03-08-2009 01:19 PM
Does anyone see why the FCIP tunnel below would not come up? Both switches have direct connectivity on gig ports via a switch, pings work without fail. This is actually one of the PEC lab scenarios. Tunnel shows down yet gig ports are up, pings work, fcip interface are admin set to up, etc.
MDS 1
==================================
vsan database
vsan 10
vsan 20
fcip enable
fcip profile 1
ip address 10.1.25.11
interface fcip1
switchport mode E
no shutdown
use-profile 1
peer-info ipaddr 10.1.25.21
vsan database
vsan 10 interface fc1/5
vsan 20 interface fc1/6
ip default-gateway 10.0.25.254
switchname P25-MDS-1
interface fc1/5
no shutdown
interface fc1/6
no shutdown
interface GigabitEthernet2/1
ip address 10.1.25.11 255.255.255.0
no shutdown
interface mgmt
switchport speed 100
ip address 10.0.25.5 255.255.255.0
MDS 2
==================================
vsan database
vsan 10
vsan 20
fcip enable
fcip profile 1
ip address 10.1.25.21
interface fcip1
switchport mode E
no shutdown
use-profile 1
peer-info ipaddr 10.1.25.11
vsan database
vsan 10 interface fc1/6
vsan 20 interface fc1/10
ip default-gateway 10.0.25.254
switchname P25-MDS-2
interface fc1/6
no shutdown
interface fc1/10
no shutdown
interface GigabitEthernet2/1
ip address 10.1.25.21 255.255.255.0
no shutdown
interface mgmt
switchport speed 100
ip address 10.0.25.3 255.255.255.0
03-08-2009 09:03 PM
I believe my config is correct. I am training on two pods, and one pod seems to have problems bringing up the FCIP tunnels. I tried to troubleshoot but not sure exactly the best way at this time. I attached to the IPS module and looked at the fcip fsm but couldn't make out exactly what was going on. If anyone has any ideas how to drill down to see what may be happening let me know. Like I said, IP connectivity seems fine, no errors at layer1 or on the fcip interfaces.
03-09-2009 03:33 AM
You should check also your MTU (Maximum Transfert Unit). Your ping use a 1500 Bytes length, so you cannot see if the MTU is right. configure your MTU on both switchs.
03-09-2009 05:18 AM
I will check the config, I beleive MTU is at 1500 since nothing shows in config, I did not check jumbo frames box in the wizard, so I believe that just uses a normal ethernet MTU with PMTU discovery. I will see if there is a way I can do an extended ping from the MDS and look for issues there.
03-09-2009 07:34 AM
Still troubleshooting this issue. On the lab pod which I can't get FCIP to work, I looked at the licenses, which don't look right:
MDS1 which is a 9506 shows this:
3.0.2 image
Feature Ins Lic Status Expiry Date Comments Count
------------------------------------------------------------------------------------
FM_SERVER_PKG Yes - Unused never license missing
MAINFRAME_PKG Yes - Unused never license missing
ENTERPRISE_PKG Yes - Unused never license missing
SAN_EXTN_OVER_IP Yes 1 In use never 1 license(s) missing
SAN_EXTN_OVER_IP_IPS2 No 0 Unused -
SAN_EXTN_OVER_IP_IPS4 No 0 Unused -
STORAGE_SERVICES_ENABLER_PKG No 0 Unused -
-------------------------------------------------------------------------------------
**** WARNING: License file(s) missing. ****
and MDS2 which is a 9216 shows this:
Feature Ins Lic Status Expiry Date Comments Count
------------------------------------------------------------------------------------
FM_SERVER_PKG Yes - Unused never license missing
MAINFRAME_PKG Yes - Unused never license missing
ENTERPRISE_PKG Yes - Unused never license missing
SAN_EXTN_OVER_IP Yes 1 In use never 1 license(s) missing
SAN_EXTN_OVER_IP_IPS2 Yes 1 Unused never 1 license(s) missing
SAN_EXTN_OVER_IP_IPS4 Yes 1 Unused never 1 license(s) missing
STORAGE_SERVICES_ENABLER_PKG Yes 1 Unused never 1 license(s) missing
-------------------------------------------------------------------------------------
**** WARNING: License file(s) missing. ****
Don't they both need licenses for IPS2/IPS4? its a SMIP module that I am doing the FCIP on. I did a debug on the licenses but when I enabled fcip and start to configure it, I don't see any errors hit like where it looks for a license and doesn't see it, and I thought that would be logged to the log as well with something obvious.
I am assuming the license files missing is not a problem, as they are "installed" on the 9216, so is this just letting you know they aren't there but really doesn't effect operation?
On the 9506, they are not installed for IPS2 and IPS4 (there is a IPS 8-port module in this switch). I would think that those would have to be installed. Do you think this is the problem? How could I know for sure, is there a debug or event logged that should indicate?
Brian
03-09-2009 02:47 PM
The licenses appear to be okay. The IPS2 is for a 14/2 card where there are 14 FC ports and 2 GE ports. The IPS4 is for a 4 port GE module that has been discontinued. What 'missing' means is that the license file is not on the supervisor bootflash. This will have no effect on the operation. Both MDS show the SAN_EXT license installed.
What hardware are you using on each end for the GE ports?
03-09-2009 02:55 PM
Each end is a 9308-SMIP.
I was looking thru the global price list from cisco today and didn't see san extension licenses in there anymore, did they roll those into the enterprise package? I hope to pick up some IPS4 modules for my lab, and if they didn't come with SAN Extension I was going to buy it, hopefully I can buy it. I wish they would just have the FCIP work without a license with TTL of 1 so that in a lab people could mess around with it.
03-09-2009 06:43 PM
Licenses look okay...can you paste in the output from 'show int fcip 1' from each MDS?
03-09-2009 07:07 PM
Mike,
I noticed you work at Cisco. On Partner E-learning is where this switch is at. Its a lab pod. There are two storage pods, P25 and P26. P25 has the problem. Each time you enter the lab you have a 50% chance of hitting this pod. I can't cut and paste because its a java terminal so will have to type in by hand the output of show int fcip2. You can find the lab by going to partner e-learning, clicking search, then courses, and in the title put SAN. All the labs there are the same equipment, but its Pod25 you want to be connected to. Look at SAN-OS 3.0.2 LAB 11 - Implementing an FCIP Tunnel.
My point is, someone at your level with your access can probably just access these MDS's and see right away whats going on.
I have alerted the lab people at cisco to take a look, hopefully there will be an outcome. Its reproducable every time, just a basic fcip tunnel won't establish.
I think the issue may be related to the backbone switch the gig ports are connected thru. CDP shows some funky things going on with the vlans. And I think there may be some wierdness there.
03-19-2009 07:18 AM
I would add an full qualifying explicit IP route for the 10.1.25.0/24 network used for the FCIP connection. By this controlling the right (outgoing/gateway) interface is used.
Question: Your ping, did it use an explicit source address to select the GE interface ?
03-19-2009 07:32 AM
I would agree on the route, however, realize this is a directly connected route, as both sides of the FCIP tunnel are the same subnet. So I do not see how it would try another interface, like mgmt for example. And with pings I believe I did try to source form the correct interface.
These same configs work on Pod26 but not Pod25, so I really think its how the backbone switch is configured to connect the two gig links on the different switches.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide