Allot Basic Troubleshooting Guide v1b5
Transcript of Allot Basic Troubleshooting Guide v1b5
-
Allot Communications. All rights reserved. 09 - 2011
Basic Troubleshooting Guide
Sept 2011
V1b5
Allot Communications Customer Support
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 2
Table of Contents
Introduction ................................................................................................................................ 6
Purpose of This Guide .......................................................................................................... 6
About This Guide .................................................................................................................. 6
More Information ................................................................................................................... 6
Knowledge Base ............................................................................................................... 6
Product Documentation .................................................................................................... 6
Online Training .................................................................................................................. 7
Classroom Based Training................................................................................................ 7
Common Tasks.......................................................................................................................... 8
How to Access the Allot Support area .................................................................................. 8
Support Area ......................................................................................................................... 8
Resource Center ................................................................................................................... 8
Creating a Log in for the Allot Support Area ......................................................................... 9
How to Generate a Key ....................................................................................................... 10
What keys do I need? ..................................................................................................... 10
When do I need a new key? ........................................................................................... 10
When do my keys expire and what functionality is affected? ......................................... 10
How do I generate a new key? ....................................................................................... 11
How do I enter my new key?........................................................................................... 11
How to Access Command Line Interface on Allot Products ............................................... 13
Non-AOS NetEnforcers (AC-400, 800, 1000 and 2500) ................................................. 13
SG-Omega ...................................................................................................................... 13
AOS NetEnforcers (AC-1400, AC-3000, AC-5000, AC-10000) ................................... 14
SG-Sigma........................................................................................................................ 14
SMP or Distributed Collector........................................................................................... 15
ServiceProtector ............................................................................................................. 15
MediaSwift ...................................................................................................................... 15
How to Change the Default Password ................................................................................ 16
AC-400, 800, 1000, 2500 ................................................................................................ 16
To change the Root User Password ............................................................................... 16
AOS Products ................................................................................................................. 16
ServiceProtector ............................................................................................................. 16
MediaSwift ...................................................................................................................... 16
How to Upgrade Software ................................................................................................... 17
How to Check Software and Hardware Versions ................................................................ 19
Check the model, software version and box number of the NE/SG ............................... 19
Check the NetXplorer Software Version ......................................................................... 20
Checking Installed Protocol Pack Version ...................................................................... 20
First Aid .................................................................................................................................... 22
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 3
Verify Processes are Running............................................................................................. 22
NetXplorer ....................................................................................................................... 22
Verfiy Ports are Open .......................................................................................................... 23
Verify NTP Synchronization ................................................................................................ 24
Common Issues ....................................................................................................................... 25
Graph Opens with No Data ................................................................................................. 25
Graph Output Shows Less Data than Expected ................................................................. 26
NetXplorer GUI Doesnt Open............................................................................................. 27
NetEnforcer Front Panel LCD Is Stuck in System Loading .............................................. 28
NetEnforcer Front Panel LCD Displays ....................................................................... 28
NetXplorer Alarm Reports Device in Rescue Policy ......................................................... 28
The Next Step .......................................................................................................................... 29
How to Open a New Case ................................................................................................... 29
Via the Allot Support area ............................................................................................... 29
NOTE: You will be able to attach files after saving the case. ..................................... 29
Via Email ......................................................................................................................... 29
How to Grant Remote Access ............................................................................................. 29
How to Create and Send Snapshots ................................................................................... 29
Appendix A: User Guides ........................................................................................................ 31
Appendix B: Useful Links ......................................................................................................... 32
Appendix C: Useful Commands .............................................................................................. 33
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 4
Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of
the form of action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the
product. Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY
SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright Copyright 1997-2010Allot Communications. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission
and specific authorization from Allot Communications Ltd.
Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their
respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.
NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense.
Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the equipment.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 5
Version History
Doc Version Date
v1b1 03.01.10
v1b2 07.02.10
v1b3 17.02.10
v1b4 13.12.10 Links updated
V1b5 26.09.11 New Corporate template
Page 14 and 15, IP addresses updated.
Products Supported
Products Software Version
NX/SMP NX/SMP11.1
AC-1400, 3000, 5000, 10000, SG-Sigma AOS.11.1
AC-400/800 E9.1.1
AC-1000 S9.1.0
AC-2500 C9.1.1
SG-Omega SG9.1.1
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 6
Introduction
Purpose of This Guide
This guide targets engineers at Allot customers. Its aims to achieve two goals:
To provide tools to help our customers engineers troubleshoot simple problems that can be solved onsite without the need to open a new case with allot support.
