147 lines
8.5 KiB
HTML
147 lines
8.5 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Troubleshoot VPN with the communications trace" />
|
|
<meta name="abstract" content="" />
|
|
<meta name="description" content="" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajatroubleshootvpn.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajagetstartpd.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzajacomtrac" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Troubleshoot VPN with the communications trace</title>
|
|
</head>
|
|
<body id="rzajacomtrac"><a name="rzajacomtrac"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Troubleshoot VPN with the communications trace</h1>
|
|
<div><p></p>
|
|
<p><span class="keyword">IBM<sup>®</sup> i5/OS™</span> provides
|
|
the capability to trace data on a communications line, such as a local area
|
|
network (LAN) or wide area network (WAN) interface. The average user may not
|
|
understand the entire contents of the trace data. However, you can use the
|
|
trace entries to determine whether a data exchange between the local and the
|
|
remote systems took place.</p>
|
|
<div class="section"><h4 class="sectiontitle">Starting the communications trace</h4><p>Use the Start
|
|
Communications Trace (STRCMNTRC) command to start the communications trace
|
|
on your system. The following is an example of the STRCMNTRC command:</p>
|
|
<pre>STRCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN) MAXSTG(2048) TEXT('VPN Problems')</pre>
|
|
<p>The command parameters are explained in the following list:</p>
|
|
<dl><dt class="dlterm">CFGOBJ (Configuration object)</dt>
|
|
<dd>The name of the configuration object to trace. The object is either a
|
|
line description, a network interface description, or a network server description.</dd>
|
|
<dt class="dlterm">CFGTYPE (Configuration type)</dt>
|
|
<dd>Whether a line (*LIN), a network interface (*NWI), or a network server
|
|
(*NWS) is being traced.</dd>
|
|
<dt class="dlterm">MAXSTG (Buffer size)</dt>
|
|
<dd>The buffer size for the trace. The default value is set to 128 KB. The
|
|
range goes from 128 KB to 64 MB. The actual maximum system-wide buffer size
|
|
is defined within the System Service Tools (SST). Therefore, you may receive
|
|
an error message when using a larger buffer size on the STRCMNTRC command
|
|
than defined in the SST. Keep in mind that the sum of buffer sizes specified
|
|
on all started communications traces must not exceed the maximum buffer size
|
|
defined in the SST.</dd>
|
|
<dt class="dlterm">DTADIR (Data direction )</dt>
|
|
<dd>The direction of data traffic to be traced. The direction can be outbound
|
|
traffic only (*SND), inbound traffic only (*RCV), or both directions (*BOTH).</dd>
|
|
<dt class="dlterm">TRCFULL (Trace full )</dt>
|
|
<dd>What occurs when the trace buffer is full. This parameter has two possible
|
|
values. The default value is *WRAP, which means, when the trace buffer is
|
|
full, the trace wraps to the beginning. The oldest trace records are written
|
|
over by new ones as they are collected.<p>The second value *STOPTRC let the
|
|
trace stop when the trace buffer, specified in the MAXSTG parameter is full
|
|
of trace records. As general rule, always define the buffer size to be large
|
|
enough to store all the trace records. If the trace wraps, you may lose important
|
|
trace information. If you experience a highly intermittent problem, define
|
|
the trace buffer to be large enough that a wrap of the buffer will not discard
|
|
any important information.</p>
|
|
</dd>
|
|
<dt class="dlterm">USRDTA (Number of user bytes to trace)</dt>
|
|
<dd>Defines the number of data to be traced in the user data part of the data
|
|
frames. By default only the first 100 bytes of user data are captured for
|
|
LAN interfaces. For all other interfaces, all user data is captured. Make
|
|
sure you specify *MAX if you suspect problems in the user data of a frame.</dd>
