytes. · extended attribute length field shorter than 2 bytes. · attribute length field shorter than 1 byte. · link-state attribute error. · unrecognized well-known attribute. · attribute-type attribute missed: ¡ ORIGIN. ¡ AS_PATH. ¡ LOCAL_PREF. ¡ NEXT_HOP. · attribute flags error. · attribute-type attribute length error: ¡ AS_PATH. ¡ AS4_PATH. ¡ CLUSTER_LIST. ¡ AGGREGATOR. ¡ AS4_AGGREGATOR. ¡ ORIGIN. ¡ NEXT_HOP. ¡ MED. ¡ LOCAL_PREF. ¡ ATOMIC_AGGREGATE. ¡ ORIGINATOR_ID. ¡ MP_REACH_NLRI. ¡ COMMUNITY. ¡ EXT-COMMUNITY. · attribute length exceeded the limit. · invalid ORIGIN attribute. · invalid NEXT_HOP attribute. · invalid next hop length in MP_REACH_NLRI (address-family): ¡ 4U—IPv4 unicast address family. ¡ MPLS. ¡ VPNv4. ¡ 6U—IPv6 unicast address family. ¡ VPNv6. ¡ L2VPN. · the length of MP_UNREACH_NLRI attribute is less than 3 bytes. · the length of MP_REACH_NLRI or MP_UNREACH_NLRI attribute exceeds the limit · erroneous MP_REACH_NLRI or MP_UNREACH_NLRI attribute end position. · invalid network field. · malformed AS_PATH. · hold timer expiration caused by local device. · hold timer expiration caused by peer device. · connect retry timer expired. · TCP_CR_Acked event received. · TCP_Connection_Confirmed event received. · open message received. · manualstop event received. · physical interface configuration changed. · BFD session down event received. · physical interface configuration changed. · maximum number of prefixes reached. · maximum number of prefixes reached in address-family: The number of routes received from the peer exceeded the limit specified by the peer route-limit command. address-family represents the address family name. Options include: ¡ IPv4 unicast. ¡ IPv6 unicast. ¡ VPNv4. ¡ VPNv6. ¡ The peer is configured with the peer ignore command. · address family deleted. · peer disabled. · administrative reset. · connection rejected. · other configuration change. · connection collision resolution. · two connections exist and one uses MD5. · no memory to parse the attribute. · no memory for the route. · no memory to generate unreachable NLRI. · no memory for message encapsulation. · can’t get the VPN RD. · can’t get the VPN routing table. · can’t get the attributes. · entered severe memory state. · entered critical memory state.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test peer-establish-abnormal bgp

Use diagnostic troubleshooting test peer-establish-abnormal bgp to perform diagnostic troubleshooting for BGP session setup failure events.

Syntax

diagnostic troubleshooting test peer-establish-abnormal bgp [ instance instance-name ] [ vpn-instance vpn-instance-name ] peer { ip-address ipv4-address | ipv6-address ipv6-address } [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

peer ip-address ipv4-address: Specifies a BGP peer by its IPv4 address.

peer ipv6-address ipv6-address: Specifies a BGP peer by its IPv6 address.

diagnostic-time diagnostic-time: Specifies the estimated duration of diagnostic troubleshooting, in the range of 1 to 60 seconds. The default value is 30 seconds. The actual duration might be different, but will not be higher than 2 × diagnostic-time.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test peer-establish-abnormal bgp enable command to enable diagnostic troubleshooting for BGP session setup failure events (enabled by default).

When you execute this command, the device tries to re-establish a BGP session with a BGP peer before the diagnostic troubleshooting period times out and displays the diagnostic troubleshooting information to help you locate the failure reason.

The system can perform diagnostic troubleshooting for one type of event at a time.

Examples

# Perform diagnostic troubleshooting for BGP session setup failure events of the BGP peer at 1.1.1.1 in the default BGP instance.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test peer-establish-abnormal bgp peer ip-address 1.1.1.1 diagnostic-time 20

Start diagnose at 2022-11-21 08:08:44, Estimated time:20 seconds.

please wait.....................Done.

End diagnose at 2022-11-21 08:09:05,Actual time:21 seconds.

Diagnosis report:

BGP local router ID: 10.1.1.1

IPv4-family for VPN instance vpn1:

Peer Time State Reason

1.1.1.1 01-27 20:23:30 OpenConfirm memory threshold was reached

Table 26 Command output

Field	Description
Time	Time when the BGP session setup failure occurred.
State	State of the BGP session when the BGP session setup failure occurred.
Reason	BGP session setup failure reason: · router ID missing. · memory threshold was reached. · peer limit was reached. · session not exist. · direct EBGP session source interface check failed. · source interface update failed upon TCP reconnection. · TCP connection-socket bind failed. · TCP connection failed. · TCP connection info not exist. · send buffer full. · bad message head. · bad message length. · bad message type. · received messages not matching the FSM state. · inconsistent BGP version or holdtime. · failed to parse optional parameters in open message. · not enabled peer in correct address family. · inconsistent AS number. · conflicting router id. · keepalive message sending failed. · failed to obtain TCP connection info in openconfirm state. · failed to create keepalive timer.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test peer-flap bgp

Use diagnostic troubleshooting test peer-flap bgp to perform diagnostic troubleshooting for session down events of sessions to a BGP peer.

Syntax

diagnostic troubleshooting test peer-flap bgp [ instance instance-name ] [ vpn-instance vpn-instance-name ] peer { ip-address ipv4-address | ipv6-address ipv6-address }

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command performs diagnostic troubleshooting for BGP session down events on the public network.

peer ip-address ipv4-address: Specifies a BGP peer by its IPv4 address.

peer ipv6-address ipv6-address: Specifies a BGP peer by its IPv6 address.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test peer-flap bgp enable command to enable diagnostic troubleshooting for BGP session down events (enabled by default).

For more information about GOLD, see Network Management and Monitoring Configuration Guide.

The system can perform diagnostic troubleshooting for one type of event at a time.

Examples

# Perform diagnostic troubleshooting for BGP session down events in the default BGP instance.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test peer-flap bgp peer ip-address 1.1.1.1

Start diagnose at 2022-11-21 08:08:44

please wait.Done.

End diagnose at 2022-11-21 08:08:45,Actual time:1 seconds.

BGP local router ID: 10.1.1.1

IPv4-family for VPN instance vpn1:

Peer Time State Reason

1.1.1.1 01-27 20:23:30 Established->Idle address family deleted

Table 27 Command output

Field	Description
Time	Time when the BGP session went down.
State	State change of the BGP session when the BGP session went down.
Reason	Reason why the BGP session went down: · connection not synchronized. · bad message length. · bad message type. · withdrawn message too long. · route attribute length too long. · route attribute appears multiple times. · route attribute length field shorter than 2 bytes. · extended attribute length field shorter than 2 bytes. · attribute length field shorter than 1 byte. · link-state attribute error. · unrecognized well-known attribute. · attribute-type attribute missed: ¡ ORIGIN. ¡ AS_PATH. ¡ LOCAL_PREF. ¡ NEXT_HOP. · attribute flags error. · attribute-type attribute length error: ¡ AS_PATH. ¡ AS4_PATH. ¡ CLUSTER_LIST. ¡ AGGREGATOR. ¡ AS4_AGGREGATOR. ¡ ORIGIN. ¡ NEXT_HOP. ¡ MED. ¡ LOCAL_PREF. ¡ ATOMIC_AGGREGATE. ¡ ORIGINATOR_ID. ¡ MP_REACH_NLRI. ¡ COMMUNITY. ¡ EXT-COMMUNITY. · attribute length exceeded the limit. · invalid ORIGIN attribute. · invalid NEXT_HOP attribute. · invalid next hop length in MP_REACH_NLRI (address-family): ¡ 4U—IPv4 unicast address family. ¡ MPLS. ¡ VPNv4. ¡ 6U—IPv6 unicast address family. ¡ VPNv6. ¡ L2VPN. · the length of MP_UNREACH_NLRI attribute is less than 3 bytes. · the length of MP_REACH_NLRI or MP_UNREACH_NLRI attribute exceeds the limit. · erroneous MP_REACH_NLRI or MP_UNREACH_NLRI attribute end position. · invalid network field. · malformed AS_PATH. · hold timer expiration caused by local device. · hold timer expiration caused by peer device. · connect retry timer expired. · TCP_CR_Acked event received. · TCP_Connection_Confirmed event received. · open message received. · manualstop event received. · physical interface configuration changed. · BFD session down event received. · physical interface configuration changed. · maximum number of prefixes reached. · maximum number of prefixes reached in address-family: The number of routes received from the peer exceeded the limit specified by the peer route-limit command. address-family represents the address family name. Options include: ¡ IPv4 unicast. ¡ IPv6 unicast. ¡ VPNv4. ¡ VPNv6. ¡ The peer is configured with the peer ignore command. · address family deleted. · peer disabled. · administrative reset. · connection rejected. · other configuration change. · connection collision resolution. · two connections exist and one uses MD5. · no memory to parse the attribute. · no memory for the route. · no memory to generate unreachable NLRI. · no memory for message encapsulation. · can’t get the VPN RD. · can’t get the VPN routing table. · can’t get the attributes. · entered severe memory state. · entered critical memory state.

Related commands

diagnostic troubleshooting enable

DHCP diagnostic troubleshooting commands

diagnostic troubleshooting health module dhcp

Use diagnostic troubleshooting health module dhcp to enable health diagnostic troubleshooting for the DHCP module.

Syntax

diagnostic troubleshooting health module dhcp

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to identify whether the DHCP module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting health module dhcp enable command to enable health diagnostic troubleshooting for the DHCP module. By default, health diagnostic troubleshooting is enabled for the DHCP module.

Examples

# Perform health diagnostic troubleshooting for the DHCP module.

<Sysname> system

[Sysname] diagnostic troubleshooting health module dhcp enable

[Sysname] diagnostic troubleshooting health module dhcp

Start diagnose at 2022-12-08 10:34:40

please wait.Done.

End diagnose at 2022-12-08 10:34:41,Actual time:1 seconds.

Last system health for dhcp:

DHCP Health Records

PADS Type Detection Time Description

DHCP_CFG_ERR 11-12 06:40:56 No server configured for the relay.

Table 28 Command output

Field	Description
PADS Type	Health type. Options include: · DHCP_CFG_ERR · DHCP_PKT_DROP · DHCP_TBL_EXCEED · DHCP_IP_CONFLICT · DHCP_CONN_ERR
Description	Description of the health event: · When the health type is DHCP_CFG_ERR, options include: ¡ No server configured for the relay ¡ No trusted ports configured for DHCP snooping ¡ No assignable network ¡ No free IP address ¡ DHCP disabled.(AccType=access-type) ¡ Discarded access message because of VPN mismatch.( module=access-module, pool's name=pool-name, pool's vpn=pool-vpn) ¡ Discarded access message because of invalid VPN name.( module=access-module, pool's name=pool-name, pool's vpn=pool-vpn) · When the health type is DHCP_PKT_DROP, options include: ¡ DHCP device discarded DHCP packets because no interface was found.( Client MAC=mac-address ) ¡ DHCP relay discarded DHCP packets because of VPN mismatch.( InterfaceVPN=vpn, PoolVPN=vpn, PoolName=pool-name ) ¡ DHCP server discarded DHCP packets because of VPN mismatch.( InterfaceVPN=vpn, PoolVPN=vpn, PoolName =pool-name ) ¡ DHCP relay discarded DHCP packets because of option acquisition failure ¡ DHCP relay discarded DHCP packets because VSRP state was not UP ¡ DHCP relay discarded DHCP packets because of invalid message type. ¡ DHCP relay discarded DHCP packets because of invalid MAC. ¡ DHCP relay discarded DHCP packets because of hop limit exceeding.( Hops=hops, MaxHops=max-hops ) ¡ DHCP relay discarded DHCP packets because the authorized address pool does not exist ¡ DHCP relay discarded DHCP packets because no server IP is configured( PoolName=pool-name, PoolVPN=pool-vpn) ¡ DHCP relay discarded DHCP packets because no giaddr is configured( PoolName=pool-name, PoolVPN=pool-vpn) ¡ DHCP relay discarded a DHCP packet because the packet was sent by itself ¡ DHCP relay discarded DHCP packets according to the Option 82 policy ¡ DHCP client discarded DHCP packets because of invalid FSM.( ClientMode=mode, FSM-State=FiniteStateMachine-state) ¡ DHCP client discarded DHCP packets because of XID mismatch.( ClientMode=mode, ClientXID=client-xid, PacketXID=packet-xid ) ¡ DHCP client discarded DHCP packets because of incorrect MAC.( ClientMode=mode, HardwareAddrType=hardware-address-type, HardwareAddrLen=hardware-address-length ) ¡ DHCP client discarded DHCP packets because of too short lease time.( ClientMode=mode, LeaseTime=lease-time, LeaseTimeMIN=lease-time-minimum ) ¡ DHCP client discarded DHCP packets because of invalid server IP.( Client's server ip=client-serverip, packet's server ip=packet-serverip ) ¡ DHCP client discarded DHCP packets because of destination MAC mismatch.( ClientMode=mode, IfMAC ieemimetion=interface-mac-address ) ¡ DHCP client discarded DHCP packets because of invalid message type. ¡ DHCP snooping discarded DHCP packets because of MAC mismatch ¡ DHCP snooping discarded DHCP packets because of giaddr mismatch ¡ DHCP snooping discarded DHCP packets because DHCP-REQUEST check failed ¡ DHCP snooping discarded DHCP packets because of mismatch between the port and VLAN ¡ DHCP snooping discarded DHCP packets because the input and output ports are the same ¡ DHCP snooping discarded DHCP packet because the input port is not trusted. ¡ DHCP snooping discarded DHCP packets because the input and output ports are same ¡ DHCP snooping discarded reply packet because of VLAN mismatch between the port and packets. ¡ DHCP server discarded BOOTP packets because of dhcp server bootp ignore is configured.( OP=operation ) ¡ DHCP server discarded DHCP packets because of invalid message type.( MessageType=message-type ) ¡ DHCP server discarded DHCP packets because of no matching network ¡ DHCP server discarded DHCP packets because of mismatch between lease interface and input interface.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface ) ¡ DHCP server discarded DHCP packets because allocate-new-ip is configured and user is online.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface ) ¡ DHCP server discarded DHCP packets because of option acquisition failure ¡ DHCP server discarded DHCP packets because the address pool does not exist. ¡ DHCP server discarded DHCP packets because of invalid user class. ¡ DHCP server discarded DHCP packets because lease initialization failed ¡ DHCP server discarded DHCP packets because it failed to find a matching lease.( RequestType=request-type, IP=ip-address ). ¡ DHCP server discarded DHCP packets because of mismatch between lease interface and source interface.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface ) ¡ DHCP server discarded DHCP packets because of SID mismatch. ¡ DHCP server received invalid DHCP packets because of invalid request-ip option. ¡ DHCP server discarded DHCP packets because of invalid request-ip option. ¡ DHCP server discarded DHCP packets because of memory alert ¡ DHCP server discarded DHCP packets because lease info recovery from backup file. ¡ DHCP server discarded DHCP packets because MAC check failed. ¡ DHCP server discarded DHCP packets because of incorrect policy configuration.( DHCPPolicy=policy-name ). ¡ Discarded access module message because of invalid address pool info.( PoolName=pool-name, AccType=access-type ) ¡ Discarded access module message because of VPN mismatch.( PoolName=pool-name, AccType=access-type, PoolVPN=pool-vpn ) ¡ Discarded access module message because lease initialization failed.( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn ) ¡ Discarded access module message because of no free ip. ( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn ) ¡ DHCP server discarded access module message because of incorrect gateway configuration. ( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn ) ¡ DHCP server discarded access module message because of unknown user type · When the health type is DHCP_TBL_EXCEED, options include: ¡ The number of DHCP snooping entries exceeded the threshold ¡ The number of DHCP relay agent entries exceeded the threshold · When the health type is DHCP_IP_CONFLICT, options include: ¡ The DHCP client detected an IP conflict ¡ The DHCP server detected an IP conflict.( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn, IP=ip-addres s) ¡ DHCP snooping deleted the old user entry because another MAC has the same IP.( OldUserMAC=mac-address ) · When the health type is DHCP_CONN_ERR, options include: ¡ DHCP client failed to allocate memory for new lease ¡ DHCP client failed to allocate memory for new packet received ¡ DHCP client failed to send packets.( ClientMode=mode ) ¡ DHCP client failed to create packet resend timer.( ClientMode=mode ) ¡ DHCP client failed to make option ¡ DHCP relay failed to create client entry ¡ DHCP relay failed to strip option 82 from the packet ¡ DHCP relay failed to insert option 82 into the packet ¡ DHCP relay failed to allocate memory for packet sending ¡ DHCP relay failed to allocate memory for reply packets ¡ DHCP relay failed to forward packets to server ¡ DHCP relay failed to forward packets to client. ¡ The memory usage of the DHCP server or relay reached the threshold ¡ The memory usage of the DHCP relay reached the threshold ¡ The memory usage of the DHCP snooping reached the threshold ¡ DHCP snooping discarded packets because the option 82 policy is drop ¡ DHCP snooping failed to process option 61 ¡ DHCP snooping failed to forward request packets to server ¡ DHCP snooping failed to send reply packets to client ¡ DHCP server failed to send packets to client ¡ The memory usage of DHCP snooping reached the threshold ¡ DHCP snooping received replies from untrusted port ¡ DHCP snooping failed to create and pull MBUF ¡ VSRP configuration changed ¡ Failed to release IP because the lease was not found: IP=ip-address