In case an issue is discovered that cannot be solved by our customers engineer on-site, to show how to gather useful information that can be added to the case and can shorten the time before a solution is reached.
About This Guide
This basic troubleshooting guide is split into four main sections. In the first section, we outline how to perform common tasks such as generating a new key, finding out basic information about the product and upgrading the software. In the second section, which we call first aid, we outline several procedures and checks which are recommended before starting to troubleshoot any problem. The third section, common issues, describes troubleshooting procedures for some of the issues most commonly faced by our customers. The final section, the next step, details how to proceed if the information in this troubleshooting guide does not solve the issue being faced. Specifically, it details how to generate a snapshot for analysis by Allot customer support and how to open a new case.
At the end of the troubleshooting guide you will find a section of appendixes which collect several useful knowledge base items and CLI commands in one central place.
During this guide we will use the following acronyms:
NE NetEnforcer
SG Service Gateway
NX NetXplorer
SMP Subscriber Management Platform
MS MediaSwift
SP ServiceProtector
AOS Allot Operating System
More Information
For additional information beyond the scope of this guide, Allot offers several additional sources of knowledge and tools.
Knowledge Base
The Allot Support Area which can be accessed from http://www.allot.com/support gives you access to the Allot Knowledge Base. You can use the free-text search on the Knowledge Base tab to download documents and look for answers to any further questions you may have.
Product Documentation
From the Knowledge Base tab in the Allot Support Area, you can search for any of the customer documentation listed in Error! Reference source not found. below. In addition, from the S/W versions tab you can download the release notes for each software version, as listed in Error! Reference source not found. below.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 7
Online Training
In addition, Allots Online NetXplorer Training, which can be accessed from http://www.allot.com/uploadimages/NetXplorer%20training/template.swf , serves as a quick start guide for all NetXplorer installations. It also includes basic market background, key terms and procedures for monitoring, reporting and building traffic policies.
Classroom Based Training
Allot offers detailed hands-on training courses for customers and partners at our training centers around the world. Courses currently offered are as follows:
ACTE: Introduction to DPI, Monitoring and Reporting, Building traffic policies, NPP, events and alarm and advanced configurations
ACPP: Advanced architecture, monitoring collectors, database management, advanced troubleshooting, integration and SMP
ServiceProtector: Introduction to NBAD and HBAD technology, anomaly detection and mitigation, installation and IPSec, groups and prefixes, notification filters, thresholds, maintenance and troubleshooting.
A full schedule of courses and details of how to apply can be found on the Training Classes tab at the Allot Support Area.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 8
Common Tasks
How to Access the Allot Support area
Allots corporate website, www.allot.com includes two password protected areas that you can access:
Allot Support Area
Allot Resource Center
Support Area
The Allot Support Area contains everything you need for post-sales support. From the support area you can do the following:
Download every software version and release note
Track all your support cases
Register your products
Generate keys for your supported products
Register for training classes
Search for documentation and knowledge items on the Knowledge Base
On the homepage of the Support Area, you will find a concise overview that explains how to navigate to the information and functions you need using the sites intuitive GUI.
Resource Center
The Allot Resource Center contains marketing collateral including:
Product datasheets
Solution Briefs
White Papers
Presentations
Graphics and Icons
Both the support area and resource center require secure log in.
IMPORTANT NOTE: In order to have the same user name & password for the Support Area and the Resource Center, please register first to the Support Area.
The log in to this area will provide
the partner with access to the
resource center which is the new
zone.
This can be done with the user and
password he will receive in the e-
mail
The log in to this area will provide
the partner with access to the
resource center which is the new
zone.
This can be done with the user and
password he will receive in the e-
mail
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 9
Creating a Log in for the Allot Support Area
To access our Allot Support Area, you will need a new log in and password. Heres how to get one:
Figure 1: Customer Area and Resource Center Log ins
1. Go to www.allot.com/support
2. Enter your email address in the Dont have an Account? section. (Always log in with your email address.)
3. Your password will be mailed to your email account.
This password can be used BOTH for the support area AND for the resource center. If you are an Allot Channel Partner, the password which you will receive will enable you to view and download items and collateral which are restricted to partners only.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 10
How to Generate a Key
What keys do I need?
