FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adavila
Staff
Staff
Description
This article describes the FortiGate troubleshooting commands for an ADSL interface detailing:
- Integrity verification
- Actual state
- Network values
- Health values
- Other parameters related with ADSL links

Scope
FortiGate ADSL interfaces

Solution

To verify the state of a FortiGate ADSL interface:

# diagnose hardware deviceinfo nic adsl

(output example)

Driver Name :Fortinet Nplite Driver
Version :1.0
Admin :up
Current_HWaddr 00:09:0f:48:13:08
Permanent_HWaddr 00:09:0f:48:13:08
Status :up
Speed :100
Duplex :Half
Host Rx Pkts :735929
Host Rx Bytes :23645111
Host Tx Pkts :736835
Host Tx Bytes :416949911
Rx Pkts :735929
Rx Bytes :44231723
Tx Pkts :736835
Tx Bytes :409617489
rx_buffer_len :2048
Hidden :No
cmd_in_list :0

# show system interface adsl

(output example)

config system interface
    edit "adsl"
        set ip 123.252.184.2 255.255.255.0
        set allowaccess ping https ssh snmp fgfm
        set l2forward enable
        set type physical
        set vpi 0
        set vci 33
        set atm-protocol ipoa
        set mux-type llc-encaps
        set snmp-index 1
        set mtu-override enable
    next
end

 

To verify the state between a FortiGate ADSL interface and ISP:

# get system adsl status

(output example)


Addressing Mode  [static]
Physical Mode  [G992_5_A]
IP  [123.252.184.2]
VPI  [0]
VCI  [33]
ADSL Module  [up]
ADSL VCC link  [up]
ADSL cable link  [up]
Vendor ID  [(43,45,20,49,65,74,65,6C)]
Vendor Version Number 
[(00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00)]
Vendor Serial Number    
  [(47,01,AE,DC,FF,2F,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,00,00,00,00,00,00,00,00,00,00,00,00)]
Modem Status  [SHOWTIME_TC_SYNC]
Power Management Mode  [DSL_G997_PMS_L0]
Trellis-Coded Modulation  [Enable]
Data Rate Downstream  [4094 kbps]
Data Rate Upstream  [1022 kbps]
Attainable Data Rate Downstream  [27900 kbps]
Attainable Data Rate Upstream  [1348 kbps]
Interleaver Depth Downstream  [511]
Interleaver Depth Upstream  [8]
Line Attenuation(LATN) Downstream
  [1.9 dB]
Line Attenuation(LATN) Upstream  [1.9 dB]
Signal Attenuation(SATN) Down 
  [1.7 dB]
Signal Attenuation(SATN) Up  [1.3 dB]
SNRM Downstream  [33.0 dB]
SNRM Upstream  [18.4 dB]
ACATP Downstream  [8.3 dB]
ACATP Upstream  [9.9 dB]
Superframe  [n/a]
LOS Failure(near end)  [0]
LOS Failure(far end)  [0]
LOF Failure(near end)  [0]
LOF Failure(far end)  [0]
LPR Failure(near end)  [0]
LPR Failure(far end)  [0]
NCD Failure(near end)  [0]
NCD Failure(far end)  [0]
LCD Failure(near end)  [0]
LCD Failure(far end)  [0]
CRC(near end)  [0]
CRC(far end)  [26]
RS Correction(near end)  [153]
RS Correction(far end)  [31]
FECS(near end)  [0]
FECS(far end)  [246]
Errored Second(ES-L)(near end) 
  [0]
Errored Second(ES-L)(far end)  [2]
Serverely Errored Seconds(SES-L)NE [0]
Serverely Errored Seconds(SES-L)FE [0]
Loss of Signal Seconds(LOSS-L)NE [0]
Loss of Signal Seconds(LOSS-L)FE [1]
Unavailable Seconds(UAS-L)NE [24]
Unavailable Seconds(UAS-L)FE [24]
HEC Error(near end)  [0]
HEC Error(far end)  [174]
Internal Message  9/22/2015 9:47:00 AM  Pradhumna Reddy
Mon Sep 21 11:40:11 2015 60soc_adsl.c[799] adsl2plus_main - ready to process request...
adsl2_recv_rsp: before recvfrom
adsl2_recv_rsp: after recvfrom rsp.result[0] len[8208] rsp.len[8]
adsl2_get_stats_block: return from adsl2_get_result, ADSL2_SUCCESS
adsl2_get_stats_block: after adsl2_get_result
Mon Sep 21 11:40:11 2015 60soc_adsl.c[115] adsl2plus_do_command - waiting to do command [-a]...
adsl2_get_stats_block: before adsl2_init
create_result_queue_name: new fifo name [/dev/adsl2_fifo_184_5]
adsl2_get_stats_block: after adsl2_init, fd = 14
adsl2_get_stats_block: before adsl2_req, req cmd_type = 1
Mon Sep 21 11:40:12 2015 60soc_adsl.c[808] adsl2plus_main - request: uid[6] cmd_type[1] param[/main/wan/settings/static/Config wanif=wan1 vpivci=0.33 ipaddr=169.254.0.1 netmask=255.255.255.255 gipaddr=169.254.0.2 atmp=ip_over_atm VTAG=disable] fifo_name[/dev/adsl2_fifo_184_5]
Mon Sep 21 11:40:12 2015 60soc_adsl.c[826] adsl2plus_main - connecting to forti_fe(240.0.0.1:8111)...
Mon Sep 21 11:40:12 2015 60soc_adsl.c[836] adsl2plus_main - Sending command [/main/wan/settings/static/Config wanif=wan1 vpivci=0.33 ipaddr=169.254.0.1 netmask=255.255.255.255 gipaddr=169.254.0.2 atmp=ip_over_atm VTAG=disable] to forti_fe(240.0.0.1:8111)...
Mon Sep 21 11:40:12 2015 60soc_adsl.c[851] adsl2plus_main - Receiving result from forti_fe...
adsl2_send_req: sizeof(*req)=776 send_len=776
adsl2_get_stats_block: before adsl2_get_result
Mon Sep 21 11:40:12 2015 60soc_adsl.c[115] adsl2plus_do_command - waiting to do command [-a]...

To verify all parameters associated with an ADSL on a FortiGate and information received from ISP:

# diagnose debug enable

# diagnose adsl show value

value is an integer number, here is a description of the numbers:

(0) – General ADSL interface information (IP settings, firmware version, others)

# diagnose adsl show 0

(output example)
Index
LAN
IP Address 240.0.0.1
Subnet Mask 255.255.255.0
DHCP Mode Disable
Firewall
Disable
 
Information
Bootloader Version Ver:04000002
OS Build Version Ver:04000011
BSP Version 1.3.1.1-patch2
Amazon Kernel Version
Amazon Software Version Amazon_SE-3.6.12-R0208V36_SPI-1915-11Jul11
Amazon ToolChain Version lxdb-1-3-1/3.3.6/0.9.28
ADSL Firmware Version FW Version: 3.5.0.12.0.1

--------------------------------------------------------------------------------------


(1) – General information about ISP settings (VCI/VPI)

# diag adsl show 1

(output example)

ADSL VC Configuration

Total VC Channels:

---------------------------------------------------------------------------------------------------------------------------

No VPI/VCI RFC 2684 Encap QoS Class QoS Parameters

---------------------------------------------------------------------------------------------------------------------------

1 0/35 LLC/SNAP UBR

2 8/35 LLC/SNAP UBR

---------------------------------------------------------------------------------------------------------------------------

VPI : <integer value> Virtual Path Identifier (VPI) number is provided by ISP. It’s a number between 0 and 65535. VPI refers to an 8-bit (user to network packets) or 12-bit (network-network packets) field within the header of an Asynchronous Transfer Mode packet, the core network that supports ADSL links. VPI is useful to reduce the switching table for some Virtual Circuits which have common path.

VCI : <integer value> Virtual Channel Identifier (VCI) is a number provided by ISP. It’s a number between 0 and 255. Together at VCI (Virtual Channel Identifier), VCI is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination. In simple words these two numbers (VPI/VCI) simply tell the DSL equipment on both the sides that the communication to be established between them.

RFC 2684 Encap : fdf

QoS Class (ATM/ADSL) : It can be Class A (CBR – Constant Bit Rate), Class B and C (VBR-nRT – Variable  Bit Rate Non Real Time, VBR-RT – Variable Bit Rate Real Time), and Class D (UBR – Unspecified Bit Rate, ABR – Available Bit Rate). These classes indicates the Quality of Service (QoS) levels

QoS Parameters (ATM/ADSL) : It indicates which QoS parameters were activated, as CDV (Cell Delay Variation), maxCTD (Maximum Cell Transfer Delay), CLT (Cell Loss Ratio). Others ATM parameters: PCR (Peak Cell Rate), SCR (Sustainable Cell Rate), MBS (Maximum Burst Size), MCR (Minimum Cell Rate)

Obs: QoS Class uses a specific QoS Parameter:

·         CBR uses maxCTD and PCR

·         VBR-nRT uses PCR, SCR and MBS

·         VBR-RT uses PCR, SCR and MBS; cells delayed above max CTD not valuable

·         UBR uses PCR for information only

·         ABR uses PCR and MCR

(2) – Detail information about Virtual Circuit Channel (VCC), as IP settings, signalling, errors, CRC, power levels, downstream/upstream, others

# diagnose adsl show 2

(output example)

VCCs Status
----------------------------------------------------------------------------------------------------------------------
No          VCC        Connection Status           IP Configured `                  Type Connection Name
----------------------------------------------------------------------------------------------------------------------
1              0/33       Static Connected              169.254.0 WAN1               LLC/SNAP IPoA d .1
----------------------------------------------------------------------------------------------------------------------
 
Gateway Information
 
DNS Information
Primary 168.95.1.1
Secondary 168.95.1.1
ADSL Physical Mode [ ]
Vendor ID [(00,00,00,00,00,00,00,00)]
Vendor Version Number [(00,00,00,00,…,00,00)]
Vendor Serial Number [(00,00,00,00,….,00,00)]
Modem Status [FULL_INIT]
Power Management Mode [DSL_G997_PMS_L3]
Trellis-Coded Modulation [Disable]
Data Rate Downstream [0 kbps]
Data Rate Upstream [0 kbps]
Attainable Data Rate Downstream
[0 kbps]
Attainable Data Rate Upstream [0 kbps]
Interleaver Depth Downstream [0]
Interleaver Depth Upstream [0]
Line Attenuation(LATN) Downstream [0.0 dB]
Line Attenuation(LATN) Upstream
[0.0 dB]
Signal Attenuation(SATN) Down [0.0 dB]
Signal Attenuation(SATN) Up [0.0 dB]
SNRM Downstream [0.0 dB]
SNRM Upstream [0.0 dB]
ACATP Downstream [0.0 dB]
ACATP Upstream [0.0 dB]
Superframe [n/a]
LOS Failure(near end) [0]
LOS Failure(far end) [0]
LOF Failure(near end) [0]
LOF Failure(far end) [0]
LPR Failure(near end) [0]
LPR Failure(far end) [0]
NCD Failure(near end) [0]
NCD Failure(far end) [0]
LCD Failure(near end) [0]
LCD Failure(far end) [0]
CRC(near end) [0]
CRC(far end) [0]
RS Correction(near end) [0]
RS Correction(far end) [0]
FECS(near end) [0]
FECS(far end) [0]
Errored Second(ES-L)(near end) [0]
Errored Second(ES-L)(far end) [0]
Serverely Errored Seconds(SES-L)NE [0]
Serverely Errored Seconds(SES-L)FE [0]
Loss of Signal Seconds(LOSS-L)NE [0]
Loss of Signal Seconds(LOSS-L)FE [0]
Unavailable Seconds(UAS-L)NE [16]
Unavailable Seconds(UAS-L)FE [14]
HEC Error(near end) [0]
HEC Error(far end) [0]

 

----------------------------------------------------------------

(3) – ADSL Test (OAM Test)

# diagnose adsl show 3

(output example)

OAM F5 Test for [VPI:8 VCI:35] is Bad
OAM F5 Test for [VPI:0 VCI:35] is Good
--------------------------------------------------------------------------------------------

OAM : OAM is an ATM packet known as “ATM Operation, Administration and Maintenance” (OAM) packet created to execute connectivity test,  as Ping or Loopback, in a specific virtual circuit


(4) – Logs and Syslogs information

# diagnose adsl show 4

(output example)

Jan  1 00:00:05 cpe syslog.info syslogd started: BusyBox v1.00 (2011.07.12-02:12+0000)

(5) – Brief general information

# diagnose adsl show 5

(Same results than 0)

--------------------------------------------------------------------------------------

Sniff an ADSL

connection:

# diagnose debug reset
# diagnose debug disable
# diagnose debug application adsl 255 (other interface: adsl2)

# diagnose debug enable
# execute interface pppoa-reconnect-adsl
 
# diagnose sniffer packet adsl '' 3 0 a (3 is for minutes)
# diagnose sniffer packet ppp0 '' 3 0 a (3 is for minutes)

 

# diagnose adsl log
This command is similar to “diagnose adsl show 4”

To debug ADSL processes:

# diagnose debug application adsl2 4 (other interface: adsl)

# diagnose debug application ppp 4
# diagnose debug application pppoed 4
# diagnose debug console timestamp enable
# diagnose debug enable
# execute interface pppoa-reconnect-adsl

Basic configuration for an ADSL interface using PPPoE:

# diagnose debug application adsl2 4 (other interface: adsl)

# diagnose debug application ppp 4
# diagnose debug application pppoed 4
# diagnose debug console timestamp enable
# diagnose debug enable
# execute interface pppoa-reconnect-adsl

 


Related Articles

What ADSL protocols are supported?

Technical Note: How to enable IPOA connection mode in ADSL devices on a FortiGate

Contributors