Field

Description

PADS Type

Health type. Options include:

· DHCP_CFG_ERR

· DHCP_PKT_DROP

· DHCP_TBL_EXCEED

· DHCP_IP_CONFLICT

· DHCP_CONN_ERR

Description

Description of the health event:

· When the health type is DHCP_CFG_ERR, options include:

¡ No server configured for the relay

¡ No trusted ports configured for DHCP snooping

¡ No assignable network

¡ No free IP address

¡ DHCP disabled.(AccType=access-type)

¡ Discarded access message because of VPN mismatch.( module=access-module, pool's name=pool-name, pool's vpn=pool-vpn)

¡ Discarded access message because of invalid VPN name.( module=access-module, pool's name=pool-name, pool's vpn=pool-vpn)

· When the health type is DHCP_PKT_DROP, options include:

¡ DHCP device discarded DHCP packets because no interface was found.( Client MAC=mac-address )

¡ DHCP relay discarded DHCP packets because of VPN mismatch.( InterfaceVPN=vpn, PoolVPN=vpn, PoolName=pool-name )

¡ DHCP server discarded DHCP packets because of VPN mismatch.( InterfaceVPN=vpn, PoolVPN=vpn, PoolName =pool-name )

¡ DHCP relay discarded DHCP packets because of option acquisition failure

¡ DHCP relay discarded DHCP packets because VSRP state was not UP

¡ DHCP relay discarded DHCP packets because of invalid message type.

¡ DHCP relay discarded DHCP packets because of invalid MAC.

¡ DHCP relay discarded DHCP packets because of hop limit exceeding.( Hops=hops, MaxHops=max-hops )

¡ DHCP relay discarded DHCP packets because the authorized address pool does not exist

¡ DHCP relay discarded DHCP packets because no server IP is configured( PoolName=pool-name, PoolVPN=pool-vpn)

¡ DHCP relay discarded DHCP packets because no giaddr is configured( PoolName=pool-name, PoolVPN=pool-vpn)

¡ DHCP relay discarded a DHCP packet because the packet was sent by itself

¡ DHCP relay discarded DHCP packets according to the Option 82 policy

¡ DHCP client discarded DHCP packets because of invalid FSM.( ClientMode=mode, FSM-State=FiniteStateMachine-state)

¡ DHCP client discarded DHCP packets because of XID mismatch.( ClientMode=mode, ClientXID=client-xid, PacketXID=packet-xid )

¡ DHCP client discarded DHCP packets because of incorrect MAC.( ClientMode=mode, HardwareAddrType=hardware-address-type, HardwareAddrLen=hardware-address-length )

¡ DHCP client discarded DHCP packets because of too short lease time.( ClientMode=mode, LeaseTime=lease-time, LeaseTimeMIN=lease-time-minimum )

¡ DHCP client discarded DHCP packets because of invalid server IP.( Client's server ip=client-serverip, packet's server ip=packet-serverip )

¡ DHCP client discarded DHCP packets because of destination MAC mismatch.( ClientMode=mode, IfMAC ieemimetion=interface-mac-address )

¡ DHCP client discarded DHCP packets because of invalid message type.

¡ DHCP snooping discarded DHCP packets because of MAC mismatch

¡ DHCP snooping discarded DHCP packets because of giaddr mismatch

¡ DHCP snooping discarded DHCP packets because DHCP-REQUEST check failed

¡ DHCP snooping discarded DHCP packets because of mismatch between the port and VLAN

¡ DHCP snooping discarded DHCP packets because the input and output ports are the same

¡ DHCP snooping discarded DHCP packet because the input port is not trusted.

¡ DHCP snooping discarded DHCP packets because the input and output ports are same

¡ DHCP snooping discarded reply packet because of VLAN mismatch between the port and packets.

¡ DHCP server discarded BOOTP packets because of dhcp server bootp ignore is configured.( OP=operation )

¡ DHCP server discarded DHCP packets because of invalid message type.( MessageType=message-type )

¡ DHCP server discarded DHCP packets because of no matching network

¡ DHCP server discarded DHCP packets because of mismatch between lease interface and input interface.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface )

¡ DHCP server discarded DHCP packets because allocate-new-ip is configured and user is online.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface )

¡ DHCP server discarded DHCP packets because of option acquisition failure

¡ DHCP server discarded DHCP packets because the address pool does not exist.

¡ DHCP server discarded DHCP packets because of invalid user class.

¡ DHCP server discarded DHCP packets because lease initialization failed

¡ DHCP server discarded DHCP packets because it failed to find a matching lease.( RequestType=request-type, IP=ip-address ).

¡ DHCP server discarded DHCP packets because of mismatch between lease interface and source interface.( IP=ip-address, PoolName=pool-name, LeaseIf=lease-interface )

¡ DHCP server discarded DHCP packets because of SID mismatch.

¡ DHCP server received invalid DHCP packets because of invalid request-ip option.

¡ DHCP server discarded DHCP packets because of invalid request-ip option.

¡ DHCP server discarded DHCP packets because of memory alert

¡ DHCP server discarded DHCP packets because lease info recovery from backup file.

¡ DHCP server discarded DHCP packets because MAC check failed.

¡ DHCP server discarded DHCP packets because of incorrect policy configuration.( DHCPPolicy=policy-name ).

¡ Discarded access module message because of invalid address pool info.( PoolName=pool-name, AccType=access-type )

¡ Discarded access module message because of VPN mismatch.( PoolName=pool-name, AccType=access-type, PoolVPN=pool-vpn )

¡ Discarded access module message because lease initialization failed.( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn )

¡ Discarded access module message because of no free ip. ( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn )

¡ DHCP server discarded access module message because of incorrect gateway configuration. ( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn )

¡ DHCP server discarded access module message because of unknown user type

· When the health type is DHCP_TBL_EXCEED, options include:

¡ The number of DHCP snooping entries exceeded the threshold

¡ The number of DHCP relay agent entries exceeded the threshold

· When the health type is DHCP_IP_CONFLICT, options include:

¡ The DHCP client detected an IP conflict

¡ The DHCP server detected an IP conflict.( AccType=access-type, PoolName=pool-name, PoolVPN=pool-vpn, IP=ip-addres s)

¡ DHCP snooping deleted the old user entry because another MAC has the same IP.( OldUserMAC=mac-address )

· When the health type is DHCP_CONN_ERR, options include:

¡ DHCP client failed to allocate memory for new lease

¡ DHCP client failed to allocate memory for new packet received

¡ DHCP client failed to send packets.( ClientMode=mode )

¡ DHCP client failed to create packet resend timer.( ClientMode=mode )

¡ DHCP client failed to make option

¡ DHCP relay failed to create client entry

¡ DHCP relay failed to strip option 82 from the packet

¡ DHCP relay failed to insert option 82 into the packet

¡ DHCP relay failed to allocate memory for packet sending

¡ DHCP relay failed to allocate memory for reply packets

¡ DHCP relay failed to forward packets to server

¡ DHCP relay failed to forward packets to client.

¡ The memory usage of the DHCP server or relay reached the threshold

¡ The memory usage of the DHCP relay reached the threshold

¡ The memory usage of the DHCP snooping reached the threshold

¡ DHCP snooping discarded packets because the option 82 policy is drop

¡ DHCP snooping failed to process option 61

¡ DHCP snooping failed to forward request packets to server

¡ DHCP snooping failed to send reply packets to client

¡ DHCP server failed to send packets to client

¡ The memory usage of DHCP snooping reached the threshold

¡ DHCP snooping received replies from untrusted port

¡ DHCP snooping failed to create and pull MBUF

¡ VSRP configuration changed

¡ Failed to release IP because the lease was not found: IP=ip-address

Related commands

diagnostic troubleshooting health enable

diagnostic troubleshooting test dhcp-client offline-record

Use diagnostic troubleshooting test dhcp-client offline-record to perform diagnostic troubleshooting for user offline events on the DHCP client.

Syntax

diagnostic troubleshooting test dhcp-client offline-record

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

When the device operates as a DHCP client, this command displays the offline user information and offline reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-client offline-record enable command to enable diagnostic troubleshooting for user offline events on the DHCP client. By default, diagnostic troubleshooting for user offline events is enabled on the DHCP client.

Examples

# Perform diagnostic troubleshooting for user offline events on the DHCP client.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-client offline-record enable

[Sysname] diagnostic troubleshooting test dhcp-client offline-record

Start diagnose at 2022-12-08 10:34:40

please wait.Done.

End diagnose at 2022-12-08 10:34:41,Actual time:1 seconds.

User offline time : 2018-11-19 11:53:26

Client identifier : 0138a8e7110302

MAC address : 38a8-e711-0302

IP address : 192.168.1.115

Interface : GigabitEthernet2/0/1

Offline reason : Interface offline

Table 29 Command output

Field	Description
Interface	Interface from which the DHCP user came online. This field displays N/A if no interface is recorded in user address entries.
Offline reason	DHCP user offline reason: · Lease expiration · ARP conflict · Address release · Server decline · Interface offline · Interface MAC change · Option 61 change · Option 60 change · Autocfg notify to release

Field

Description

Interface

Interface from which the DHCP user came online. This field displays N/A if no interface is recorded in user address entries.

Offline reason

DHCP user offline reason:

· Lease expiration

· ARP conflict

· Address release

· Server decline

· Interface offline

· Interface MAC change

· Option 61 change

· Option 60 change

· Autocfg notify to release

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-relay online-fail-capture

Use diagnostic troubleshooting test dhcp-relay online-fail-capture to perform diagnostic troubleshooting for online failure events of the specified DHCP user on the DHCP relay agent.

Syntax

diagnostic troubleshooting test dhcp-relay online-fail-capture mac-address mac-address [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a DHCP user by its MAC address, in the format of H-H-H.

Usage guidelines

Operating mechanism

When the device operates as a DHCP relay agent, it records running data for DHCP users within the diagnostic troubleshooting period. When the period is reached, the device displays the DHCP user online failure reason for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-relay online-fail-capture enable command to enable diagnostic troubleshooting for online failure events of the specified DHCP user on the DHCP relay agent. By default, diagnostic troubleshooting for DHCP user online failure events is enabled on the DHCP relay agent.

Examples

# Perform diagnostic troubleshooting for online failure events of the DHCP user with a MAC address of 00e0-fc12-3456.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-relay online-fail-capture enable

[Sysname] diagnostic troubleshooting test dhcp-relay online-fail-capture mac-address 0800-0485-a474

Start diagnose at 2022-12-08 11:55:49, Estimated time:60 seconds.

Please wait.............................................................Done.

End diagnose at 2022-12-08 11:56:49, Actual time:60 seconds.

User online failure time: 2022-12-08 11:57:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : No trust port

Table 30 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP relay agent user online failure reason: · Invalid hop limit · Failed to get DHCP server address · Failed to get giaddr · Invalid MAC address · The policy of Option 82 was drop · Option memory allocation error · Option parse error · Failed to find online interface · Received no DHCP-REQUEST packets · Receive no DHCP-OFFER or DHCP-ACK packets · Not a VSRP master · Invalid message type · Invalid VPN · Invalid address pool · Failed to get remote server · Failed to get gateway of pool · Failed to get giaddr · Received NAK from server. · Failed to replace server-id in proxy mode · Lease time too short · IP conflict · Failed to send DISCOVER to server · Failed to send REQUEST to server · Failed to send OFFER to client · Failed to send ACK to client

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-relay online-fail-record

Use diagnostic troubleshooting test dhcp-relay online-fail-record to perform diagnostic troubleshooting for DHCP user online failure history events on the DHCP relay agent.

Syntax

diagnostic troubleshooting test dhcp-relay online-fail-record

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

When the device operates as a DHCP relay agent, this command displays information about all DHCP users that failed to come online and the online failure reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-relay online-fail-record enable command to enable diagnostic troubleshooting for user online failure history events on the DHCP relay agent. By default, diagnostic troubleshooting is enabled for user online failure history events on the DHCP relay agent.

Examples

# Perform diagnostic troubleshooting for user online failure history events on the DHCP relay agent.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-record enable

[Sysname] diagnostic troubleshooting test dhcp-relay online-fail-record

Start diagnose at 2022-12-09 07:12:26

please wait.Done.

End diagnose at 2022-12-09 07:12:27,Actual time:1 seconds.

User online failure time: 2022-09-19 10:27:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : Failed to get giaddr

Total number of records: 1

Table 31 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP relay agent user online failure reason: · Invalid hop limit · Failed to get DHCP server address · Failed to get giaddr · Invalid MAC address · The policy of Option 82 was drop · Option memory allocation error · Option parse error · Failed to find online interface · Received no DHCP-REQUEST packets · Receive no DHCP-OFFER or DHCP-ACK packets · Not a VSRP master · Invalid message type · Invalid VPN · Invalid address pool · Failed to get remote server · Failed to get gateway of pool · Failed to get giaddr · Received NAK from server. · Failed to replace server-id in proxy mode · Lease time too short · IP conflict · Failed to send DISCOVER to server · Failed to send REQUEST to server · Failed to send OFFER to client · Failed to send ACK to client

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-server offline-record

Use diagnostic troubleshooting test dhcp-server offline-record to perform diagnostic troubleshooting for user offline events on the DHCP server.

Syntax

diagnostic troubleshooting test dhcp-server offline-record [ abnormal | normal ]

Views

System view

Predefined user roles

network-admin

Parameters

abnormal: Specifies abnormal DHCP user offline events.

normal: Specifies normal DHCP user offline events.

Usage guidelines

Operating mechanism

When the device operates as a DHCP server, this command displays the DHCP offline user information and offline reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-server offline-record enable command to enable diagnostic troubleshooting for user offline events on the DHCP server. By default, diagnostic troubleshooting for user offline events is enabled on the DHCP server.

Examples

# Perform diagnostic troubleshooting for user offline events on the DHCP server.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-server offline-record enable

[Sysname] diagnostic troubleshooting test dhcp-server offline-record

Start diagnose at 2022-12-09 06:55:19

please wait.Done.

End diagnose at 2022-12-09 06:55:20,Actual time:1 seconds.

User offline time : 2022-09-19 10:27:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Offline reason : Lease expired

Total number of records: 1

Table 32 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Offline reason	DHCP user offline reason: · The user sent DHCP-RELEASE packet actively · The user sent DHCP-DECLINE packet · Cleared user info with the reset command · Server failed to send packets to client. · Lease expired · Cleared user info after VPN deletion · Cleared user info after DHCP disabled · Cleared user info after VSRP modification · VSRP state changed from master to down · VSRP state changed from backup to down · Access module notified to offline · VSRP backup received a conflicting lease · Force to offline the user because allow-new-ip is configured · Force to offline the user because of conflict with static binding · MIB notified to release · PPPOE notified to release · The user’s ARP entry expired

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-server online-fail-capture

Use diagnostic troubleshooting test dhcp-server online-fail-capture to perform diagnostic troubleshooting for real-time user online failure events on the DHCP server.

Syntax

diagnostic troubleshooting test dhcp-server online-fail-capture mac-address mac-address [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a DHCP user by its MAC address, in the format of H-H-H.

Usage guidelines

Operating mechanism

When the device operates as a DHCP server, it records running data for DHCP users within the diagnostic troubleshooting period. When the period is reached, the device displays the DHCP user online failure reason for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-server online-fail-capture enable command to enable diagnostic troubleshooting for online failure events of the specified DHCP user on the DHCP server. By default, diagnostic troubleshooting for DHCP user online failure events is enabled on the DHCP server.

Examples

# Perform diagnostic troubleshooting for online failure events of the DHCP user with a MAC address of 00e0-fc12-3456.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-capture enable

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-capture mac-address 00e0-fc12-3456

Start diagnose at 2022-12-08 11:55:49, Estimated time:60 seconds.

Please wait.............................................................Done.

End diagnose at 2022-12-08 11:56:49, Actual time:60 seconds.

User online failure time: 2022-12-08 11:57:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : No assignable network

Table 33 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP user online failure reason: · No assignable network · No free IP address · Failed to send packets · Option memory allocation error · Option parse error · VPN mismatch · Ignore BOOTP packets · Interface mismatch · Failed to obtain address pool info · User class info mismatch · Lease initialization failed · Lease not found for request message · Insufficient memory · Memory threshold alert · Restoring lease info from backup file · Invalid MAC address · Failed to get server IP · IP conflict · Authorized user initialization failed · DHCP disabled · Invalid authorized ip · Not a VSRP master · Unknown access type · Ignore dynamic lease · Invalid address pool

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-server online-fail-record

Use diagnostic troubleshooting test dhcp-server online-fail-record to perform diagnostic troubleshooting for user online failure history events on the DHCP server.

Syntax

diagnostic troubleshooting test dhcp-server online-fail-record

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

When the device operates as a DHCP server, this command displays information about all DHCP users that failed to come online and the online failure reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-server online-fail-record enable command to enable diagnostic troubleshooting for user online failure history events on the DHCP server. By default, diagnostic troubleshooting for user online failure history events is enabled on the DHCP server.

Examples

# Perform diagnostic troubleshooting for user online failure history events on the DHCP server.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-record enable

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-record

Start diagnose at 2022-12-09 07:12:26

please wait.Done.

End diagnose at 2022-12-09 07:12:27,Actual time:1 seconds.

User online failure time: 2022-09-19 10:27:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : No assignable network

Total number of records: 1

Table 34 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP user online failure reason: · No assignable network · No free IP address · Failed to send packets · Option memory allocation error · Option parse error · VPN mismatch · Ignore BOOTP packets · Interface mismatch · User class info mismatch · Lease initialization failed · Lease not found for request message · Insufficient memory · Memory threshold alert · Restoring lease info from backup file · Invalid MAC address · Failed to get server IP · IP conflict · DHCP disabled · Invalid authorized ip · Not a VSRP master · Unknown access type · Invalid address pool · Received no DHCP-REQUEST packets

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-snooping offline-record

Use diagnostic troubleshooting test dhcp-server offline-record to perform diagnostic troubleshooting for DHCP user offline events on the DHCP snooping device.

Syntax

diagnostic troubleshooting test dhcp-snooping offline-record [ abnormal | interface interface-type interface-number | ip-address ip-address | normal ]

Views

System view

Predefined user roles

network-admin

Parameters

abnormal: Specifies abnormal DHCP user offline events on the DHCP snooping device.

interface interface-type interface-number: Specifies an interface by its type and number.

ip-address ip-address: Specifies a user by its IP address in dotted decimal number.

normal: Specifies normal DHCP user offline events on the DHCP snooping device.

Usage guidelines

Operating mechanism

When the device operates as a DHCP snooping device, this command displays the DHCP offline user information and offline reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-snooping offline-record enable command to enable diagnostic troubleshooting for user offline events on the DHCP snooping device. By default, diagnostic troubleshooting for user offline events is enabled on the DHCP snooping device.

Examples

# Perform diagnostic troubleshooting for user offline events on the DHCP snooping device.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-snooping offline-record enable

[Sysname] diagnostic troubleshooting test dhcp-snooping offline-record

Start diagnose at 2022-12-09 06:55:19

please wait.Done.

End diagnose at 2022-12-09 06:55:20,Actual time:1 seconds.

User offline time : 2022-09-19 10:27:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Offline reason : The user’s ARP entry expired

Total number of records: 1

Table 35 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Offline reason	DHCP user offline reason: · The user sent DHCP-RELEASE packet actively · The user sent DHCP-DECLINE packet · Cleared user info with the reset command · The user’s ARP entry expired · Other modules such as 802.1X notified deleting the user · The DHCP snooping entry for the user expired · DHCP snooping disabled · DHCP snooping VLAN disabled · The user’s online interface state changed · The corresponding VLAN disabled · All VLANs disabled on the interface · All VLANs disabled on the device · Deleted the user entry by MIB operation · Deleted the user entry as NAK packet received · Deleted the old user entry as received a packet from the same IP but different MAC · Deleted user entries in bulk · Deleted the user entry because of invalid lease time · Deleted user entries by RLINK notify

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-snooping online-fail-capture

Use diagnostic troubleshooting test dhcp-snooping online-fail-capture to perform diagnostic troubleshooting for real-time DHCP user online failure events on the DHCP snooping device.

Syntax

diagnostic troubleshooting test dhcp-snooping online-fail-capture { mac-address mac-address | vlan vlan-id } [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a DHCP user by its MAC address, in the format of H-H-H.

vlan vlan-id: Specifies a DHCP user by its VLAN ID, in the range of 1 to 4094.

Usage guidelines

Operating mechanism

When the device operates as a DHCP snooping device, it records running data for DHCP users within the diagnostic troubleshooting period. When the period is reached, the device displays the DHCP user online failure reason for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-snooping online-fail-capture enable command to enable diagnostic troubleshooting for online failure events of the specified DHCP user on the DHCP snooping device. By default, diagnostic troubleshooting for DHCP user online failure events is enabled on the DHCP snooping device.

Examples

# Perform diagnostic troubleshooting for online failure events of the DHCP user with a MAC address of 00e0-fc12-3456 on the DHCP snooping device.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-snooping online-fail-capture enable

[Sysname] diagnostic troubleshooting test dhcp-snooping online-fail-capture mac-address 00e0-fc12-3456

Start diagnose at 2022-12-08 11:55:49, Estimated time:60 seconds.

Please wait.............................................................Done.

End diagnose at 2022-12-08 11:56:49, Actual time:60 seconds.

User online failure time: 2022-12-08 11:57:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : No trusted port

Table 36 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP user online failure reason: · No trusted port · Mismatch between MAC address and CHADDR · Discarded packets because the option 82 policy is drop · The input and output ports are the same · Mismatch between the port VLAN and packet VLAN · Failed to process Option 82 · Failed to process Option 61 · Received replies from untrusted port · Failed to reply to client · Failed to send request packets to server · Failed to create and pull MBUF · Failed to get trust info · No DHCP-OFFER packets · No DHCP-ACK packets · No DHCP-REQUEST packets · Failed to pass giaddr check

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test dhcp-snooping online-fail-record

Use diagnostic troubleshooting test dhcp-snooping online-fail-record to perform diagnostic troubleshooting for user online failure history events on the DHCP snooping device.

Syntax

diagnostic troubleshooting test dhcp-snooping online-fail-record

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

When the device operates as a DHCP snooping device, this command displays information about all DHCP users that failed to come online and the online failure reason to help you locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test dhcp-snooping online-fail-record enable command to enable diagnostic troubleshooting for user online failure history events on the DHCP snooping device. By default, diagnostic troubleshooting for user online failure history events is enabled on the DHCP snooping device.

Examples

# Perform diagnostic troubleshooting for user online failure history events on the DHCP snooping device.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-record enable

[Sysname] diagnostic troubleshooting test dhcp-server online-fail-record

Start diagnose at 2022-12-09 07:12:26

please wait.Done.

End diagnose at 2022-12-09 07:12:27,Actual time:1 seconds.

User online failure time: 2022-09-19 10:27:51

MAC address : 00e0-fc12-3456

Client Identifier : 0100e0fc123456

SVLAN : 100

CVLAN : N/A

Interface : GigabitEthernet2/0/1

Online fail reason : No trusted port

Total number of records: 1

Table 37 Command output

Field	Description
SVLAN	SVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
CVLAN	CVLAN of DHCP packets. If the packets do not belong to any VLAN, this field displays N/A.
Interface	Layer 3 interface connected to the DHCP client. This field displays N/A if no interface is recorded in user address entries.
Online fail reason	DHCP user online failure reason: · No trusted port · Mismatch between MAC address and CHADDR · The input and output ports are the same · Mismatch between the port VLAN and packet VLAN · Discarded packets because the option 82 policy is drop · Failed to process option 61 · Received replies from untrusted port · Failed to reply to client · Failed to send request packets to server · Failed to create and pull MBUF · No DHCP-OFFER packets · No DHCP-ACK packets · No DHCP-REQUEST packets · Failed to pass giaddr check · Failed to add mac-port in L3 · Ethernet trans failed

Related commands

diagnostic troubleshooting enable

OSPF diagnostic troubleshooting commands

diagnostic troubleshooting test neighbor-establish-abnormal ospf

Use diagnostic troubleshooting test neighbor-establish-abnormal ospf to perform diagnostic troubleshooting for OSPF neighbor relationship establishment failure events.

Syntax

diagnostic troubleshooting test neighbor-establish-abnormal ospf [ process-id ] [ interface interface-type interface-number ]

Views

System view

Predefined user roles

network-admin

Parameters

process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. If you do not specify this argument, this command performs diagnostic troubleshooting for all OSPF processes.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, this command performs diagnostic troubleshooting for all OSPF interfaces.

Usage guidelines

Application scenarios

With diagnostic troubleshooting for OSPF neighbor relationship establishment failure events enabled, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test neighbor-establish-abnormal ospf enable command to enable diagnostic troubleshooting for OSPF neighbor relationship establishment failure events. By default, diagnostic troubleshooting for OSPF neighbor relationship establishment failure events is enabled.

Examples

# Perform diagnostic troubleshooting for OSPF neighbor relationship establishment failure events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test neighbor-establish-abnormal ospf 1

Start diagnose at 2023-03-15 18:23:57

please wait.Done.

End diagnose at 2023-03-15 18:23:58,Actual time:1 seconds.

Diagnose report:

OSPF Process 1 with Router ID 10.1.1.1

--------------------------------------------------------------------------------

Interface NBR-IP Time State

Reason

GigabitEthernet2/0/1 192.168.100.60 2023-03-15,09:28:30:511 --

Router ID conflict.

Table 38 Command output

Field	Description
Start diagnose at 2023-03-15 18:23:57	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
End diagnose at 2023-03-15 18:23:58,Actual time:1 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss and actual duration of diagnostic troubleshooting.
Interface	Interface on which the OSPF neighbor relationship was established.
NBR-IP	IP address of the neighbor. If this field displays two hyphens (--), it represents all devices running OSPF or all DRs.
Time	Time when neighbor state changed was detected, in the format of MM-DD hh:mm:ss.
State	Neighbor state: · Down—Initial state of a neighbor conversation. · Init—The router has received a Hello packet from the neighbor. However, the router has not established bidirectional communication with the neighbor. The router did not appear in the neighbor's hello packet.et). · 2-Way—Communication between the two routers is bidirectional. The local router appears in the neighbor's Hello packet. · Exstart—The goal of this state is to decide which router is the master, and to decide upon the initial Database Description (DD) sequence number. · Exchange—The router is sending DD packets to the neighbor, describing its entire link-state database. · Loading—The router sends LSRs packets to the neighbor, requesting more recent LSAs. · Full—The neighboring routers are fully adjacent.
Reason	Reason for discarding the hello packet: · Area under reset—The area is in the reset progress. · Router ID conflict—Route ID conflict. · Area mismatch—Area ID mismatch. · Unknown virtual link—The hello packet is from an unknown virtual link. · Authentication failure—Authentication failure. · Peer address check failure—Neighbor address check failure. · Not DR or BDR—The destination IP address of the hello packet is 224.0.0.6, but the interface is not a DR or BDR. · Unknown unicast peer—The hello packet is from an unknown unicast neighbor. · Option mismatch—Option field mismatch. · Subnet mask mismatch—Subnet mask mismatch. · Address mismatch—Address range mismatch. · Hello timer mismatch—Hello timer mismatch. · Dead timer mismatch—Dead timer mismatch. · Peer change—The source IP address or router ID has changed. · FilterLSA—Peer disconnection occurs because LSA filter settings have changed or the ACL used by the LSA filter has changed.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test neighbor-flap ospf

Use diagnostic troubleshooting test neighbor-flap ospf to perform diagnostic troubleshooting for OSPF neighbor down events.

Syntax

diagnostic troubleshooting test neighbor-flap ospf [ process-id ] [ interface interface-type interface-number ]

Views

System view

Predefined user roles

network-admin

Parameters

process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. If you do not specify this argument, this command performs diagnostic troubleshooting for OSPF neighbor down events for all OSPF processes.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, this command performs diagnostic troubleshooting for OSPF neighbor down events for all OSPF interfaces.

Usage guidelines

Application scenarios

With diagnostic troubleshooting for OSPF neighbor down events enabled, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test neighbor-flap ospf enable command to enable diagnostic troubleshooting for OSPF neighbor down events. By default, diagnostic troubleshooting for OSPF neighbor down events is enabled.

Examples

# Perform diagnostic troubleshooting for OSPF neighbor down events for OSPF process 1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test neighbor-fallback ospf 1

Start diagnose at 2023-03-15 18:34:30

please waitDone.

End diagnose at 2023-03-15 18:34:30,Actual time:0 seconds.

Diagnose report:

OSPF Process 1 with Router ID 10.1.1.1

--------------------------------------------------------------------------------

Interface NBR-IP Time State

Reason

GigabitEthernet2/0/1 192.168.100.188 2023-03-15,18:23:47:869 FULL ->

INIT INIT because a 1-way hello packet was received.

GigabitEthernet2/0/1 192.168.100.61 2023-03-15,10:31:51:196 FULL ->

DOWN DOWN because the BFD session went down.

GigabitEthernet2/0/1 192.168.100.61 2023-03-15,09:38:30:511 FULL ->

EXSTART EXSTART because a SeqNumberMismatch event was triggered by the mast

er - standby relationship change .

Table 39 Command output

Field	Description
Start diagnose at 2023-03-15 18:34:30	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
End diagnose at 2023-03-15 18:34:30,Actual time:0 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss and actual duration of diagnostic troubleshooting.
Interface	Interface on which the OSPF neighbor relationship was established.
NBR-IP	Neighbor router ID.
Time	Time when neighbor down was detected, in the format of MM-DD hh:mm:ss.
State	Neighbor state change: · Full->Init. · Full->Exstart. · Full->Down.
Reason	Reasons for neighbor state changes: · ResetConnect—The connection is lost due to insufficient memory. · VlinkChange—The virtual link parameter has changed. · ShamChange—The sham link parameter has changed. · AuthChange—The authentication type has changed. · Retrans—Excessive retransmissions. · GRChange—The GR capability has changed. · SeqMismatch—The interface receives SeqNumberMismatch events. · BadLSReq—The interface receives BadLSReq events. · LLSChange—The LLS capability has changed. · DOWN because OSPF interface parameters changed · DOWN because the OSPF process was reset · DOWN because the OSPF process was deleted · DOWN because the OSPF area was deleted · DOWN because OSPF was disabled · DOWN because OSPF packet receiving and sending are disabled · DOWN because the interface address was deleted or OSPF was disabled on interface · DOWN because the interface went down or MTU changed · DOWN because the virtual link was deleted or the route it relies on was deleted. · DOWN because the virtual link interface went down or the virtual link settingswere deleted · DOWN because the sham link was deleted or the route it relies on was deleted · DOWN because the dead timer expired · DOWN because the stub configuration changed · DOWN because the NSSA configuration changed · DOWN because the Opaque LSA capability configuration changed · DOWN because the out-of-band resynchronization capability configuration changed · DOWN because the BFD session went down · INIT because a 1-way hello packet was received · DOWN because database-filter configuration changed or database-filter ACL configuration changed · EXSTART because a BadLSReq event was triggered upon the request for a nonexistent LSA · EXSTART because the LSA requested and then learned is the same as that in local · EXSTART because the LSA requested and then learned is older than that in local · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a non-retransmitted DD packet from the Loading or Full peer during the DD retransmit interval · EXSTART because a SeqNumberMismatch event was triggered by the change of the OSPF peer's capability to external attribute · EXSTART because a SeqNumberMismatch event was triggered by the master-slave relationship change · EXSTART because a SeqNumberMismatch event was triggered by the OSPF peer’s multi-topology attribute change · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a retransmitted DD packet from the Loading or Full peer after the DD retransmit interval expired · EXSTART because a SeqNumberMismatch event was triggered by the change of the OSPF peer’s capability to receive AS external LSA · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of an unexpected initial DD packet after DD transmission started · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet with a wrong sequence number from the slave · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet with a wrong sequence number from the master · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing local opaque LSA without enabling the opaque capability · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing area opaque LSA without enabling the opaque capability · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing AS opaque LSA without enabling the opaque capability. · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing NSSA external LSA in a non-NSSA area · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing invalid LSA · EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing AS external LSA in the stub area or on the virtual link. · shutdown—The shutdown process command was executed.

Related commands

diagnostic troubleshooting enable

IS- IS diagnostic troubleshooting commands

diagnostic troubleshooting test isis route

Use diagnostic troubleshooting test isis route to perform diagnostic troubleshooting for IS- IS route change events in the IP routing table.

Syntax

diagnostic troubleshooting test isis route { ipv4 { add | delete | modify } [ ipv4-address mask-length ] | ipv6 { add | delete | modify } [ ipv6-address prefix-length ] } [ level-1 | level-2 ] [ process-id ]

Views

System view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 routing table.

ipv6: Specifies the IPv6 routing table.

add: Specifies route adding events.

delete: Specifies route deletion events.

modify: Specifies route modification events.

ipv4-address mask-length: Specifies IPv4 address and mask length change events. The value range for mask-length is 0 to 32.

ipv6-address prefix-length: Specifies IPv6 address and prefix length change events. The value range for prefix-length is 0 to 128.

level-1: Specifies Level-1 route change events in the IP routing table.

level-2: Specifies Level-2 route change events in the IP routing table.

process-id: Specifies an IS process by its ID in the range of 1 to 65535. If you do not specify this argument, this command performs diagnostic troubleshooting for route changes in the IP routing table for all IS processes.

Usage guidelines

Application scenarios

With diagnostic troubleshooting for IS-IS route change events enabled, the device records the change information in the memory of the GOLD module automatically. After you execute this command, the device displays the route change information stored in the GOLD module to help you locate the reason.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test isis route enable command to enable diagnostic troubleshooting for route change events in the IP routing table. By default, diagnostic troubleshooting for route change events in the IP routing table is enabled.

Examples

# Perform diagnostic troubleshooting for route add events for all IS-IS processes.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test isis route ipv4 delete

Start diagnose at 2023-03-15 18:09:23

please waitDone.

End diagnose at 2023-03-15 18:09:23,Actual time:0 seconds.

Diagnose Last Routes Action for ISIS

--------------------------------------------------------------------------------

DestAddr : 8.8.8.8/32 ProcessId : 1

Level : LEVEL-1 RecordTime : 2023-03-15 18:09:18:280

RouteType : Learnt Src count : 1

Nexthop : 192.168.100.188 IfName : GigabitEthernet2/0/1

NexthopType : LAN NibID : 0x14000001

Reason : LSP updated

DestAddr : 192.168.100.0/24 ProcessId : 1

Level : LEVEL-1 RecordTime : 2023-03-15 17:16:30:20

RouteType : Direct Src count : 1

Nexthop : N/A IfName : N/A

NexthopType : N/A NibID : N/A

Reason : Direct route changed

Table 40 Command output

Field	Description
Start diagnose at 2023-03-15 18:09:23	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
Level	Level type. Options include: · LEVEL-1 · LEVEL-2
RouteType	Route type. Options include: · Direct—Direct routes. · Learnt—Learned routes. · Redist—Redistributed routes. · Summary—Summarized routes. · Attached—Attached routes. · Invalid—Invalid routes.
NexthopType	Next hop type. Options include: · LAN—Broadcast network. · P2P—P2P network. · TETNL—TE tunnel next hop. · SRTETNL—SR-TE tunnel next hop. · ADVERTISE—Forwarding adjacency next hop. · SRPOLICY—SR policy next hop.
NibID	ID of the next hop.
Reason	Type of the most recent event that triggered route calculation: · NextHop changed. · DIS changed. · Interface metric changed. · Interface MTR information changed. · SPF link changed. · Default route changed. · Summary route changed. · TE tunnel updated. · TE tunnel metirc changed. · IPv6 mode changed. · FRR configuration changed. · Prefix priority configuration changed. · Route preference changed. · ISPF configuration changed. · Import filter policy changed. · ECMP configuration changed. · PIC configuration changed. · Interface LFA exclude changed. · ATT configuration changed. · GR/NSR first SPF. · GR over. · T3 timeout. · Direct route changed. · Logic interface changed. · Route leakage configuration changed. · NSR over. · Entered overload state. · Exited overload state. · Area address changed. · Route policy changed. · Redistributed route updated. · LSP updated. · MT disabled. · MT enabled. · TE tunnel configuration changed. · TE tunnel destination changed. · RIB smooth. · Local SRGB changed. · Neighbor's SRGB changed. · Segment Routing enalbe changed. · Segment Routing prefer changed. · Segment Routing TI-LFA changed. · Microloop-advoidance Rib-update-delay. · SRMS active policy changed. · Remote LFA configuration changed. · LDP label changed. · Remote LFA loopback address changed. · Tiebreaker configuration changed. · Microloop-advoidance Sr-update-delay. · Microloop-advoidance configuration changed. · Local SRLG changed. · Segment Routing Mirror Protect changed. · SRv6 Policy changed. · Link tag updated. · Flex algo changed.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test neighbor-establish-abnormal isis

Use diagnostic troubleshooting test neighbor-establish-abnormal isis to perform diagnostic troubleshooting for IS-IS neighbor down events.

Syntax

diagnostic troubleshooting test neighbor-establish-abnormal isis [ process-id ] [ interface interface-type interface-number ]

Views

System view

Predefined user roles

network-admin

Parameters

process-id: Specifies an IS-IS process by its ID in the range of 1 to 65535. If you do not specify this argument, this command performs diagnostic troubleshooting for IS-IS neighbor down events for all IS-IS processes.

Usage guidelines

Application scenarios

With diagnostic troubleshooting for IS-IS neighbor down events enabled, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test neighbor-establish-abnormal isis enable command to enable diagnostic troubleshooting for IS-IS neighbor down events. By default, diagnostic troubleshooting for IS-IS neighbor down events is enabled.

Examples

# Perform diagnostic troubleshooting for IS-IS neighbor down events for all IS-IS processes.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test neighbor-establish-abnormal isis

Start diagnose at 2023-03-15 17:23:16

please wait.Done.

End diagnose at 2023-03-15 17:23:17,Actual time:1 seconds.