|
|
<dt class="dlterm">TEXT (Trace description)</dt>
|
|
<dd>Provides a meaningful description of the trace.</dd>
|
|
</dl>
|
|
</div>
|
|
<div class="section"><h4 class="sectiontitle">Stopping the communications trace</h4><p>If you do not
|
|
otherwise specify, the trace typically stops as soon as the condition for
|
|
which you are tracing occurs. Use the End Communications Trace (ENDCMNTRC)
|
|
command to stop the trace. The following command is an example of the ENDCMNTRC
|
|
command:</p>
|
|
<pre>ENDCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN)</pre>
|
|
<p>The
|
|
command has two parameters:</p>
|
|
<dl><dt class="dlterm">CFGOBJ (Configuration object)</dt>
|
|
<dd>The name of the configuration object for which the trace is running. The
|
|
object is either a line description, a network interface description, or a
|
|
network server description.</dd>
|
|
<dt class="dlterm">CFGTYPE (Configuration type )</dt>
|
|
<dd>Whether a line (*LIN), a network interface (*NWI), or a network server
|
|
(*NWS) is being traced.</dd>
|
|
</dl>
|
|
</div>
|
|
<div class="section"><h4 class="sectiontitle">Printing the trace data</h4><p>After you stop the communications
|
|
trace, you need to print the trace data. Use the Print Communications Trace
|
|
(PRTCMNTRC) command to perform this task. Since all line traffic is captured
|
|
during the trace period, you have multiple filter options for output generation.
|
|
Try to keep the spooled file as small as possible. This makes the analysis
|
|
faster and more efficient. In the case of a VPN problem, filter on IP traffic
|
|
only and, if possible, on a specific IP address. You also have the option
|
|
of filtering on a specific IP port number. The following is an example of
|
|
the PRTCMNTRC command:</p>
|
|
<pre>PRTCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN) FMTTCP(*YES) TCPIPADR('10.50.21.1)
|
|
SLTPORT(500) FMTBCD(*NO)</pre>
|
|
<p>In this example, the trace is formatted
|
|
for IP traffic and contains only data for the IP address, where the source
|
|
or destination address is 10.50.21.1 and the source or destination IP port
|
|
number is 500.</p>
|
|
<p>Only the most important command parameters for analyzing
|
|
VPN problems, are explained below:</p>
|
|
<dl><dt class="dlterm">CFGOBJ (Configuration object)</dt>
|
|
<dd>The name of the configuration object for which the trace is running. The
|
|
object is either a line description, a network interface description, or a
|
|
network server description.</dd>
|
|
<dt class="dlterm">CFGTYPE (Configuration type)</dt>
|
|
<dd>Whether a line (*LIN), a network interface (*NWI), or a network server
|
|
(*NWS) is being traced.</dd>
|
|
<dt class="dlterm">FMTTCP (Format TCP/IP data)</dt>
|
|
<dd>Whether to format the trace for TCP/IP and UDP/IP data. Specify *YES to
|
|
format the trace for IP data.</dd>
|
|
<dt class="dlterm">TCPIPADR (Format TCP/IP data by address)</dt>
|
|
<dd>This parameter consists of two elements. If you specify IP addresses on
|
|
both elements, only IP traffic between those addresses will print.</dd>
|
|
<dt class="dlterm">SLTPORT (IP port number)</dt>
|
|
<dd>The IP port number to filter.</dd>
|
|
<dt class="dlterm">FMTBCD (Format broadcast data)</dt>
|
|
<dd>Whether all broadcast frames are printed. Yes is the default. If you do
|
|
not want; for example, Address Resolution Protocol (ARP) requests, specify
|
|
*NO; otherwise you may be overwhelmed with broadcast messages.</dd>
|
|
</dl>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajatroubleshootvpn.htm" title="Refer to this topic when you experience problems with your VPN connections.">Troubleshoot VPN</a></div>
|
|
</div>
|
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
|
<div><a href="rzajagetstartpd.htm" title="Vie this information to begin finding and correcting your VPN connection problems.">Get started with troubleshooting VPN</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |