3750G V12.1(14r)EA1a

Answered Question
Sep 17th, 2008

Quick question is there any sort of debug I can run to check for connectivity on a switch? I have a Linux server that is trying to run a NFS mout on it but it doesn't work. I was trying to see if I can see anything. I can ping and traceroute to the server but when NFS mount is run it does nothing. Thank you in advance!!

I have this problem too.
0 votes
Correct Answer by Davidamoore about 8 years 4 months ago

This is the best advice. Run wireshark or sniffer your ports. The switch wont be able to help much

Correct Answer by Mark Yeates about 8 years 4 months ago

I don't know of a debug on the switch to go into that kind of detail. I would think that spanning a port and running a sniffer and sniff the port of the server. Then attempt to generate some connections to the server and see if anything out of the ordinary comes up.

HTH,

Mark

Correct Answer by Collin Clark about 8 years 4 months ago

Have them run wireshark on the servers. There isn't anything you can do on the switch.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Collin Clark Wed, 09/17/2008 - 11:57

Have them run wireshark on the servers. There isn't anything you can do on the switch.

Correct Answer
Davidamoore Wed, 09/17/2008 - 12:22

This is the best advice. Run wireshark or sniffer your ports. The switch wont be able to help much

Correct Answer
Mark Yeates Wed, 09/17/2008 - 11:57

I don't know of a debug on the switch to go into that kind of detail. I would think that spanning a port and running a sniffer and sniff the port of the server. Then attempt to generate some connections to the server and see if anything out of the ordinary comes up.

HTH,

Mark

wgranada1 Wed, 09/17/2008 - 12:24

Ok thanks guys will do that then I thought there was something on the switch we can use

but thanks for the info!!!!

Jon Marshall Wed, 09/17/2008 - 11:58

Warren

You could span the NFS server port on the switch and see if it is receiving NFS traffic but the easier thing to do would be to run a sniffer on the NFS server itself.

What type of NFS server is it, have you checked the NFS logs on that server, are you absolutely sure traffic is not getting to the NFS server.

Jon

wgranada1 Wed, 09/17/2008 - 12:27

The NFS server is a Linux box and I had the admin on the box when we tried doing the NFS mount from a iseries. We can see traffic leaving the iseries and the router but the Linux guy says that he isn't seeing anything.

Thus the question about running some sort of debugs on the switch.

Jon Marshall Wed, 09/17/2008 - 12:31

Linux server should have tcpdump if you can't load up wireshark.

When he says he isn't seeing anything - how is he checking that ?

Jon

wgranada1 Wed, 09/17/2008 - 12:33

not sure I would have to ask, I believe he was doing something like a tcpdump. When we where doing the NFS mount he said he didn't see an attempt for a connection but when we did a ping or traceroute he saw it. From what I'm told is that the sort of NFS mount uses a UDP port...sorry forgot which one

Jon Marshall Wed, 09/17/2008 - 12:38

NFS usually uses UDP/2049 altho it doesn't have to. If he was running tcpdump not a lot of point in running wireshark on server.

Is your linux guy sure the client is using the correct port to contact the NFS server. When the NFS request goes from the client does he see any traffic on the NFS server.

Also worth checking if you have any access-lists in the traffic path that may be blocking the NFS traffic.

Jon

wgranada1 Wed, 09/17/2008 - 12:44

Hi Jon;

I have no access-list along the path we do have one firewall between the source and destination but the firewall guy assures that

NFS is allow as well as UDP. When we initiate he can see traffic leaving but not coming back. I see the same on the router which believes me to think it is on that Linux box but the admin says he doesn't see an attempt when we try a NFS mount.

Collin Clark Wed, 09/17/2008 - 12:47

Can the client see the server other than with NFS? ie Can they ping each other?

wgranada1 Wed, 09/17/2008 - 12:54

Yes I we ping back and forth no problem and traceroute back and forth. The way it is connected is:

source => firewall => router => switch => destination

We asked the firewall guy when we attempt a NFS mount if he sees it and he confirms that he sees the UDP packet and the port number leaving but nothing is coming back.

Collin Clark Wed, 09/17/2008 - 13:00

Like Jon stated, take a look at the router and see if traffic is returning from the destination. Make sure you see it go both ways. If you don't see it return, its time to take a further look at the (destination) server.

Jon Marshall Wed, 09/17/2008 - 12:50

Warren

Is your router closer to the NFS server than the firewall ?

Without going into full NFS details, NFS can make use of something called the port-mapper on linux but it doesn't have to.

What is the firewall guy saying is going to the NFS server. I would be concentrating on the firewall if the router is between the client and the firewall.

Jon

wgranada1 Wed, 09/17/2008 - 13:00

sorry didn't answer your question yes the server that is doing the NFS mount is the source so it is closer the the firewall, the router is after the firewall:

source(AS400) => firewall => router = destination (linux box)

The 400 is doing the NFS mount

Jon Marshall Wed, 09/17/2008 - 13:08

Okay, 2 questions

1) You say you can see it leaving the router - how are you confirming that ?

2) Is the 3750 acting as a L2 switch only or is it a L3 device.

Jon

wgranada1 Wed, 09/17/2008 - 13:14

1) your right I cannot confirm that I was think of when we did ping and traceroute

I built an access list to allow anything IP

for those subnets when we did the pings I could see the traffic but when we did the NFS mounts I didn't see nothing.

2) as far as the 3750 it is acting as a L3 device

Collin Clark Wed, 09/17/2008 - 13:17

I assumed the switch was L2 only. You can create ACLs and check for hit counts or create the ACL and debug against it for more positive results.

Jon Marshall Wed, 09/17/2008 - 13:21

If 3750 acting as Layer 3 device can you apply access-list both outbound on NFS server vlan ie.

access-list 101 permit udp host host

access-list 101 permit ip any any

int

ip access-group 101 out

and see if you get any hits when you try nfs mount.

Jon

Actions

This Discussion