1、硬件,软件和进程检查

show cpuload show memory show inventory show switchinfo show processes show image version show datapath utilization

2、L2/L3 信息

show ip interface brief show ip route show interface fastethernet <slot>/<port> show interface fastethernet <slot>/<port> switchport show interface vlan <vlanid> show interface counters show arp show datapath route table show datapath route-cache table show datapath bridge table show datapath bridge counters show datapath frame counters show datapath crypto counters

3、Local与master通信中断排错流程图

3.1基本命令

# show datapath tunnel table

AOS 6.x GRE隧道 – 隧道是双向的。 编号目前如下:
*8000 — shared split tunnel
*8080 — 651/653 internal AP FW
*8100 — Ethernet port 1 (70/2E/12x/RAP-2WG/RAP-5x)
*8101 — Ethernet port 2 (RAP-5x)
*8102 — Ethernet port 3 (RAP-5x)
*8103 — Ethernet port 4 (RAP-5x)
*8180 — Ethernet port 0 (mesh points)
*82×0 — BSSIDs on radio 0
*83×0 — BSSIDs on radio 1

3.2查找入站和出站IPSec隧道情况

#show crypto isakmp sa #show log security

查看

IKE Aggressive Mode Phase 1 succeeded for peer <ip address> ike_quick_mode.c:checkIpsecSelectors_LocalMaster:3601 ipsec_map peer IP:0.0.0.0 SA IP:<ip address> map_name default-local-master-ipsecmap

错误的IKE密码

#logging level debugging security subcat ike

查看是否有如下显示

IKE Phase 1 hash mistmatch.

3.3VRRP 问题

查看admin状态,VR状态,发送和接收的通告,失败的验证等

show vrrp 1 statistics show log network

 

| | | | | |  |  | 无线覆盖 |  |

常年法律顾问:香港马杰律师行  深圳灵泉律师事务所

Powered by Free Version