Diagnose information for IS-IS(1)

---------------------------------

Interface NbrSystemID type Nbr-Change-Time State Reason

--------------------------------------------------------------------------------

GigabitEthernet2/0/1 0000.0000.0088 L2 03-15 17:23:30 Up->Init A hello pack

et without S

NPA address

was received

Table 41 Command output

Field	Description
Start diagnose at 2023-03-15 17:23:16	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
NbrSystemID	Neighbor system ID.
type	Level type. Options include: · L1—Level-1 topology. · L2—Level-2 topology. · P2P—P2P link.
State	Neighbor state: · Down—The neighbor is down. · Init—The neighbor is in Init state.
Reason	Statistics for packets with the following errors: · Bad packet length—Invalid packet length. · Bad header length—Invalid header length. · Jumbo packet—The packet length exceeds the buffer size or the interface MTU. · Bad protocol description—Invalid protocol description. · Bad protocol ID—Invalid protocol identifier. · Bad protocol version—Invalid protocol version. · Unknown packet type—Unknown packet type. · Mismatched network type—Mismatched network type. · Duplicate system ID—Duplicate system IDs. · Bad circuit type—Invalid interface type. · Bad auth TLV—Invalid authentication TLV. · Excessive auth TLVs—Excessive authentication TLVs. · Auth failure—Authentication failure. · Excessive area addresses—Excessive area addresses. · Bad area address TLV—Invalid area address TLV. · Bad NBR TLV—Invalid neighbor TLV. · Excessive IF Addr TLVs—Excessive interface address TLVs. · Excessive IF addresses—Excessive interface addresses. · Bad IF address TLV—Invalid interface address TLV. · Bad system ID length—Invalid system ID length. · Bad TLV length—Invalid TLV length. · Bad IP address—The IP address does not belong to the same network as the local interface address. · Duplicate IP address—Duplicate IP addresses. ·Mismatched area address—Mismatched area addresses. · Mismatched protocol—Mismatched protocols. · Bad max area count—Invalid maximum number of area addresses. · Bad IPv6 address TLV—Invalid IPv6 address TLV. · Bad IPv6 address—Invalid IPv6 address. · Duplicate IPv6 address—Duplicate IPv6 addresses. · Bad MT ID TLV—Invalid topology ID TLV. · SNPA conflict (LAN)—SNPA conflict. · Excessive NBR SNPAs (LAN)—Excessive neighbor SNPAs. · Mismatched level (LAN)—Mismatched levels. · Bad 3-Way option TLV (P2P)—Invalid three-way handshake information. · No common MT ID (P2P)—No common topology ID. · Bad circuit ID (P2P)—Invalid circuit ID. · Bad BFD TLV—Invalid BFD TLV. · Bad global IPv6 address TLV—Invalid global IPv6 address TLV. · Bad IID TLV—The multi-instance TLV length is smaller than the minimum length specified in the protocol.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test neighbor-flap isis

Use diagnostic troubleshooting test neighbor-flap isis to perform diagnostic troubleshooting for IS-IS neighbor flapping events.

Syntax

diagnostic troubleshooting test neighbor-flap isis [ process-id ] [ interface interface-type interface-number ]

Views

System view

Predefined user roles

network-admin

Parameters

Usage guidelines

Application scenarios

With diagnostic troubleshooting for IS-IS neighbor flapping events enabled, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate the failure reason.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test neighbor-flap isis enable command to enable diagnostic troubleshooting for IS-IS neighbor flapping events. By default, diagnostic troubleshooting for IS-IS neighbor flapping events is enabled.

Examples

# Perform diagnostic troubleshooting for IS-IS neighbor flapping events for all IS-IS processes.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test neighbor-flap isis

Start diagnose at 2023-03-15 17:17:28

please wait.Done.

End diagnose at 2023-03-15 17:17:29,Actual time:1 seconds.

Diagnose information for IS-IS(1)

---------------------------------

Interface NbrSystemID type Nbr-Change-Time State Reason

--------------------------------------------------------------------------------

GigabitEthernet1/0/1 00000.0000.0088 L2 03-15 17:17:50 Up->Init A hello pack

et without S

NPA address

was received

Table 42 Command output

Field	Description
Start diagnose at 2023-03-15 17:23:16	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
End diagnose at 2023-03-15 17:23:17,Actual time:1 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss, and the actual duration of diagnostic troubleshooting.
NbrSystemID	Neighbor system ID.
type	Level type. Options include: · L1—Level-1 topology. · L2—Level-2 topology. · P2P—P2P link.
State	Neighbor state changes: · Up->Down. · Up->Init.
Reason	Failure reason: · UnknownReason · The IS-IS level was changed. Please check IS-IS configuration · The IS-IS process was reset · The IS-IS process was gracefully restarted · The LSP sequence number exceeds the maximum sequence number · The IS-IS process was deleted · The IS-IS area was deleted. Please check IS-IS configuration · The IS-IS process was stopped. Please check IS-IS process state · The reset isis peer command was executed · No hello packets were received within the hold time. Please check the connection to the neighbor · The hold timer expired · The BFD session went down. Please check the BFD session state · The BFD session was administratively down. Please check the BFD session state · The local BFD configuration changed. Please check the BFD session information · The remote BFD configuration changed. Please check the BFD session information on remote end · The IPv6 topology mode changed. Please check the IPv6 topology mode settings · The wait-to-delete BFD TLV timed out. Please check the BFD session information · The interface went down. Please check the interface state · The interface was deleted or the bound VPN instance was changed. Please check the interface state and settings · The circuit level changed on the interface. Please check the interface settings · The circuit type changed on the interface. Please check the interface settings · IS-IS packet receiving and sending were disabled. Please check the interface settings · IS-IS interface parameters changed. Please check the interface parameters · IPv4 IS-IS was disabled on interface. Please check the interface settings · IPv6 IS-IS was disabled on interface. Please check the interface settings · The interface address was deleted or IS-IS was disabled on interface. Please check the interface settings · The interface IPv6 address was deleted or IPv6 IS-IS was disabled on interface. Please check the interface settings · A hello packet with mismatched protocol was received · A hello packet with mismatched area was received · A P2P hello packet with mismatched area was received · A hello packet with mismatched circuit type was received · A hello packet without SNPA address was received · A hello packet without local SNPA address was received · A P2P hello packet with mismatched circuit type was received · The neighbor system ID corresponding to the SNPA address in the received hello packet is different from the neighbor system ID carried in the hello packet · The P2P neighbor was gracefully down. Please check the GR configuration of GR helper · A P2P hello packet with incorrect system ID was received · A P2P hello packet with incorrect circuit ID was received · PeerIPv4Disabled · PeerIPv6Disabled · CircuitIPv4Down · CircuitIPv6Down · A P2P hello packet with incorrect extended circuit ID was received · A P2P hello packet with adjacency three-way state down was received · Shutdown process

Related commands

diagnostic troubleshooting enable

gRPC diagnostic troubleshooting commands

diagnostic troubleshooting test grpc-server failed-operation

Use diagnostic troubleshooting test grpc-server failed-operation to perform diagnostic troubleshooting for gRPC request failure events.

Syntax

diagnostic troubleshooting test grpc-server failed-operation

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to analyze processing failure of request packets received from gRPC clients (collectors).

Restrictions and guidelines

This feature is supported only in dial-in mode.

For this command to take effect, first use the diagnostic troubleshooting test netconf-server failed-operation enable command to enable diagnostic troubleshooting for gRPC request failures.

Examples

# Perform diagnostic troubleshooting for gRPC request failures.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test grpc-server failed-operation

Start diagnose at 2023-03-15 08:50:35

please wait.Done.

End diagnose at 2023-03-15 08:50:36,Actual time:1 seconds.

Diagnose report:

Failed at Session ID Username Client IP Operation

Stage Error Message

2023-03-15,08:50:00 3 admin 192.168.69.2:45650 get-all

RPC-parse Prefix or Path parsing failed

Table 43 Command output

Field	Description
Session ID	ID of a gRPC session.
Username	Username.
Operation	gRPC operation type, for example, get-config operation.
Stage	Phase at which the failure occurred: · RPC-parse. · RPC-process. · Config-process. · RPC-reply-process.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test grpc-server login

Use diagnostic troubleshooting test grpc-server login to perform diagnostic troubleshooting for gRPC login failure events.

Syntax

diagnostic troubleshooting test grpc-server login

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to analyze reason for session setup failure between a gRP Cclient (collector) and the device.

Restrictions and guidelines

This feature is supported only in dial-in mode.

For this command to take effect, first use the diagnostic troubleshooting test grpc-server login enable command to enable diagnostic troubleshooting for gRPC login failure events.

Examples

# Perform diagnostic troubleshooting for gRPC login failure events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test grpc-server login

Start diagnose at 2023-03-15 08:50:35

please wait.Done.

End diagnose at 2023-03-15 08:50:36,Actual time:1 seconds.

Diagnose report:

Info: Operating, please wait for a moment.

----------------------------------------------------------------------------------------

LoginTime Client-Address UserName Login-Result Fail-Reason

2023-03-15, 08:50:00 192.168.1.97:50051 client001 failed Authentication failed

Table 44 Command output

Field

Description

UserName

Username.

Whether the gRPC client logged in to the device sucessfully:

· successful.

· failed.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test telemetry sample-interval

Use diagnostic troubleshooting test telemetry sample-interval to perform diagnostic troubleshooting for gRPC sampling intervals.

Syntax

diagnostic troubleshooting test telemetry sample-interval [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

diagnostic-time: Performs diagnostic troubleshooting based on the current data. If you do not specify this keyword, this command performs a 60-second diagnostic troubleshooting based on the current data. diagnostic-time is in the range of 1 to 86400 seconds.

Usage guidelines

Application scenarios

This feature is used to analyze whether the sampling interval for gRPC in dial-out mode to send subscription messages to the collector is consistent with the configured sampling interval.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test telemetry sample-interval enable command to enable diagnostic troubleshooting for gRPC sampling intervals.

Examples

# Perform diagnostic troubleshooting for gRPC sampling intervals.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test telemetry sample-interval

Start diagnose at 2023-03-15 09:15:18, Estimated time:60 seconds.

Please wait..............................................................Done.

End diagnose at 2023-03-15 09:16:19, Actual time:61 seconds.

--------------------Subscription 5--------------------

Sensor group 1

Configured sampling interval : 5000 ms

Sensor path device/base

Sampling type: Periodic

Minimum sampling interval : 1000 ms

Effective sampling interval : 5000 ms

Actual sampling intercal : 4999 ms

Sampling period statue: Correct

Sensor group 4

Sensor path arp/arptableevent

Sampling type: Event-triggered

Table 45 Command output

Field	Description
Sampling type	Sampling type: · Periodic. · Event-triggered. This sampling type does not have a sample interval.
Effective sampling interval	If the configured sampling interval is smaller than the minimum sampling interval, the value for this field is the same as the minimum sampling interval.
Actual sampling interval	This interval is affected by the CPU usage and sampling data volume.
Sampling period status	Sampling period status: · Correct. · Incorrect.
Reason for incorrect sampling period	Reason for incorrect sampling period: The CPU is busy or the sampled data is too large.

Related commands

diagnostic troubleshooting enable

NETCONF diagnostic troubleshooting commands

diagnostic troubleshooting test netconf-server failed-operation

Use diagnostic troubleshooting test netconf-server failed-operation to perform diagnostic troubleshooting for NETCONF request failures.

Syntax

diagnostic troubleshooting test netconf-server failed-operation

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

This feature is used to analyze the reasons for the failure in processing an <rpc> request message by the device (NETCONF server) after receiving it from the NETCONF client.

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test netconf-server failed-operation enable command to enable diagnostic troubleshooting NETCONF request failures.

Examples

# Perform diagnostic troubleshooting for NETCONF request failures.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test netconf-server failed-operation

Start diagnose at 2023-03-15 08:49:18

please wait.Done.

End diagnose at 2023-03-15 08:49:19,Actual time:1 seconds.

Diagnosis report:

Failed at Session ID Username Client IP Operation

Stage Error Message

2023-03-15,08:49:00 3 admin 192.168.69.2:45650 get-config

RPC-parse Prefix or Path parsing failed

Table 46 Command output

Field	Description
Session ID	NETCONF session ID.
Username	Username.
Operation	NETCONF operation type, for example, get-config operation.
Stage	Phase at which the failure occurred: · RPC-parse. · RPC-process. · Config-process. · RPC-reply-process.

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting test netconf-server netconf-over-soap

Use diagnostic troubleshooting test netconf-server netconf-over-soap to perform diagnostic troubleshooting for NETCONF over SOAP login information.

Syntax

diagnostic troubleshooting test netconf-server netconf-over-soap

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

This feature is used to analyze the reasons why the NETCONF client failed to establish a NETCONF over SOAP session with the device (NETCONF server).

Restrictions and guidelines

For this command to take effect, first use the diagnostic troubleshooting test netconf-server netconf-over-soap enable command to enable diagnostic troubleshooting NETCONF over SOAP information.

Examples

# Perform diagnostic troubleshooting for NETCONF over SOAP login information.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test netconf-server netconf-over-soap

Start diagnose at 2023-03-15 08:50:35

please wait.Done.

End diagnose at 2023-03-15 08:50:36,Actual time:1 seconds.

Diagnose report:

Info: Operating, please wait for a moment.

----------------------------------------------------------------------------------------

LoginTime Client-Address UserName Login-Result Fail-Reason

2023-03-15, 08:50:00 192.168.1.97 client001 failed Authentication failed

Table 47 Command output

Field

Description

UserName

Username.

Whether the NETCONF client logged in to the device successfully:

· successful.

· failed.

Related commands

diagnostic troubleshooting enable

Spanning tree diagnostic troubleshooting commands

diagnostic troubleshooting test stp abnormal

Use diagnostic troubleshooting test stp abnormal to perform diagnostic troubleshooting for ports that are blocked by spanning tree protection features.

Syntax

diagnostic troubleshooting test stp abnormal [ interface interface-type interface-number ]

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number, If you do not specify this option, this command performs diagnostic troubleshooting for all SPT ports.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test stp abnormal enable command to enable diagnostic troubleshooting for ports that are blocked by spanning tree protection features. By default, diagnostic troubleshooting is enabled for ports that are blocked by spanning tree protection features.

With diagnostic troubleshooting enabled for ports that are blocked by spanning tree protection features, the device records the failure information in the memory of the GOLD module automatically. After you execute this command, the device displays the failure information stored in the GOLD module to help you locate and reasons.

For more information about GOLD, see Intelligent Operations Configuration Guide.

The system can perform diagnostic troubleshooting for one type of event at a time.

Examples

# Perform diagnostic troubleshooting for all ports that are blocked by spanning tree protection features.

<Sysname> system

[Sysname] diagnostic troubleshooting test stp abnormal

Diagnosis report:

STP abnormal records for port GE2/0/1

----------------------------------------------------------------------------------------

Index Port Last detect time State Reason

1 GE1/0/1 2020-02-15 06:18:24 discard Instance 0’s port

GigabitEthernet1/0/1 received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is 32768.36b5-6d1a-0300, and the designated port ID contained in the BPDU is 128.1.

Table 48 Command output

Field

Description

Diagnosis report

Reason

Failure reason:

· Instance number's port port detected a topology change.

· VLAN number's port port detected a topology change.

· Instance number’s port port received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is priority.mac, and the designated port ID contained in the BPDU is priority.index.

· VLAN number’s port port received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is priority.mac, and the designated port ID contained in the BPDU is priority.index.

· Instance number's port port received its own BPDU.

· VLAN number's port port received its own BPDU.

Related commands

diagnostic troubleshooting enable

Multicast routing and forwarding diagnostic troubleshooting commands

diagnostic troubleshooting test multicast-route creation-abnormal

Use diagnostic troubleshooting test multicast-route creation-abnormal to perform diagnostic troubleshooting for multicast routing entry creation failures.

Syntax

diagnostic troubleshooting test multicast-route creation-abnormal [ vpn-instance vpn-instance-name ] { ipv4-source-address ipv4-group-address | ipv6-source-address ipv6-group-address } outgoing-interface interface-type interface-number [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command performs diagnostic troubleshooting for multicast routing entry creation failures on the public network.

ipv4-source-address: Specifies an IPv4 multicast source address. The IPv4 multicast source address is 0.0.0.0 for the (*,G) entries.

ipv4-group-address: Specifies a multicast group by its IPv4 address in the range of 224.0.0.0 to 239.255.255.255.

ipv6-source-address: Specifies an IPv6 multicast source address. The multicast source address is 0::0 for the (*,G) entries.

ipv6-group-address: Specifies a multicast group by its IPv6 address, in the format of FFxy::/16, where x and y represent any decimal number in the range of 0 to F.

outgoing-interface interface-type interface-number: Specifies the multicast forwarding entries that contain the specified outgoing interface.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 15 to 3600 seconds. The default value is 135 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

Operating mechanism

When you execute this command, the device records multicast entry creation failure events within the diagnostic troubleshooting period. When the period is reached, the device displays the events for you to locate the issue.

Restrictions and guidelines

The configured diagnostic troubleshooting duration must be larger than the interval for the downstream to send PIM join messages. If IGMP or MLD is also enabled on an interface, the diagnostic troubleshooting duration must also be larger than the sum of the IGMP/MLD general query interval (the default is 125 seconds) and the maximum response time (the default is 10 seconds). A too short diagnostic troubleshooting duration might cause the diagnostic troubleshooting result to be incomplete.

The device can perform diagnostic troubleshooting for creation failure events of only one multicast entry at a time.

Examples

# Perform diagnostic troubleshooting for creation failure events of multicast entry (1.2.3.4, 225.0.0.1) that contains outgoing interface GigabitEthernet2/0/1 on the public network, with a duration of 100 seconds.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test multicast-route creation-abnormal 1.2.3.4 225.0.0.1 outgoing-interface gigabitethernet 2/0/1 diagnostic-time 100

Start diagnose at 2023-03-23 08:10:04, Estimated time:135 seconds.

Please wait..........................................Done.

End diagnose at 2023-03-23 08:12:20, Actual time:136 seconds.

Vpn-instance: public net

In-interface Oif ProblemDsc

GigabitEthernet2/0/2 Y 1. The multicast protocol entry is in the normal state.

Table 49 Command output

Field	Description
VPN-instance	VPN instance name. This field displays public net on the public network.
Outgoing interface exsits	Whether the multicast entry contains an outgoing interface: · Yes. · No.
Description	Diagnostic troubleshooting result: · The multicast routing entry is in the normal state · Multicast diagnostics does not support the current interface type · Multicast diagnostic does not support PIM-DM · Multicast diagnostics does not support BIDIR-PIM · The PIM entry does not exist · A multicast source filtering policy is configured · The PIM register packet has been filtered out by the register policy · The local device is an RP but does not receive any PIM register packet · Multicast does not receive the Nocache event (no data packet is received) · The PIM outgoing interface is not the DR. · The interface is down · PIM or IGMP/MLD is disabled on the interface. · PIM passive is enabled on the interface, and IGMP/MLD is disabled. · A multicast boundary policy is configured on the interface. · The device does not receive PIM join packets · The device fails to receive the PIM packet · The PIM packet from an unknown neighbor might be discarded · The PIM packet might be discarded, because the upstream neighbor address in the packet is incorrect · The PIM join packet is discarded, because the RP address in the packet is incorrect. The expected RP address is 1.2.3.4, and the address in the packet is 1.2.3.3 · The PIM entry is created, but the multicast source address is a local address. As a result, multicast services might be interrupted · The incoming interface of the PIM entry does not exist (the possible cause is that there is no route to the multicast source or RP) · PIM does not find the corresponding RP · The PIM entry is in the SWT state, but no Wrongif event is received · The outgoing interface specified in the PIM entry does not exist · The PIM outbound interface is not in the outgoing interface state · The PIM outgoing interface is in Exclude mode · The PIM outgoing interface is in the Assert Loser state · The PIM outgoing interface is in the RPT Prune state · An IGMP/MLD group filtering policy is configured on the interface · The device does not receive IGMP/MLD join packets · The device fails to receive the IGMP/MLD packet · The IGMP/MLD version set on the interface is inconsistent with the version in the received packet. The version set on the interface is 1, and the version in the received packet is 2 · The group address is in the SSM range, and no SSM mapping policy is configured, (*, G) join is not supported · The SSM mapping policy does not contain rules with the specified source

Related commands

diagnostic troubleshooting enable

diagnostic troubleshooting health module multicast

Use diagnostic troubleshooting health module multicast to perform health diagnostic troubleshooting for the IP multicast module.

Syntax

diagnostic troubleshooting health module multicast

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to identify whether the IP multicast module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

Examples

# Perform health diagnostic troubleshooting for the IP multicast module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module multicast

--------------------------------------------------------------------------------

PADS_Type Detect-Time Description

--------------------------------------------------------------------------------

PIM_NBR_TIMESOUT 2023-03-14 09:47:44 The neighbor aging timer expired. (VPNName:

public net, NbrAddr: 5.5.5.1, IfName:

GigabitEthernet2/0/1)

PIM_NBR_TIMESOUT 2023-03-14 09:47:49 The neighbor aging timer expired. (VPNName:

public net, NbrAddr: 5.5.5.2, IfName:

GigabitEthernet2/0/2)

Table 50 Command output

Field

Description

PADS_Type

Error type. Options include:

· GROUP_TIMESOUT—The multicast group aged out.

· PIM_OIF_TIMESOUT—The PIM outgoing interface aged out.

· PIM_NBR_TIMESOUT—The PIM neighbor aged out.

Description

Description for diagnostic troubleshooting of the IP multicast module:

· The group aging timer expired. (VPNName: VPNName, GrpAddr: GrpAddr, IfName: IfNname)

· The outgoing interface aging timer expired. (VPNName: VPNName, SrcAddr: SrcAddr, GrpAddr: GrpAddr, IfName: IfNname)

· The neighbor aging timer expired. (VPNName: VPNName, NbrAddr: NbrAddr, IfName: IfNname)

Related commands

diagnostic troubleshooting health enable

ARP diagnostic troubleshooting commands

diagnostic troubleshooting health module arp

Use diagnostic troubleshooting health module arp to perform health diagnostic troubleshooting for the ARP module.

Syntax

diagnostic troubleshooting health module arp

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to identify whether the ARP module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting health module arp enable command to enable health diagnostic troubleshooting for the ARP module.

Examples

# Perform health diagnostic troubleshooting for the ARP module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module arp

Start diagnose at 2022-12-15 07:12:10

please wait.Done.

End diagnose at 2022-12-15 07:12:11,Actual time:1 seconds.

last system health for arp:

-----------------------------------------------------------------------------------

Show ARP Health Record

-----------------------------------------------------------------------------------

PADS_Type Detect-Time Description

-----------------------------------------------------------------------------------

ARP_EXCEED 12-15 07:11:52 The number of ARP entries exceeded the thres

hold. (IfName=GigabitEthernet2/0/1, Slot=3, Thre

shold=10, Number of dynamic ARP entries=

10, Number of static ARP entries=0)

ARP_EXCEED 12-15 07:11:50 The number of ARP entries exceeded the thres

hold. (IfName=GigabitEthernet2/0/1, Slot=3, Thre

shold=10, Number of dynamic ARP entries=

10, Number of static ARP entries=0)

IP_CONFLICT 12-15 07:11:48 Received an ARP packet with a duplicate

IP address from the interface. (VRF=0, I

fName=GigabitEthernet2/0/1, IpAddress=1.

1.1.2, MacAddress=005e-a312-ea9f, PE-VLA

N=65535, CE-VLAN=65535)

IP_CONFLICT 12-15 07:11:43 Received an ARP packet with a duplicate

IP address from the interface. (VRF=0, I

fName=GigabitEthernet2/0/1, IpAddress=1.

1.1.2, MacAddress=005e-a312-ea9f, PE-VLA

N=65535, CE-VLAN=65535)

-----------------------------------------------------------------------------------

Table 51 Command output

Field	Description
Start diagnose at 2022-12-15 07:12:10	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
End diagnose at 2022-12-15 07:12:11,Actual time:1 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss, and the actual duration of health diagnostic troubleshooting.
PADS_Type	Error type. Options include: · ARP_EXCEED: The number of ARP entries exceeded the limit. · IP_CONFLICT: ARP packets with conflict IP addresses were received on the interface.
Detection-Time	Time when the event was detected.
Description	Description of the event: · IfName. · Slot. · Threshold: Threshold for the number of ARP entries. · Number of dynamic ARP entries · Number of static ARP entries · VRF. · IPAddress · MacAddress · PE-VLAN: Outer VLAN. · CE-VLAN: Inner VLAN.

Related commands

diagnostic troubleshooting health enable

diagnostic troubleshooting test arp-learn packet-trace

Use diagnostic troubleshooting test arp-learn packet-trace to perform diagnostic troubleshooting for ARP packet sending and receiving events.

Syntax

diagnostic troubleshooting test arp-learn packet-trace ip-address ip-address interface interface-type interface-number [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

ip-address ip-address: Specifies the source or destination IP address for ARP packets.

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 5 to 60 seconds. The default value is 10 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

Application scenarios

To check reachability between the device and the destination network or host, use this command to perform diagnostic troubleshooting for ARP packet sending and receiving events. If ARP packets fail to be sent, you can check the output for failure location.

Operating mechanism

After this command is executed, the device displays diagnostic troubleshooting information only after the specified interface has sent an ARP packet with a specified destination IP address or received an ARP packet with a specified source IP address. The device can display diagnostic troubleshooting information for a maximum of 5 ARP packets at a time.

· If the number of sent or received ARP packets reaches 5 within the diagnostic troubleshooting period, the device will display diagnostic troubleshooting information only for the 5 ARP packets and will not display diagnostic troubleshooting information for subsequent ARP packets.

· If the number of ARP packets does not reach 5 within the estimated diagnostic troubleshooting duration or if the command is terminated using Ctrl+C, the device will display diagnostic troubleshooting information for the detected ARP packets.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test arp-learn packet-trace enable command to enable diagnostic troubleshooting for ARP packet sending and receiving events. By default, diagnostic troubleshooting is enabled for ARP packet sending and receiving events.

Restrictions and guidelines

Each time this command is executed, it displays ARP packet diagnostic troubleshooting information only once. To perform diagnostic troubleshooting for subsequent ARP packet sending and receiving events, you must execute the command again.

If any exceptions occur during command execution, you can press Ctrl+C to terminate the command.

Examples

# Perform diagnostic troubleshooting for ARP packet sending and receiving events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test arp-learn packet-trace ip-address 1.1.1.2 interface gigabitethernet 2/0/1

Start diagnose at 2022-08-01 10:00:14, Estimated time:10 seconds.

Please wait.....................Done.

End diagnose at 2022-08-01 10:00:29, Actual time:15 seconds.

Diagnose report:

Diagnose ARP Learning With IPAddress: 1.1.1.2 Interface: GigabitEthernet2/0/1

Simple Description: ARP entry learning failed. Check detailed information displayed in the ARP Inner field of the command output!

----------------------------------------------------------------------------------------

Description

----------------------------------------------------------------------------------------

ETH-->ARP:

ETH success to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:23)

ETH success to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:21)

ETH success to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:19)

ETH success to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:17)

no data

ARP Inner:

ARP fail to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Failed to write ARP message queue, Time=2022-08-01 10:00:23)

ARP fail to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Failed to write ARP message queue, Time=2022-08-01 10:00:21)

ARP fail to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Failed to write ARP message queue, Time=2022-08-01 10:00:19)

ARP fail to recevice arp packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Failed to write ARP message queue, Time=2022-08-01 10:00:17)

no data

ARP-->ETH:

ARP success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:23)

ARP success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:21)

ARP success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:19)

ARP success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:17)

ARP success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:15)

ETH-->QOS:

ETH success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:23)

ETH success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:21)

ETH success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:19)

ETH success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:17)

ETH success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:15)

QOS-->DRV:

QOS success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=10:00:23)

QOS success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=10:00:21)

QOS success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=10:00:19)

QOS success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=10:00:17)

QOS success to send arp packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=10:00:15)

Table 52 Command output

Field	Description
Start diagnose at 2022-08-01 10:00:14, Estimated time:10 seconds.	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss, and the estimated diagnostic troubleshooting duration.
End diagnose at 2022-08-01 10:00:29, Actual time:15 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss, and the actual duration of health diagnostic troubleshooting.
ETH-->ARP	Diagnostic troubleshooting information for packets sent from the interface module to the ARP module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Wrong source mac address ¡ Failed to analyse packet ¡ Packet discarded for lagg block ¡ No sub interface ¡ Interface link status is down · Time: Time when diagnostic troubleshooting was performed.
ARP Inner	Diagnostic troubleshooting information for packets transmitted within the ARP module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Taken over by copp ¡ Failed to write ARP message queue ¡ Issu limit ¡ Failed to pull up MBUF ¡ ARP packet is invalid ¡ ARP packet is taken over by authenticator · Time: Time when diagnostic troubleshooting was performed.
ARP-->ETH	Diagnostic troubleshooting information for packets sent from the ARP module to the interface module: · SrcMac. · DstMac. · ErrReason: Failure reason. The value is Failed to request memory. · Time: Time when diagnostic troubleshooting was performed.
ETH-->QOS	Diagnostic troubleshooting information for packets sent from the interface module to the QoS module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Invalid if index ¡ Failed to encapsulate link header ¡ Failed to package vlan tag ¡ Taken over by eth vlan ¡ Failed to pad packet ¡ Port blocked ¡ Successfully sent on super vlan ¡ Failed to send on super vlan · Time: Time when diagnostic troubleshooting was performed.
QOS-->DRV	Diagnostic troubleshooting information for packets sent from the QoS module to the driver module: · SrcMac. · DstMac. · ErrReason: Failure reason. The value is QoS sending failed. · Time: Time when diagnostic troubleshooting was performed.

