Commands to troubleshoot connectivity through a vShield Edge

Packet Capture

debug packet display interface INTERFACE host_EXTERNALIP-OF-DESTINATION-EDGE_and_tcp_port_PORT eg:
debug packet display interface any host_11.22.33.44_and_tcp_port_80
debug packet display interface vNic_0 udp
debug packet display interface vNic_0 icmp
debug packet display interface vNic_0 host_10.10.10.10
debug packet display interface vNic_0 tcp_src_port_53
debug packet display interface vNic_0 host_10.10.10.10
debug packet display interface any host_10.10.10.10_or_host_11.22.33.44

Useful Commands

list (lists all available commands)
show log follow
show tech-support
show nat
show flowtable topN 5NAT
show ip route

show system cpu
show system memory
show system network-stats
show system storage
show system uptime
show tech-support
show version

Ping external address from vShield Edge console (Note*** must use IP that’s assigned to edge)

ping interface addr  8.8.8.8
ping interface addr 11.22.33.44 8.8.8.8

Scroll within a vShield Edge console session

SHIFT + [PgUp / PgDn]

Commands to troubleshoot connectivity through a Cisco ASA

Packet Tracer

packet-tracer input      
packet-tracer input external tcp 11.22.33.44 1010 55.66.77.88 80

VPN Example

packet-tracer input internal udp 10.10.10.10 500 10.20.20.20 500
packet-tracer input internal udp 10.20.20.20 500 10.10.10.10 500

Packet Capture

capture *NAME_OF_CAPTURE* interface *INTERFACE_NAME* match *TRANSPORT_PROTOCOL (TCP / UDP / IP)* host X.X.X.X (This is the source IP address) host Y.Y.Y.Y (This is the destination IP address) eq *PORT_NUMBER*
capture cap1 interface external match tcp host 11.22.33.44 host 55.66.77.88 eq 80

Capture all syslog traffic to 10.10.10.10

capture cap2 interface internal real-time match udp any host 10.10.10.10 eq 514

View capture

show capture cap1

Show access-list

show access-list acl_external

Find access-list entries including port 514

show access-list | inc 514

Find log entries including port 514

show logging | inc 514

Show arp for specific interface

show arp | inc internal

An error occurred due to invalid data in the XML file used by this application. The XML file has been corrupted and should be reinstalled from the installation media.

Scenario

You’ve updated your HP server using the latest ProLiant Support Pack, but after a reboot your network connections are down, and you get the following message when trying to open the HP Network Configuration Utility:

HP-Network-Configuration-Utility-Error_001
An error occurred due to invalid data in the XML file used by this application. The XML file has been corrupted and should be reinstalled from the installation media.

Solution

Uninstall the NIC drivers, then reboot:
Uninstall-NIC-Drivers

DNS Scavenging Explained

I just read this excellent post explaining DNS Scavenging: http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Well worth a read, as this subject can be a little confusing.

Adding a new port to a HP Network Team

Problem

A port has died on your NIC and is showing as disconnected in your HP Network Team. The Network Team is no longer redundant.

Solution

You need to add a new port and drop the disconnected port, without affecting the overall settings:

[Read more…]

NLB Unicast vs Multicast

I just read this great post that explains the differences between Unicast and Multicast when using Network Load Balancing (NLB):

http://deinoscloud.wordpress.com/2010/02/10/microsoft-network-load-balancing-nlb-on-vmware-esx/

Using the DHCP Split-Scope Wizard on Server 2008 R2

Problem

You want to provide some fault tolerance for DHCP, so you plan to add another DHCP server to your network.

You used to have to set up the scopes and exclusions manually, but now you can use the Split-Scope wizard using Server 2008 R2.

[Read more…]

Connect an iSCSI SAN to Server 2008 R2 using the Microsoft iSCSI Initiator

Scenario

You’ve installed FreeNAS 8.2 and configured it as a free iSCSI SAN. Now you need to connect to the iSCSI SAN using an iSCSI Initiator.

[Read more…]

Show more details on wireless networks using Win7

I read a few good tips the other day on this post: http://www.lovemytool.com/blog/2010/05/wifi-diagnostics-from-windows-7-or-vista-command-prompt-by-tony-fortunato.html

To view the normal network details, you can type this at the command prompt:

netsh wlan show networks 

To view more – including network channel and supported speeds – type this:

netsh wlan show networks mode=bssid

EDITnetsh wlan show all is probably the easiest to remember and shows more detail.

Troubleshooting slow network applications with Wireshark

I’ve had some fun today troubleshooting the intermittent network slow down we get at work. Through absorbing several articles, videos, and forum posts, I think I have found a better way of troubleshooting slow network applications.

[Read more…]