As an Allot customer you will require 2 separate product keys in order to work with your Allot solution
NE/SG Gateway Key. This key determines the features which are available on the product (e.g: Reporter, Port Redirection) and the bandwidth on which quality of service can be enforced. Every new NE or SG is shipped with the key preinstalled. The key is also recorded for your convenience in the Thank You Letter for the NE which is included in the packaging and is also sent to you by mail.
NX Key. This key determines the number of NE or SGs that can be managed by this NetXplorer server, and the NetXplorer features which are activated (e.g: Accounting, Country Classification, NPP, SMP). The NetXplorer key is recorded in the Thank You Letter for the NX. This letter is sent by email (for NX-HAP customers the letter is also printed and included with the hardware). You will need to enter this key manually after installing the NX software.
When do I need a new key?
You will need to generate a new key in either of the circumstances below:
You upgrade to a new NE/SG or NX software version AND the software release notes indicate that a new key is required
Your support contract is about to expire. If this is the case, you will be informed by a critical alarm in the NetXplorer GUI
You have a temporary key which is about to expire. Again in this case, you will be informed by a critical alarm in the NX GUI.
When do my keys expire and what functionality is affected?
Permanent Keys:
Your NE/SG permanent key is synchronized to expire with the end of your NE/SG support contract. When this key expires, you will lose the ability to update your service catalog with Allot Protocol Updates (APU). Other features (including QoS) will continue to function
Figure 2: Alarm - Permanent Device License is About to Expire
Your NX permanent key is synchronized to expire with the end of your NX support contract. When this key expires, you will lose the ability to use web updates (APU) and country classification.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 11
Temporary Keys:
NE/SG and NX temporary keys are not synchronized with your support contract. When the NE/SG or NX temporary key expires, product functionality will cease until you have entered a new key.
You can check the expiry date of your keys as follows:
NE/SG Key. Select the NE icon on the network tree of the NX, and from the View menu, choose Configuration. Select the identification and key tab. You will see the NE/SG expiration date in the Activation Key Expiration field.
Figure 3: NetEnforcer Key Expiry Date
NX Key. From the Tools menu, select NX Application Server Registration. You will see the NX key expiration date in the Key Expiration Date field.
Figure 4: NetXplorer Key Expiry Date
How do I generate a new key?
In order to generate a new key (for the NE, SG and NX), follow the procedure detailed in the knowledge base article below:
https://c.eu1.visual.force.com/apex/KB?KBID=7013150
How do I enter my new key?
Once a new key has been generated, you should enter it as follows:
NE/SG Key. Select the NE icon on the network tree of the NX, and from the View menu, choose Configuration. Select the identification and key tab and enter the new key in the Activation Key field. From the File menu, choose Save to save the key.
NOTE: In some cases, on saving the new key, the NE or SG will require a reboot for the features to be applied. In these cases you will see the system message below
Figure 5: System Message Reboot Required when Entering New Key
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 12
NOTE: During the NE/SG upgrade process, you will be requested to provide a new key.
NX Key. From the Tools menu, select NetXplorer Application Server Registration. Enter the key in the Server Registration Key field. Enter the serial number in the Serial Number field. Click the Save button.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 13
How to Access Command Line Interface on Allot Products
The procedure for accessing command line interface depends on the Allot product being used. In each case, the procedure for defining initial network settings is described in the relevant hardware guides. After initial network settings have been established, the device can be accessed remotely and command line interface can be run as outlined below.
Non-AOS NetEnforcers (AC-400, 800, 1000 and 2500)
Open an SSH session to the NE.
To access the admin menu, log in as below:
Username: admin
Default Password: allot
To access the command line interface, log in as below:
Username: root
Default Password: bagabu
SG-Omega
Open an SSH session to the IP address of the SG-Omega. This will give you access to the SGSV-110 blade (located in slot 14).
To access the CLI, log in as below:
Username: root
Default Password: bagabu
Subsequently you can access a simple troubleshooting menu, by entering the command admin-menu
From the SGSV-110 blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:
Slot Blade IP
1 SGFP 11.11.11.10
3 SGFP 11.11.11.30
4 SGFP 11.11.11.40
5 SGFP 11.11.11.50
6 SGFP 11.11.11.60
7 SGBP 11.11.11.70
8 SGBP 11.11.11.80
9/10 SGCC 11.11.11.90 (Host)
11.11.11.91 (Target)
11/12 SGCC 11.11.11.110 (Host)
11.11.11.111 (Target)
14 SGSV 11.11.11.140
Table 1: SG-Omega Internal IP Addresses
After you have reached a blade on the SG-Omega, log in with username root and password bagabu to access its command line interface.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 14
AOS NetEnforcers (AC-1400, AC-3000, AC-5000, AC-10000)
Open an SSH session to the NE.
To access the command line interface, log in as below:
Username: sysadmin
Default Password: sysadmin
The AC-10200 contains multiple blades. When working with this product, you should open an SSH session to the master core controller which is installed in slots 2/3. From this CC-220 blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:
Slot Blade IP
1 SFC-200 11.11.11.70
2/3 CC-200 (Master) 11.11.11.20
4/5 CC-200 (Slave) 11.11.11.40
6 FB-200 11.11.11.60 (Processor 1)
11.11.11.61 (Processor 2)
11.11.11.62 (IPMC)
SMC 11.11.11.1
Table 2: Internal IP Addresses of AC-10200
After reaching a blade on the AC-10200, log in with username sysadmin and password sysadmin to access its command line interface.
NOTE: All the AOS CLI commands which are open to sysadmin users are contained in the Command Line Interface chapter of the relevant hardware guides.
SG-Sigma
Open an SSH session to the IP address of the SG-Sigma. This will give you access to the switch fabric controller located in slot 7 (SFC-A). To access the command line interface, log in as below:
Username: sysadmin
Default Password: sysadmin
From the SFC-A blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:
Slot Blade IP
1 SGSV-110 11.11.11.10
2/3 CC-220 11.11.11.20
4/5 CC-220 11.11.11.40
6 FB-200 11.11.11.60 (Processor 1)
11.11.11.61 (Processor 2)
11.11.11.62 (IPMC)
7 SFC-A 11.11.11.70
8 SFC-B 11.11.11.80
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 15
9 FB-200 11.11.11.90 (Processor 1)
11.11.11.91 (Processor 2)
11.11.11.92 (IPMC)
10 SGCC or NSS 11.11.11.100
11 NSS 11.11.11.110
12 SGCC or NSS 11.11.11.120
13 NSS 11.11.11.130
14 BP-240 11.11.11.140
SMC 11.11.11.1
Table 3: Internal IP Addresses of SG-Sigma
After reaching a blade on the SG-Sigma, log in with username sysadmin and password sysadmin to access its command line interface.
NOTE: All the SG-Sigma CLI commands which are open to sysadmin users are contained in the Command Line Interface chapter of the SG-Sigma hardware guide.
SMP or Distributed Collector
Open an SSH session to the SMP or Distributed Collector machine
To access the command line interface, log in as below:
Username: admin
Default Password: allot
ServiceProtector
Open an SSH session to the ServiceProtector
To access the command line interface, log in as below:
Username: root
Default Password: Allot$001
MediaSwift
Open an SSH session to the MediaSwift device.
To access the command line interface, log in as below:
Username: admin
Default Password:
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 16
How to Change the Default Password
It is strongly recommended to change the default password on all Allot devices. The password enables access to the device from anywhere on the Internet. Each Allot device should therefore be protected with a unique password.
AC-400, 800, 1000, 2500
You can change the log in password on a Non-AOS NE for either the Admin user or the Monitor user. The Admin user has access to all NE functions, while the Monitor user has read-only access.
On the AC-400, 800, 1000 and 2500 follow the procedure below:
To change the Admin User Password 1. Log in to the NE using the admin user 2. In the NE Setup Menu, enter 3 (Change password) and press . The Change
Password screen is displayed. 3. Follow the onscreen instructions. Enter a new password and press . The
password must be between 5 and 8 characters. You can use a combination of upper and lower case letters and numbers.
4. Re-enter the password and press . If NE detects a simple password, a warning is displayed on the screen.
To change the Root User Password
1. Log in to the NE using the root user 2. Enter the command passwd 3. Follow the instructions to enter a new root password
NOTE: During the NE/SG software upgrade procedure you may be requested to enter a new root user password.
AOS Products
Log in to the device and enter the command passwd
NOTE: With a Service Gateway this should be done on the SGSV-100 blade. With an AC-10200 this should be done on the master core controller.
This will enable you to change the password for the user level with which you have logged into the system.
