DATA PLANE TROUBLESHOOTING

Data Plane is the forwarding engine of the device and in Cisco devices CEF is used to switch the incoming

packets to right egress port. When the packet arrives the Data Plane is used unless the packet requires

special processing like NAT, access-list logging, IP sec tunnels etc.

To troubleshoot Data Plane problems you must already have checked the CONTROL PLANE. That means

you should already have the information about the route. You should already have received the update

about it. Then you can use the following structure for Data Plane Troubleshooting:

1.) Check by ping/traceroute how far can you go in the path.

2.) Specially by traceroute you find out at which point the packet is being dropped.

3.) on that point you should start troubleshooting by looking LAYER 2 problems then Layer 3 problems

and then any filtering mechanism, MPLS problems, policing, Firewall (CBAC, ZBF) or any other special

configuration which can drop the packet

4.) If the special commands specified below, can not find problem then use show running-config to

check any un-seen un-thought problem.

FOR LAYER 2 :

1.) FRAME-RELAY => Frame Relay checks the routing table to find the next-hop and once the

next-hop ip is found it tries to RESOLVE the IP Address to DLCI. So the correct mappings should be

learned by Frame-Relay either by inverse-arp or by static mapping [* remember in case of point-

to-point subinterfaces the resolution is NOT required]

Use the following command to check why you can't ping next-hop

show frame-relay pvc [PVC going to other end must be active. Inactive PVC means

other end or FR Switch got the problem. Deleted PVC means local configuration is wrong.]

show frame-relay map [check correct IP Address is mapped to DLCI. In case of P2P no IP

will be shown]

show run interface [check detail configuration]

CHECK Frame Relay Switch configuration.

CHECK LMI-Type.

2.) PPP => PPP configuration is simple and straightforward. But if authentication is used then

some points can be checked.

in case of Authentication:

The "Authenticator" side will have "ppp authentication " command in interface

along with "username password " command on global config mode.

The "Authenticated" side will have "ppp pap sent-username password "

command OR "ppp chap hostname " and "ppp chap password " command.

in case of Multilink both side must have multilink configured on all interfaces participating.

in case of PPPoE the SERVER side will have bba-group and Client side will have "dialer" interface

AND the "dialer" interface should be configured with "mtu 1492" command.

in case of PPPoFR the virtual-template will have all layer3 config and will be associated with

"frame-relay interface-dlci" command.

3.) ETHERNET/HDLC => Ethernet and HDLC are very simple to troubleshoot. Just look for any

special configuration inside the interface.

FOR LAYER 3 :

1.) show ip interface brief

2.) show run interface

3.) show run | include list|permit|deny|map|match|set

4.) show run | sec class-map|policy-map

5.) show run | include interface|service

6.) show run | sec map-class

If any of the above commands reveals that the Multicast/ipv6/mpls is configured than refer to the

specific troubleshooting guide.

ARPIT PANDIT