Related commands

diagnostic troubleshooting enable

IPv6 neighbor discovery (ND) diagnostic troubleshooting commands

diagnostic troubleshooting health module nd

Use diagnostic troubleshooting health module nd to perform health diagnostic troubleshooting for the ND module.

Syntax

diagnostic troubleshooting health module nd

Views

System view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

Use this command to identify whether the ND module is running correctly. When you execute this command, the device displays the unhealthy information for you to locate the issue.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting health module nd enable command to enable health diagnostic troubleshooting for the ND module.

Examples

# Perform health diagnostic troubleshooting for the ND module.

<Sysname> system-view

[Sysname] diagnostic troubleshooting health module nd

Start diagnose at 2022-12-15 02:22:47

please wait.Done.

End diagnose at 2022-12-15 02:22:48,Actual time:1 seconds.

last system health for nd:

-----------------------------------------------------------------------------------

Show ND Health Record

-----------------------------------------------------------------------------------

PADS_Type Detect-Time Description

-----------------------------------------------------------------------------------

ND_EXCEED 12-15 02:21:52 The number of ND entries exceeded the th

reshold. (IfName=GigabitEthernet2/0/1, s

lot=2, Threshold=1, Number of dynamic ND

entries=1, Number of static ND entries=

ND_EXCEED 12-15 02:21:50 The number of ND entries exceeded the th

reshold. (IfName=GigabitEthernet2/0/1, s

lot=2, Threshold=1, Number of dynamic ND

entries=1, Number of static ND entries=

ND_IP_CONFLICT 12-15 02:21:48 Received an ND packet with a duplicate I

Pv6 address from the interface. (VRF=0,

IfName=GigabitEthernet2/0/1, Ipv6Address

=1000::2, MacAddress=005e-a312-ea9f, PE-

VLAN=65535, CE-VLAN=65535)

ND_IP_CONFLICT 12-15 02:21:43 Received an ND packet with a duplicate I

Pv6 address from the interface. (VRF=0,

IfName=GigabitEthernet2/0/1, Ipv6Address

=1000::2, MacAddress=005e-a312-ea9f, PE-

VLAN=65535, CE-VLAN=65535)

-----------------------------------------------------------------------------------

Table 53 Command output

Field	Description
Start diagnose at 2022-12-15 02:22:47	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss.
End diagnose at 2022-12-15 02:22:48,Actual time:1 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss, and actual duration of health diagnostic troubleshooting.
PADS_Type	Error type. Options include: · ND_EXCEED: The number of ND entries exceeded the limit. · ND_IP_CONFLICT: ND packets with conflict IP addresses were received on the interface.
Detection-Time	Time when the event was detected.
Description	Description of the event: · IfName · Slot · Threshold: ND entry threshold · Number of dynamic ND entries · Number of static ND entries · VRF. · IPv6Address · MacAddress · PE-VLAN: Outer VLAN. · CE-VLAN: Inner VLAN.

Related commands

diagnostic troubleshooting health enable

diagnostic troubleshooting test nd-learn packet-trace

Use diagnostic troubleshooting test nd-learn packet-trace to perform diagnostic troubleshooting for ND packet sending and receiving events.

Syntax

diagnostic troubleshooting test nd-learn packet-trace ipv6-address ipv6-address interface interface-type interface-number [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address ipv6-address: Specifies the source or destination IPv6 address for ND packets.

interface interface-type interface-number: Specifies an interface by its interface type and interface number.

Usage guidelines

Application scenarios

To check reachability between the device and the destination network or host, use this command to perform diagnostic troubleshooting for ND packet sending and receiving events. If ND packets fail to be sent, you can check the output for failure location.

Operating mechanism

After this command is executed, the device displays diagnostic troubleshooting information only after the specified interface has sent an ND packet with a specified destination IPv6 address or received an ND packet with a specified source IPv6 address. The device can display diagnostic troubleshooting information for a maximum of 5 ND packets at a time.

· If the number of sent or received ND packets reaches 5 within the diagnostic troubleshooting period, the device will display diagnostic troubleshooting information only for the 5 ND packets and will not display diagnostic troubleshooting information for subsequent ND packets.

· If the number of ND packets does not reach 5 within the estimated diagnostic troubleshooting duration or if the command is terminated using Ctrl+C, the device will display diagnostic troubleshooting information for the detected ND packets.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test nd-learn packet-trace enable command to enable diagnostic troubleshooting for ND packet sending and receiving events. By default, diagnostic troubleshooting is enabled for ND packet sending and receiving events.

Restrictions and guidelines

Each time this command is executed, it displays ND packet diagnostic troubleshooting information only once. To perform diagnostic troubleshooting for subsequent ND packet sending and receiving events, you must execute the command again.

If any exceptions occur during command execution, you can press Ctrl+C to terminate the command.

Examples

# Perform diagnostic troubleshooting for ND packet sending and receiving events.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test nd-learn packet-trace ipv6-address 1000::1 interface gigabitEthernet 1/0/1

Start diagnose at 2022-08-01 10:00:14, Estimated time:10 seconds.

Please wait.....................Done.

End diagnose at 2022-08-01 10:00:29, Actual time:15 seconds.

Diagnose report:

Diagnose ND Learning With IPv6Address: 1000::1 Interface: GigabitEthernet 1/0/1

Simple Description: ND entry learning failed. Check detailed information displayed in the IPv6-->ICMPv6 field of the command output!

----------------------------------------------------------------------------------------

Description

----------------------------------------------------------------------------------------

ETH-->IPv6:

ETH success to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:23)

ETH success to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:21)

ETH success to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:19)

ETH success to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:17)

ETH success to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (Time=2022-08-01 10:00:15)

IPv6-->ICMPv6:

IPv6 fail to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Invalid IPv6 packet, Time=2022-08-01 10:00:23)

IPv6 fail to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Invalid IPv6 packet, Time=2022-08-01 10:00:21)

IPv6 fail to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Invalid IPv6 packet, Time=2022-08-01 10:00:19)

IPv6 fail to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Invalid IPv6 packet, Time=2022-08-01 10:00:17)

IPv6 fail to recevice nd packet(SrcMac=0000-0000-0001, DstMac=4c11-317c-0100). (ErrReason:Invalid IPv6 packet, Time=2022-08-01 10:00:15)

ICMPv6-->ND:

no data

ND Inner:

no data

ND-->IPv6:

ND success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to IPv6.(Time=2022-08-01 10:00:23)

ND success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to IPv6.(Time=2022-08-01 10:00:21)

ND success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to IPv6.(Time=2022-08-01 10:00:19)

ND success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to IPv6.(Time=2022-08-01 10:00:17)

ND success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to IPv6.(Time=2022-08-01 10:00:15)

IPv6-->ADJ6:

IPv6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ADJ6.(Time=2022-08-01 10:00:23)

IPv6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ADJ6.(Time=2022-08-01 10:00:21)

IPv6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ADJ6.(Time=2022-08-01 10:00:19)

IPv6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ADJ6.(Time=2022-08-01 10:00:17)

IPv6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ADJ6.(Time=2022-08-01 10:00:15)

ADJ6-->ETH:

ADJ6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:23)

ADJ6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:21)

ADJ6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:19)

ADJ6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:17)

ADJ6 success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to ETH.(Time=2022-08-01 10:00:15)

ETH-->QOS:

ETH success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:23)

ETH success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:21)

ETH success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:19)

ETH success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:17)

ETH success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to QOS.(Time=2022-08-01 10:00:15)

QOS-->DRV:

QOS success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=2022-08-01 10:00:23)

QOS success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=2022-08-01 10:00:21)

QOS success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=2022-08-01 10:00:19)

QOS success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=2022-08-01 10:00:17)

QOS success to send nd packet(SrcMac=4c11-317c-0100, DstMac=0000-0000-0001) to DRV.(Time=2022-08-01 10:00:15)

Table 54 Command output

Field	Description
Start diagnose at 2022-08-01 10:00:14, Estimated time:10 seconds.	Time when health diagnostic troubleshooting started, in the format of YYYY-MM-DD hh:mm:ss, and the estimated diagnostic troubleshooting duration.
End diagnose at 2022-08-01 10:00:29, Actual time:15 seconds.	Time when health diagnostic troubleshooting ended, in the format of YYYY-MM-DD hh:mm:ss, and the actual duration of health diagnostic troubleshooting.
ETH-->IPv6	Diagnostic troubleshooting information for packets sent from the interface module to the IPv6 basics module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Failed to get Ethernet control block ¡ Failed to pull up MBUF ¡ Wrong source mac address ¡ Failed to analyse packet ¡ Packet discarded for lagg block ¡ Invalid if index ¡ Interface link status is down ¡ Port blocked · Time: Time when diagnostic troubleshooting was performed.
IPv6-->ICMPv6	Diagnostic troubleshooting information for packets sent from the IPv6 basics module to the ICMPv6 module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Packet was discarded by services ¡ Invalid IPv6 packet ¡ Failed to process the sr extension header ¡ Failed to process the hop-by-hop extension header ¡ IPv6 drop ¡ Failed to get vsys data ¡ Packet discarded for copy to cpu ¡ Invalid next header ¡ The packet is added to the reorganization queue ¡ Failed to process the extension header · Time: Time when diagnostic troubleshooting was performed.
ICMPv6-->ND	Diagnostic troubleshooting information for packets sent from the ICMPv6 module to the ND module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Failed to pull up MBUF ¡ ICMPv6 packet too short ¡ Packet discarded for icmpv6 defend ¡ Packet discarded for checksum error · Time: Time when diagnostic troubleshooting was performed.
ND Inner	Diagnostic troubleshooting information for packets transmitted within the ND module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ ND main thread stopped ¡ Packet discarded for icmpv6 defend ¡ Failed to write ND message queue ¡ Failed to request memory ¡ Packet discarded for memory alarm notification ¡ Packet discarded for target address is tentative ¡ No DAD: Dual-active gateway address conflict. · Time: Time when diagnostic troubleshooting was performed.
ND-->IPv6	Diagnostic troubleshooting information for packets sent from the ND module to the IPv6 basics module: · SrcMac. · DstMac. · ErrReason: Failure reason. The value is Packet discarded for icmpv6 defend. · Time: Time when diagnostic troubleshooting was performed.
IPv6-->ADJ6	Diagnostic troubleshooting information for packets sent from the IPv6 basics module to the ADJ6 module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Failed to get vsys data ¡ Out Discards ¡ The packet was bigger than the MTU · Time: Time when diagnostic troubleshooting was performed.
ADJ6-->ETH	Diagnostic troubleshooting information for packets sent from the ADJ6 module to the interface module: · SrcMac. · DstMac. · ErrReason: Failure reason. The value is ADJ6 output error. · Time: Time when diagnostic troubleshooting was performed.
ETH-->QOS	Diagnostic troubleshooting information for packets sent from the ADJ6 module to the QoS module: · SrcMac. · DstMac. · ErrReason: Failure reason. ¡ Failed to get Ethernet control block ¡ Failed to pad packet ¡ Port blocked ¡ Failed to encapsulate link header ¡ Failed to package vlan tag · Time: Time when diagnostic troubleshooting was performed.
QOS-->DRV	Diagnostic troubleshooting information for packets sent from the QoS module to the driver module: · SrcMac. · DstMac. · ErrReason: Failure reason. The value is QoS sending failed. · Time: Time when diagnostic troubleshooting was performed.

Related commands

diagnostic troubleshooting enable

SSH diagnostic troubleshooting commands

diagnostic troubleshooting test ssh-server client-login

Use diagnostic troubleshooting test ssh-server client-login to perform diagnostic troubleshooting for SSH client login.

Syntax

diagnostic troubleshooting test ssh-server client-login { client-ipv4 ipv4-address | client-ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

client-ipv4 ipv4-address: Specifies an SSH client by its IPv4 address.

client-ipv6 ipv6-address: Specifies an SSH client by its IPv6 address.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the public instance is specified.

diagnostic-time diagnostic-time: Specifies the estimated diagnostic troubleshooting duration, in the range of 60 to 600 seconds. The default value is 60 seconds. The actual duration might be different, but will not be greater than 2*diagnostic-time.

Usage guidelines

With diagnostic troubleshooting for SSH client login enabled, the device records the SSH client login errors within the diagnostic troubleshooting period. When the period is reached, the device displays the SSH client login error information to help you locate the reason.

Examples

# Perform login diagnostic troubleshooting for SSH client with IP address 192.168.169.1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test ssh-server client-login client-ipv4 192.168.169.1

Started at: 2022-04-01 11:19:35, estimated duration: 60 seconds.

Please wait...........................................................

Ended at: 2022-04-01 11:20:35, actual duration: 60 seconds.

Diagnosis report:

Connection setup state:

Init-->Ver-exchange-->Algorithm-

negotiation-->Keys-exchange-->Auth-request-->Serv-request-->Established

SSH login list:

---------------------------------------------------------------------------------

ID : 1

Local IP : 192.168.169.2

Remote IP : 192.168.169.1

Service type : Stelnet

Username : root123

Failure reason : N/A

State : N/A

Suggestion : N/A

Local version : SSH-2.0

Remote version : SSH-2.0

---------------------------------------------------------------------------------

Table 55 Command output

Field	Description
Started at	Start time of diagnostic troubleshooting for SSH client login.
Estimated duration	Estimated diagnostic troubleshooting duration.
Ended at	End time of diagnostic troubleshooting for SSH client login.
Actual duration	Actual diagnostic troubleshooting duration.
Diagnosis report	Diagnosis report.
Connection setup state	SSH login details.
ID	SSH login index.
Login time	SSH client login time.
Local IP	Local IP address, which is the SSH server IP.
Remote IP	Remote IP address, which is the SSH client IP.
Service type	SSH service type. Options include SCP, SFTP, Stelnet, and NETCONF.
Username	Username used by the client to log in to the server.
Login result	SSH client login state: · Succeeded. · Failed. · Logging In.
Failure reason	SSH client login failure cause: · N/A. · User logout. · Unknown mistake. · Denied according to ACL rules. · The number of SSH users reached the upper limit. · Version mismatch. · Encryption algorithm mismatch. · Host public key algorithm mismatch. · MAC algorithm mismatch. · Key exchange algorithm mismatch. · Failed to load the DSA host key pair. · Failed to load the RSA host key pair. · Failed to load the ecdsa-sha2-nistp256 host key pair. · Failed to load the ecdsa-sha2-nistp384 host key pair. · Failed to load the x509v3-ecdsa-sha2-nistp256 host key pair. · Failed to load the x509v3-ecdsa-sha2-nistp384 host key pair. · DSA host key length is invalid. · Encryption key generation failed. · Authentication timed out. · Password authentication failed. · Public key authentication failed. · CA authentication failed. · Authentication failed. · No free user line. · No user line available. · SFTP service is disabled. · Stelnet service is disabled. · NETCONF service is disabled. · SCP service is disabled. · Billing failed.
State	SSH login phase: · Init. · Ver-exchange. · Algorithm-negotiation. · Keys-exchange. · Auth-request. · Serv-request. · Established.
Suggestion	Recommend action for SSH client login failure: · N/A. · Do not log out during login. · Please contact the technical support. · Please add the corresponding acl rules or check client source legitimacy. · Please release idle SSH logins first or increase the maximum number of concurrent SSH users by executing the aaa session-limit command. · Please enable the SSH server to support SSH1 clients or login to a SSH server with version 2.0. · Use the display ssh2 algorithm command to view the list of currently supported algorithms and use the ssh2 algorithm cipher command to make configuration changes. · Use the display ssh2 algorithm command to view the list of currently supported algorithms. If mismatch exists, use the ssh2 algorithm public-key command to make configuration changes for generating corresponding key pairs. · Use the display ssh2 algorithm command to view the list of currently supported algorithms. If mismatch exists, use the ssh2 algorithm mac command to make configuration changes for generating corresponding key pairs. · Use the display ssh2 algorithm command to view the list of currently supported algorithms. If mismatch exists, use the ssh2 algorithm key exchange command to make configuration changes for generating corresponding key pairs. · Please generate a DSA key. · Please generate an RSA key. · Please generate an ecdsa-sha2-nistp256 key. · Please generate an ecdsa-sha2-nistp384 key. · Please generate an x509v3-ecdsa-sha2-nistp256 key. · Please generate an x509v3-ecdsa-sha2-nistp384 key. · Please generate a DSA key with length less than 2048 bits. · Please try to log in again. · Please enter the authentication information in time. · Please make sure the username and password are entered correctly. · Please check whether the client public key is imported and assigned to the corresponding user. · Please check if the certificate authentication is correct. · Please check the authorization configuration. · Please release idle connections. · Please check the user line configuration. · In system view, use the sftp server enable command to enable the SFTP service. · In system view, use the ssh server enable command to enable the Stelnet service. · In system view, use the netconf ssh server enable command to enable the NETCONF service. · In system view, use the scp server enable command to enable the SCP service. · Please check the billing configuration.
Local version	SSH version of the server.
Remote version	SSH version of the client.

‌

Related commands

diagnostic troubleshooting enable

Device login diagnostic troubleshooting commands

diagnostic troubleshooting test telnet-server client-login

Use diagnostic troubleshooting test telnet-server client-login to perform diagnostic troubleshooting for Telnet client login.

Syntax

diagnostic troubleshooting test telnet-server client-login { client-ipv4 ipv4-address | client-ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ diagnostic-time diagnostic-time ]

Views

System view

Predefined user roles

network-admin

Parameters

client-ipv4 ipv4-address: Specifies a client by its IPv4 address.

client-ipv6 ipv6-address : Specifies a client by its IPv6 address.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the public instance is specified.

Usage guidelines

For this command to take effect, first use the diagnostic troubleshooting test telnet-server client-login enable command to enable diagnostic troubleshooting for Telnet client login. Diagnostic troubleshooting is enabled for Telnet client login by default.

With diagnostic troubleshooting for Telnet client login enabled, the device records the Telnet client login events within the diagnostic troubleshooting period. When the period is reached, the device displays the Telnet client login information to help you locate the login failure reason.

Examples

# Perform login diagnostic troubleshooting for Telnet client with IP address 192.168.169.1.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test telnet-server client-login client-ipv4 192.168.169.1

Start diagnose at 2023-07-18 02:03:59, Estimated time:60 seconds.

Please wait..............................................................Done.

End diagnose at 2023-07-18 02:05:01, Actual time:62 seconds.

Diagnosis report:

Connection setup:

Connection init--> Resources application-->Authentication -->Login

Telnet login list:

ID : 1

Logged at : 2022-06-09, 15:58:02:584

Local IP : 192.168.169.2

Client IP : 192.168.169.1

UserName : root123

Failure reason : N/A

Failure stage : N/A

Suggestion : N/A

Table 56 Command output

Field	Description
ID	Telnet client index.
LoginTime	Login time.
Local-ip	Server IP.
remote-ip	Client IP.
UserName	Login username. N/A indicates that no username is specified.
Login-Result	Login result: · Succeeded. · Failed. · Logging.
Fail-Reason	Login failure cause: · N/A. · User logged out. · Unknown mistake. · Denied by ACL. · Maximum number of Telnet users already reached. · No free user line. · No available user line. · Password authentication failed. · Authorization failed. · Accounting failed. · Authentication timed out.
Fail-State	Login phase: · Connection init. · Resources application. · Authentication.
Suggestion	Recommended action: · N/A. · Do not log out during login. · Please contact professionals. · Please add the corresponding ACL rules or check client validity. · Please release idle Telnet logins first or increase the maximum number of AAA users session-limit. · Please release idle connections. · Please check the user line configuration first. · Please verify that the username and password are entered correctly. · Please check the authorization configuration. · Please check the accounting configuration. · Please enter authentication information in time.

IP routing basics diagnostic troubleshooting commands

diagnostic troubleshooting test rib ipv4-unicast

Use diagnostic troubleshooting test rib ipv4-unicast to perform diagnostic troubleshooting for IPv4 unicast route changes.

Syntax

diagnostic troubleshooting test rib ipv4-unicast

Views

System view

Predefined user roles

network-admin

network-operator

Usage guidelines

Application scenarios

With diagnostic troubleshooting enabled for IPv4 unicast route changes, the device records detected IPv4 unicast route change events in the GOLD module. When you perform health diagnostic troubleshooting for IPv4 unicast route changes, the device obtains the IPv4 unicast route change events from the GOLD module, including timestamps and reasons.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test rib ipv4-unicast enable command to enable diagnostic troubleshooting for IPv4 unicast route changes. Diagnostic troubleshooting is enabled for IPv4 unicast route changes by default.

Examples

# Perform diagnostic troubleshooting for IPv4 unicast route changes.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test rib ipv4-unicast

Start diagnose at 2023-11-14 07:22:15

please wait.Done.

End diagnose at 2023-11-14 07:22:16,Actual time:1 seconds.

Diagnose report:

--------------------------------------------------------------------------------

----------------------------------------------------------------------

Route change history information:

DateTime DataType ChgeType Protocol Destination/Mask Prefe

rence Cost NibID Flag VrfName

(NBR)NextHop (NBR)

Interface

--------------------------------------------------------------------------------

----------------------------------------------------------------------

2023-11-09,02:53:22:891 NBR Add USR 192.168.1.60

0x11000000 0x00000000

2023-11-09,02:53:22:965 NBR Add IFM 192.168.1.101 Gigab

itEthernet1/0/1 0x10000003 0x00000000

2023-11-09,02:53:22:965 Prefix Add DIRECT 192.168.1.101/32 0

0 0x10000000 0x00000004

2023-11-09,02:53:22:965 Prefix Add DIRECT 192.168.1.0/24 0

0 0x10000003 0x00000080

2023-11-09,02:53:22:965 Prefix Add DIRECT 192.168.1.255/32 0

0 0x10000003 0x0000008C

2023-11-09,02:53:22:965 Prefix Add DIRECT 192.168.1.0/32 0

0 0x10000003 0x0000008C

2023-11-09,02:53:23:67 NBR Modify USR 192.168.1.60

0x11000000 0x00000080

2023-11-09,02:53:23:67 Prefix Add STATIC 0.0.0.0/0 60

0 0x11000000 0x00000060

Table 57 Command output

Field	Description
DateTime	Time when the event was detected.
DataType	Data type: · Prefix—Route prefix. · NBR—Route next hop.
ChangeType	· Add—A route was added to the IPv4 unicast routing table. · Modify—A route was edited. · Delete—A route was deleted from the IPv4 unicast routing table.
Protocol	Routing protocol.
Destination/Mask	Destination IPv4 address and mask.
Preference	Route preference.
Cost	Route cost.
(NBR)Nexthop	Next hop address.
(NBR)Interface	Outgoing interface.
NbrID	Next hop ID.
Flag	Route flag.
VrfName	VPN instance name. This field is not displayed for public instance routes.

diagnostic troubleshooting test rib ipv6-unicast

Use diagnostic troubleshooting test rib ipv6-unicast to perform diagnostic troubleshooting for IPv6 unicast route changes.

Syntax

diagnostic troubleshooting test rib ipv6-unicast

Views

System view

Predefined user roles

network-admin

network-operator

Usage guidelines

Application scenarios

With diagnostic troubleshooting enabled for IPv6 unicast route changes, the device records detected IPv6 unicast route change events in the GOLD module. When you perform health diagnostic troubleshooting for IPv6 unicast route changes, the device obtains the IPv6 unicast route change events from the GOLD module, including timestamps and reasons.

Prerequisites

For this command to take effect, first use the diagnostic troubleshooting test rib ipv6-unicast enable command to enable diagnostic troubleshooting for IPv6 unicast route changes. Diagnostic troubleshooting is enabled for IPv6 unicast route changes by default.

Examples

# Perform diagnostic troubleshooting for IPv6 unicast route changes.

<Sysname> system-view

[Sysname] diagnostic troubleshooting test rib ipv6-unicast

Start diagnose at 2023-11-14 07:24:07

please wait.Done.

End diagnose at 2023-11-14 07:24:08,Actual time:1 seconds.

Diagnose report:

--------------------------------------------------------------------------------

----------------------------------------------------------------------

Route change history information:

DateTime DataType ChgeType Protocol Prefix/PrefixLen

Preference Cost NibID

Flag VrfName

(NBR)NextHop

(NBR)Interface

--------------------------------------------------------------------------------

----------------------------------------------------------------------

2023-11-14,07:04:06:632 NBR Add IFM ::

InLoopBack0 0x20000000

0x00000000

2023-11-14,07:04:06:632 Prefix Add DIRECT FE80/10

0 0 0x20000000

0x00000084

2023-11-14,07:04:07:357 Prefix Add DIRECT 10/64

0 0 0x20000001

0x00000080

2023-11-14,07:04:07:926 NBR Add IFM 1

InLoopBack0 0x20000002

0x00000000

2023-11-14,07:04:07:928 NBR Add IFM ::

InLoopBack0 0x20000003

0x00000000

2023-11-14,07:04:07:928 Prefix Add DIRECT 1/128

0 0 0x20000002

0x00000004

2023-11-14,07:04:07:928 Prefix Modify DIRECT 10/64

0 0 0x20000001

0x00000080

2023-11-14,07:04:07:928 Prefix Modify DIRECT 1/128

0 0 0x20000002

0x00000004

2023-11-14,07:04:07:928 Prefix Modify DIRECT FE80/10

0 0 0x20000000

0x00000084

2023-11-14,07:04:08:548 NBR Modify IFM ::

GigabitEthernet1/0/1 0x20000001

0x00000084

2023-11-14,16:53:29:903 NBR Add OSPFv3 FE80::21A:5EFF:FE58:30A4

GigabitEthernet1/0/1 0x23000002

0x00000005

Table 58 Command output

Field	Description
DateTime	Time when the event was detected.
DataType	Data type: · Prefix—Route prefix. · NBR—Route next hop.
ChangeType	Route change type: · Add—A route was added to the IPv6 unicast routing table. · Modify—A route was edited. · Delete—A route was deleted from the IPv6 unicast routing table.
Protocol	Routing protocol.
Destination/Mask	Destination address and mask.
Preference	Route preference.
Cost	Route cost.
(NBR)Nexthop	Next hop address.
(NBR)Interface	Outgoing interface.
NbrID	Next hop ID.
Flag	Route flag.
VrfName	VPN instance name. This field is not displayed for public instance routes.

25-Intelligent Operations Command Reference

Diagnostic troubleshooting commands

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Restrictions and guidelines

Application scenarios

Prerequisites

Restrictions and guidelines

Application scenarios

Prerequisites

Restrictions and guidelines

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Restrictions and guidelines

Application scenarios

Prerequisites

Restrictions and guidelines

Application scenarios

Prerequisites

Restrictions and guidelines

MPLS TE diagnostic troubleshooting commands

MPLS L2VPN diagnostic troubleshooting commands

Operating mechanism

Restrictions and guidelines

SNMP diagnostic troubleshooting commands

diagnostic troubleshooting test snmp-agent packet-process-failure

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

diagnostic troubleshooting test snmp-agent trap-send-failure

Operating mechanism

Restrictions and guidelines

Application scenarios

Prerequisites

Operating mechanism

Prerequisites

diagnostic troubleshooting test dhcp-relay online-fail-capture

Operating mechanism

Prerequisites

Operating mechanism

Prerequisites

diagnostic troubleshooting test dhcp-server offline-record

Operating mechanism

Prerequisites

Operating mechanism

Prerequisites

Operating mechanism

Prerequisites

Operating mechanism

Prerequisites

diagnostic troubleshooting test dhcp-snooping online-fail-capture

Operating mechanism

Prerequisites

Operating mechanism

Prerequisites

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Application scenarios

Prerequisites

Application scenarios

Restrictions and guidelines