[Troubleshooting Series] Case 33 eSight can't backup the AR configuration file

Physical Network Topology

Fault Description

AR1 connected with AR2,AR2 connect with Esight server.The esight server can only see AR1’s loopback address.

eSight can not backup AR1’s configuration .

Configuration Files

l   AR1

#
aaa
 authentication-scheme auth
 accounting-scheme abc
 domain huawei
 local-user user1 password irreversible-cipher %^%#iv-e(@1]P90{2*&tcll)JN*KQ9c`"Ob^#"Al|p7EHK>qVzB%(7On,d&6iweF%^%#
 local-user user1 privilege level 15                                                       
 local-user user1 service-type http
#
interface Tunnel0/0/0
 tunnel-protocol gre
 ip address 10.1.1.1 255.255.255.0
 source 192.168.1.1
 destination 192.168.1.2
#
 snmp-agent local-engineid 800007DB045254525F414E4B415241 
#

l   AR2

#
aaa
 authentication-scheme auth
 accounting-scheme abc
 domain huawei
 local-user user1 password irreversible-cipher %^%#iv-e(@1]P90{2*&tcll)JN*KQ9c`"Ob^#"Al|p7EHK>qVzB%(7On,d&6iweF%^%#
 local-user user1 privilege level 15                                                       
 local-user user1 service-type http
#
interface Tunnel0/0/0
 tunnel-protocol gre
 ip address 10.1.1.2 255.255.255.0
 source 192.168.1.3
 destination 192.168.1.1
#
 ftp client-source -i LoopBack0
#
 sftp client-source -i LoopBack0
# 

Troubleshooting Procedure

                               Step 1      Checking whether AR1 can get access to the esight.

Since on esight, there’s only route to the loopback address, so we should ping with loopback address as source.

AR1 can’t get access to the esight server.

Check the tunnel interface is u******ot.

                               Step 2      The tunnel interface is not up. Checking the configuration, the parameter on AR2 is not correct. After change the source address of the gre tunnel on AR2, tunnel establish successfully.

                               Step 3      AR can get access to the esight after gre tunnel becoming up.

Check whether esight can manage AR1 successful.

                               Step 4      After Checking on esight, there’s no AR1 on Esight topology. We should check whether the snmp configuration is correct on AR1 and esight.

                               Step 5      Modify the snmp parameter on AR1, esight can manage AR1 now. Try to backup the configuration file on esight.

                               Step 6      Still can’t backup on esight. Do the capture on AR1, and found the source address is tunnel interface. But on esight, there’s no route for this address. We should use the loopback address. Using ftp client-source command to change the source address.

Root Cause

GRE tunnel can’t establish because of the tunnel parameter.

eSight can’t manage AR1 because there’s no snmp configuration on AR1.

Can’t backup the file on eSight because there’s no rout to AR1