Send comments to mdsfeedback-doc@cisco.com.
5-36
Cisco MDS 9000 Family Troubleshooting Guide
OL-5183-02, Cisco MDS SAN-OS Release 1.3
Chapter 5 Troubleshooting IP Storage Issues
Troubleshooting iSCSI Issues
Troubleshooting Radius Routing Configuration
The switch sends the Radius authentication request from the mgmt0 interface, so the correct route to the
Radius server must be defined. If no correct route is defined, the switch may send the Radius request
from Gigabit Ethernet port. In that case, the Radius server returns the accept to the Gigabit Ethernet port
and the switch does not get the response. The following example shows the output from the debug
security radius command.
switch# Mar 5 00:51:13 securityd: received CHAP authentication request for user002
Mar 5 00:51:13 securityd: RADIUS is enabled, hence it will be tried first for CHAP
authentication
Mar 5 00:51:13 securityd: reading RADIUS configuration
Mar 5 00:51:13 securityd: opening radius configuration for group:default
Mar 5 00:51:13 securityd: opened the configuration successfully
Mar 5 00:51:13 securityd: GET request for RADIUS global config
Mar 5 00:51:13 securityd: got back the return value of global radius configuration
operation:success
Mar 5 00:51:13 securityd: closing RADIUS pss configuration
Mar 5 00:51:13 securityd: opening radius configuration for group:default
Mar 5 00:51:13 securityd: opened the configuration successfully
Mar 5 00:51:13 securityd: GETNEXT request for radius index:0 addr:
Mar 5 00:51:18 securityd: sending data to 171.71.49.197
Mar 5 00:51:18 securityd: waiting for response from 171.71.49.197
Mar 5 00:51:23 securityd: sending data to 171.71.49.197
Mar 5 00:51:23 securityd: waiting for response from 171.71.49.197
Mar 5 00:51:28 securityd: sending data to 171.71.49.197
Mar 5 00:51:28 securityd: waiting for response from 171.71.49.197
Mar 5 00:51:33 securityd: trying out next server
Mar 5 00:51:33 securityd: no response from RADIUS server for authentication user002
Mar 5 00:51:33 securityd: doing local chap authentication for user002
Mar 5 00:51:33 securityd: local chap authentication result for user002:user not present
Troubleshooting Dynamic iSCSI Configuration
A physical Fibre Channel target (target pWWN) presented as an iSCSI target, makes the physical targets
accessible to iSCSI hosts. The IPS module presents physical Fibre Channel targets as iSCSI targets to
iSCSI hosts in one of two ways: Dynamic Mapping or Static Mapping.
By default, the IPS module does not automatically import Fibre Channel targets. Either dynamic or static
mapping must be configured before the IPS module makes Fibre Channel targets available to iSCSI
initiators. When both are configured, statically mapped Fibre Channel targets have the configured name.
Targets that are not mapped will be advertised with the name created by the conventions explained in
this section.
Checking the Configuration
Verify the configuration of the Gigabit Ethernet Interface by performing the following steps.
• Ensure that you are configuring the proper slot or port.
• Ensure that the Gigabit Ethernet interfaces are not shut down. Each Gigabit Ethernet interface is
“partnered” with a virtual iSCSI interface. In order for iSCSI to operate on a particular Gigabit
Ethernet, the virtual iSCSI interface for that port must be in a “no shutdown” state:
interface Gigabit Ethernet 3/1
no shutdown
.
To Next Page
Loading...
Need help?
General