ServiceProtector
Log in to the device and enter cli to enter the top level CLI. Enter the command passwd (do not change the password from the LINUX shell)
Note the stringent password criteria. The password can be any of the following options: 8 characters + 2 families; 7 characters + 3 families or 6 characters + 4 families. A family is defined as small letters, capital letters (not including the first character), numbers or other symbols.
MediaSwift
To change the password required to log in to the CLI, enter access user-password at the enabled CLI prompt, where is the new password for the normal user.
To change the password required to access Enable mode, enter access enable-password at the enabled CLI prompt, where is the new password for the enabled user.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 17
How to Upgrade Software
Upgrading NX. Full instructions for upgrading the NX can be found in the NX Installation and Admin Guide:
https://c.eu1.visual.force.com/apex/KB?KBID=16547928
Upgrading NX: Chapter 8 (Appendix)
Upgrading NX-HAP: Chapter 8 (Appendix)
Upgrading SMP. Full instructions for upgrading SMP can be found in the SMP User Guide:
https://c.eu1.visual.force.com/apex/KB?KBID=16547938
Upgrading SMP: Appendix B
Upgrading SMP-HAP: Appendix C
Upgrading NetEnforcer. Full instructions for upgrading NEs can be found in the relevant NE Release Notes (under NE Software Upgrade Procedure). All of the release notes can be accessed from the S/W Versions tab in the Support Area.
https://eu1.salesforce.com/a0A?fcf=00B20000005JRHX
Upgrading ServiceProtector.
To upgrade a remote SP-Sensor to the latest version of the ServiceProtector software located in the local systems CD ROM Drive, enter the command below from the main menu on the SP-Controller: system upgrade Sensor
To upgrade the local SP-sensor to the latest compatible version of the ServiceProtector software located in the local systems CD ROM Drive, enter the command below from the main menu: system upgrade cdrom
Figure 6: S/W Versions Tab in the Support Area
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 18
To upgrade the local system (sensor or controller) to the latest software version available on a given URL, enter the command below from the main menu: system upgrade url
For upgrade procedures for ServiceGateway and MediaSwift products, please contact [email protected]
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 19
How to Check Software and Hardware Versions
Check the model, software version and box number of the NE/SG
You can check the model of NE or SG that you are working with via the NX GUI or via the NE/SG CLI.
Via the GUI
Select the required NE/SG. From the view menu then choose configuration. Select the Identification & Key tab.
The product model is detailed in the Activation Key Details section.
The Software version and box number are detailed in the IDs section
Figure 7: Identifying product details via NX GUI
Via the CLI
The same information can be obtained from the NE CLI. Log in to the NE using the root username and password. The following CLI commands will be of assistance:
boxkey presents you with the serial number of the device
NOTE: This command is not applicable for the SG-Sgima.
actype presents you with the installed software version
NOTE: On an AC-5000 or AC-10000 product you should run actype on the core controller blade. On the AC-10200 this should be on the master core controller (installed in slots 2/3). On the SG-Sigma, you should run actype on the SGSV blade.
go config view key presents you with a range of system information, including the product model, activation key and its expiry date.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 20
Check the NetXplorer Software Version
You can check the NX software version by launching the GUI and selecting about from the help menu.
Figure 9: NetXplorer Software Version
Checking Installed Protocol Pack Version
You can check the protocol pack version that is loaded on the NE/SG from the IDs section of the Identification and Keys tab in the NE/SG Configuration dialog of the NX GUI.
AC402-13-99:~# go config view key
==== Product Key ====
Product Name AC-402/2M
Activation Key NE-123456BBBC78901ABB1234567890123456D
Key Expiration Date 23/03/2010
Functionality for Key Above :
Quality of Service enable
NetXplorer Reporter enable
Web Update enable
Bandwidth Capacity 2.00 Mbps
Figure 8: go config view key output
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 21
Figure 10: Protocol Pack Version on NetEnforcer
You can check the protocol pack version that is loaded on the NX by selecting Network in the configuration pane. From the view menu then choose configuration. Select the Protocol Updates tab.
Figure 11: Protocol Pack Version on NetXplorer
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 22
First Aid In this section we will outline several checks that we recommend making before beginning any troubleshooting procedure.
Verify Processes are Running
NetXplorer
On a Windows based NetXplorer Server, check that the NX Server service is running. This is done by choosing Start>Control Panel>Administrative Tools>Services. The status of the NX service should be started.
Now check that the processes are running by pressing CTRL+ALT+DEL and selecting Task Manager. The services you should see are listed below. If the NX Service status is not started or if any of the processes listed below are missing, you should restart the NX Server Service. This is done by right clicking on the NX Server service and then choosing start.
NOTE: When opening the Task Manager tab, be sure to mark show processes from all users as shown below.
On a Linux based NX Server, check that the NX Server service is running by entering service netxplorer status. The expected output should be: is running. Now check that the services are running by entering ps ef|grep opt you should then see a list of the processes as seen below. The services you should see are listed below.
Figure 12: Windows Task Manager Bar
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 23
If the NX Server Service status is not is running or if any of the processes listed below are missing, you should restart the NX Server Service. You should first stop the NX Server Service by entering service netxplorer stop. Then enter service netxplorer start.
You should expect to see the following NX Services:
Poller
Converter
Loader
ltc_poller
ltc_Loader
ltreducer (runs periodically therefore may not be seen)
manifest_manager (runs periodically therefore may not be seen)
KeeperService (swKeeper for Linux)
Dbsrv10 (3 instances)
ntpd (This process has a different location on Linux; when checking on a Linux system, you should enter ps-ef|grep ntp)
java (This process has a different location on Linux; when checking on a Linux system, you should enter ps-ef|grep java)
Verfiy Ports are Open
Certain firewall ports should be opened to ensure that all elements in an Allot solution can communicate. The list of relevant ports can be found in the Knowledge Base Item below:
https://c.eu1.visual.force.com/apex/KB?KBID=2588757
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 24
Verify NTP Synchronization
It is important to verify that all Allot network elements (NE, SG, Distributed Collector, SMP Server and NX) are synchronized to the same external NTP server. Lack of time synchronization typically causes problems such as reboots, missing data in graphs. It also leads to policy inconsistencies as data chunks sent from the NEs or SGs to the NX server might be discarded when they arrive with inconsistent time stamps.
The procedure for enabling this synchronization can be found in the knowledge base article below:
https://c.eu1.visual.force.com/apex/KB?KBID=8814596
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 25
Common Issues
Graph Opens with No Data
What should you do if on opening a NX graph, no data is displayed as shown below?
This output indicates a problem with data collection. We recommend following the procedure outlined below. After each step, try to re-open the graph:
1. Verify that all processes are running on the NX server. The procedure for doing this was outlined above
2. Verify all Allot network elements are synchronized to a single external NTP server. The procedure for doing this was also outlined above
3. Make sure no antivirus software, system backup software or defragmentation tools are running on the server. In case they are running, exclude the Allot/ Home folder.
4. Check the collection configuration via the NX GUI. Select the relevant NE or SG from the NX navigation tree. From the view menu, choose collection configuration. If you tried to open a long term reporting graph, check that Long Term Data Collection is checked. Alternatively, if you tried to open a real-time monitoring graph, check that Real-Time Data Collection and Short-Term Data Collection are checked.
5. Check if the NE or SG is sending the data which it collects in buckets. You can do that by opening a new browser window.
For real-time monitoring data at 30 second intervals type:
http:///bucket/30/manifest (e.g: http://10.2.3.4/bucket/30/manifest). (NOTE: In Allots AOS products real-time monitoring needs to be enabled by license).
For long-term reporting data at 5 minute intervals type
http:///bucket/300/manifest
The manifest is a list of the buckets that the NE/SG has created and that are waiting to be sent to the NX. Refresh the page after few minutes, and make sure the list is updated. If you see different numbers, this indicates that new buckets are being collected by the NE/SG and polled by the NX.
Figure 13: No Data in Graph
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 26
6. If everything seems to be in order and you are still not able to view graphs, please open a case with [email protected] and send us the NX & NE or SG snapshots as explained below.
Graph Output Shows Less Data than Expected
What should you do if on opening a NX graph, it shows data for a shorter time period than you had expected as shown below?
Figure 14: Less Data thank Expected
Note that for some distribution graphs, where the x axis represents a time period, and a relatively fine data resolution has been selected when setting up the graph, a scroll bar will appear at the bottom of the graph immediately above the date. Scroll across to view all of the data for the time period selected.
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 27
NetXplorer GUI Doesnt Open
What should you do if the NX GUI does not open and you receive an error message such as the one shown below?
Figure 15: System Message - Unable to Open GUI
We recommend following the procedure outlined below. After each step, try to re-open the GUI.
1. If you have upgraded the NX server, the previous desktop icon will no longer work. Remove the desktop NX icon, and enter the IP address of the NX Server directly into your browser.
2. If you are accessing the NX server from a remote client, make sure all of the required ports are open as outlined above. If port 80 is blocked for example, you will not be able to access the NX GUI. If the remote session fails, try to open the GUI directly from the NX server itself.
3. Verify that all the NX processes are running as outlined above
4. Verify that no antivirus software, system backup software or defragmentation tools are running on the server. In case they are running, exclude the Allot/ Home folder.
5. (Windows Server or Client Only). Clean the java cache. If the root cause of the issue is with Java, you can often solve it by clearing the Java Cache on the machine that cannot access the NX, and then reinstalling JRE. Go to control panel and choose Java. On the General tab, under Temporary Internet Files, click on delete and then OK. This action will clear the java cache files. It will also remove the NX shortcut from the desktop. Open browser with NX server IP address (http://) and choose the first option Install Java JRE First. Now launch the application.
6. (Linux Server Only). Verify that the host file is configured correctly. The procedure for doing this can be found at: https://c.eu1.visual.force.com/apex/KB?KBID=4522161
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 28
NetEnforcer Front Panel LCD Is Stuck in System Loading
If the front panel of an AC-400 or AC-800 series product is stuck on system loading you should refer to the knowledge base item below:
https://c.eu1.visual.force.com/apex/KB?KBID=5013522
For an AC-1000/2500 device that is stuck in system loading you should refer to the knowledge base item below, which also includes the image files required when restoring the products:
https://c.eu1.visual.force.com/apex/KB?KBID=2850823
NetEnforcer Front Panel LCD Displays
When an AC-1000 or AC-2500 unit goes into bypass mode, the LCD will display . First, verify that the bypass cable is well connected between the NE and its bypass. If the unit is not supposed to be in bypass mode, reboot the NE by logging in as a root user and entering ac_reboot
NetXplorer Alarm Reports Device in Rescue Policy
If you see a question mark icon on the NE or SG in the NX network tree this indicates that the device has deferred to its rescue policy. The rescue policy is the last known good NX policy. An alarm indicating as such will also appear in the NX alarm log and you will not be able to make any further policy changes until this is resolved.
The procedure for dealing with a device which has deferred to its rescue policy is indicated in the KB article below:
https://c.eu1.visual.force.com/apex/KB?KBID=11305253
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 29
The Next Step
How to Open a New Case
There are two ways to open a new case
Via the Allot Support area
Log in to the allot Support Area: www.allot.com/support
Go to the cases tab and click on New Case. Fill in the form and click save.
Figure 16: Opening a new case from the Allot Support Area
NOTE: You will be able to attach files after saving the case.
Via Email
Send an email to [email protected] with the NE/SG serial number or box key in the email subject field. Make sure you dont add any other numbers in the subject field (such as software version numbers or product name)
The serial number of the NE/SG is included in the Thank-You letter which is included with the product. It can also be found on a sticker on the rear side of the unit.
The box number can be determined from the NX GUI or the NE/SG CLI by following the instructions outlined above
How to Grant Remote Access
For guidelines on how to grant remote access to Allot Support, see the knowledge base item below:
https://c.eu1.visual.force.com/apex/KB?KBID=11304991
How to Create and Send Snapshots
A snapshot is a zip file containing current and historical information on the status of an Allot product. This includes log files, policy information, operating system state, hardware status, and other information regarding the product. You can generate a snapshot for any of the following products:
NetEnforcer
SG-Omega, or SG-Sigma
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 30
NetXPlorer
SMP / Data Collector
ServiceProtector
For full instructions on how to generate snapshots, refer to the knowledge base item below:
https://c.eu1.visual.force.com/apex/KB?KBID=11304993
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 31
Appendix A: User Guides Below is a table of official Allot documentation. The title of each document is a clickable link to download the document from the password protected Allot support area. Where the link is not available, please contact [email protected] for access to the guide.
User Documentation Scope
NetXplorer Operations Guide GUI based operation, monitoring and policy building.
NetXplorer Installation & Administration Guide Installation of various solution components, monitoring collector administration, server CLI, troubleshooting and administration.
NPP User Guide Instructions for the NPP administrator and instructions for the end user which can be copied into an operators guide.
SMP User Guide Initial setup, integration with external systems (IPAS, OAS, PCRF etc), service plan configuration, troubleshooting.
AC-400 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, Specs
AC-800 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, Specs
AC-1000 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, Specs
AC-2500 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, Specs
AC-1400 and 3000 Hardware Guide
Hardware description, Connecting the NE, Configuring the NE, Redundancy, CLI, Specs
AC-5000 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, CLI, Specs
AC-10000 Hardware Guide Hardware description (chassis and blades), Connecting the NE, Configuring the NE, Redundancy, CLI, Specs
SG-Omega Hardware Guide Hardware description & specs (chassis and blades)
SG-Omega Installation Guide Connecting and Configuring the SG-Omega, blade insertion, software installation and upgrade
SG-Omega Administration Guide SG-Omega CLI and Logs
SG-Sigma Hardware Guide Hardware description (chassis and blades), Configurations and growth path, Installing and configuring the SG, High Availability and Asymmetric traffic, CLI, Specs
ServiceProtector Installation & Administration Guide Installation procedure, Essential configuration, Notifications & filters,
-
Basic Troubleshooting Guide 09-2011
2011 Allot Communications. All rights reserved. 32
thresholds and troubleshooting
ServiceProtector Operation Guide GUI based operation, monitoring and anomaly analysis
MediaSwift Administration Guide Configuration, CLI, system monitoring and administration
MediaSwift Operation Guide GUI based operation and traffic monitoring
Integration Guides SNMP, NX SOAP, SMP SOAP and Accounting Interface Guides. Plus a guide for integrating services using the SG-Sigma.
Appendix B: Useful Links Below is a table of the knowledge base items referred to in this troubleshooting guide
Subject Link
How to Generate Keys via the Web
https://c.eu1.visual.force.com/apex/KB?KBID=5537954
How to Generate Snapshots https://c.eu1.visual.force.com/apex/KB?KBID=11304993
How to Grant Remote Access to Allot Support
https://c.eu1.visual.force.com/apex/KB?KBID=11304991
Which firewall ports need to be opened?
https://c.eu1.visual.force.com/apex/KB?KBID=2588757
Check all elements are synchronized
https://c.eu1.visual.force.com/apex/KB?KBID=8814596
What to do when AC-400/800 LCD is stuck at system loading
https://c.eu1.visual.force.com/apex/KB?KBID=5013522
What to do when AC-1000/2500 LCD is stuck at system loading
https://c.eu1.visual.force.com/apex/KB?KBID=2850823
What to do when NX defers to its rescue policy
https://c.eu1.visual.force.com/apex/KB?KBID=11305253
How to verify that the host file was correctly configured (Linux)
https://c.eu1.visual.force.com/apex/KB?KBID=4522161
-
www.allot.com [email protected]
Americas: 300 TradeCenter, Suite 4680, Woburn, MA 01801 USA - Tel: 781-939-9300; Toll free: 877-255-6826; Fax: 781-939-9393
Europe: NCILes Centres d'Affaires Village d'Entreprises, 'Green Side' 400 Avenue Roumanille, BP309 06906 Sophia Antipolis,
Cedex France - Tel: 33 (0) 4-93-001160; Fax: 33 (0) 4-93-001165
Asia Pacific: 6 New Industrial Road, #08-01, Hoe Huat Industrial Building, Singapore 536199 Tel: +65-6283 8990 Fax: +65-6282 7280
Japan: Kanda Surugadai 4-2-3-301, Chiyoda-ku, Tokyo 101-0062 - Tel: 81 (3) 5297 7668; Fax: 81 (3) 5297 7669
Middle East & Africa: 22 Hanagar Street, Industrial Zone B, Hod Hasharon, 45240 Israel - Tel: 972 (9) 761-9200; Fax: 972 (9) 744-3626
Appendix C: Useful Commands Below is a table of the commands referred to in this troubleshooting guide
Command Use Products
passwd Change root password All NE, SG and SP products
boxkey Displays serial number All NE products
actype Displays installed software version All NE and SG products
go config view key Displays product model, activation key and expiry date
All NE and SG products
swgadmin -l Lists the processes running on the device
All non-AOS NE products
ac_reboot Reboots the NE (Note: To ensure a graceful reboot, you should use the ac_reboot command and not the reboot command)
All non-AOS NE products
snapshot Creates a snapshot file All NE and SG products plus the SMP and Collector
send_snapshot Creates a snapshot and automatically uploads to Allots FTP server
All non-AOS NE products