3750G V12.1(14r)EA1a

Answered Question
Sep 17th, 2008
User Badges:

Quick question is there any sort of debug I can run to check for connectivity on a switch? I have a Linux server that is trying to run a NFS mout on it but it doesn't work. I was trying to see if I can see anything. I can ping and traceroute to the server but when NFS mount is run it does nothing. Thank you in advance!!

Correct Answer by Davidamoore about 8 years 9 months ago

This is the best advice. Run wireshark or sniffer your ports. The switch wont be able to help much

Correct Answer by Mark Yeates about 8 years 9 months ago

I don't know of a debug on the switch to go into that kind of detail. I would think that spanning a port and running a sniffer and sniff the port of the server. Then attempt to generate some connections to the server and see if anything out of the ordinary comes up.


HTH,

Mark

Correct Answer by Collin Clark about 8 years 9 months ago

Have them run wireshark on the servers. There isn't anything you can do on the switch.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Collin Clark Wed, 09/17/2008 - 11:57
User Badges:
  • Purple, 4500 points or more

Have them run wireshark on the servers. There isn't anything you can do on the switch.


Correct Answer
Davidamoore Wed, 09/17/2008 - 12:22
User Badges:

This is the best advice. Run wireshark or sniffer your ports. The switch wont be able to help much

Correct Answer
Mark Yeates Wed, 09/17/2008 - 11:57
User Badges:
  • Gold, 750 points or more

I don't know of a debug on the switch to go into that kind of detail. I would think that spanning a port and running a sniffer and sniff the port of the server. Then attempt to generate some connections to the server and see if anything out of the ordinary comes up.


HTH,

Mark

wgranada1 Wed, 09/17/2008 - 12:24
User Badges:

Ok thanks guys will do that then I thought there was something on the switch we can use

but thanks for the info!!!!

Jon Marshall Wed, 09/17/2008 - 11:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


You could span the NFS server port on the switch and see if it is receiving NFS traffic but the easier thing to do would be to run a sniffer on the NFS server itself.


What type of NFS server is it, have you checked the NFS logs on that server, are you absolutely sure traffic is not getting to the NFS server.


Jon

wgranada1 Wed, 09/17/2008 - 12:27
User Badges:

The NFS server is a Linux box and I had the admin on the box when we tried doing the NFS mount from a iseries. We can see traffic leaving the iseries and the router but the Linux guy says that he isn't seeing anything.

Thus the question about running some sort of debugs on the switch.

Jon Marshall Wed, 09/17/2008 - 12:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Linux server should have tcpdump if you can't load up wireshark.


When he says he isn't seeing anything - how is he checking that ?


Jon

wgranada1 Wed, 09/17/2008 - 12:33
User Badges:

not sure I would have to ask, I believe he was doing something like a tcpdump. When we where doing the NFS mount he said he didn't see an attempt for a connection but when we did a ping or traceroute he saw it. From what I'm told is that the sort of NFS mount uses a UDP port...sorry forgot which one

Jon Marshall Wed, 09/17/2008 - 12:38
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

NFS usually uses UDP/2049 altho it doesn't have to. If he was running tcpdump not a lot of point in running wireshark on server.


Is your linux guy sure the client is using the correct port to contact the NFS server. When the NFS request goes from the client does he see any traffic on the NFS server.


Also worth checking if you have any access-lists in the traffic path that may be blocking the NFS traffic.


Jon

wgranada1 Wed, 09/17/2008 - 12:44
User Badges:

Hi Jon;


I have no access-list along the path we do have one firewall between the source and destination but the firewall guy assures that

NFS is allow as well as UDP. When we initiate he can see traffic leaving but not coming back. I see the same on the router which believes me to think it is on that Linux box but the admin says he doesn't see an attempt when we try a NFS mount.

Collin Clark Wed, 09/17/2008 - 12:47
User Badges:
  • Purple, 4500 points or more

Can the client see the server other than with NFS? ie Can they ping each other?

wgranada1 Wed, 09/17/2008 - 12:54
User Badges:

Yes I we ping back and forth no problem and traceroute back and forth. The way it is connected is:


source => firewall => router => switch => destination


We asked the firewall guy when we attempt a NFS mount if he sees it and he confirms that he sees the UDP packet and the port number leaving but nothing is coming back.

Collin Clark Wed, 09/17/2008 - 13:00
User Badges:
  • Purple, 4500 points or more

Like Jon stated, take a look at the router and see if traffic is returning from the destination. Make sure you see it go both ways. If you don't see it return, its time to take a further look at the (destination) server.

Jon Marshall Wed, 09/17/2008 - 12:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


Is your router closer to the NFS server than the firewall ?


Without going into full NFS details, NFS can make use of something called the port-mapper on linux but it doesn't have to.


What is the firewall guy saying is going to the NFS server. I would be concentrating on the firewall if the router is between the client and the firewall.


Jon

wgranada1 Wed, 09/17/2008 - 13:00
User Badges:

sorry didn't answer your question yes the server that is doing the NFS mount is the source so it is closer the the firewall, the router is after the firewall:


source(AS400) => firewall => router = destination (linux box)


The 400 is doing the NFS mount


Jon Marshall Wed, 09/17/2008 - 13:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, 2 questions


1) You say you can see it leaving the router - how are you confirming that ?


2) Is the 3750 acting as a L2 switch only or is it a L3 device.


Jon


wgranada1 Wed, 09/17/2008 - 13:14
User Badges:

1) your right I cannot confirm that I was think of when we did ping and traceroute

I built an access list to allow anything IP

for those subnets when we did the pings I could see the traffic but when we did the NFS mounts I didn't see nothing.


2) as far as the 3750 it is acting as a L3 device

Collin Clark Wed, 09/17/2008 - 13:17
User Badges:
  • Purple, 4500 points or more

I assumed the switch was L2 only. You can create ACLs and check for hit counts or create the ACL and debug against it for more positive results.

Jon Marshall Wed, 09/17/2008 - 13:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If 3750 acting as Layer 3 device can you apply access-list both outbound on NFS server vlan ie.


access-list 101 permit udp host host

access-list 101 permit ip any any


int

ip access-group 101 out


and see if you get any hits when you try nfs mount.


Jon

Actions

This Discussion