实例:
和客户IDC机房拉了一条MSTP线路,接入到Cisco 3750x后端口灯不亮,更换了端口也是不亮,查看端口信息发现因为客户端有环路导致我们接口出现err-disable错误。
故障现象:
线路不通,物理指示灯不亮,有的会显示为橙色(不同平台指示灯状态不同)
解决思路:
取消环路,将端口重启
排错过程:
1、查看接口状态
GigabitEthernet1/0/8 is down, line protocol is down (err-disabled)
C3750X-5F-I02-2-252#SHOw INTERfaces GIgabitEthernet 1/0/8 GigabitEthernet1/0/8 is down, line protocol is down (err-disabled) Hardware is Gigabit Ethernet, address is 00af.1fe0.63d0 (bia 00af.1fe0.63d0) Description: "HTZQ Network" Internet address is 165.16.241.174/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 16:07:19, output 16:07:19, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 42 packets input, 10117 bytes, 0 no buffer Received 33 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 19 multicast, 0 pause input 0 input packets with dribble condition detected 77 packets output, 21350 bytes, 0 underruns 0 output errors, 0 collisions, 9 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out C3750X-5F-I02-2-252#SHOw INTERfaces GIgabitEthernet 1/0/8 STATUS Port Name Status Vlan Duplex Speed Type Gi1/0/8 "HTZQ Network" err-disabled routed auto auto 10/100/1000BaseTX C3750X-5F-I02-2-252#
2、查看导致接口err-disable的原因
C3750X-5F-I02-2-252#show interfaces status err-disabled Port Name Status Reason Err-disabled Vlans Gi1/0/8 "HTZQ Network" err-disabled loopback Gi1/0/9 err-disabled loopback Gi1/0/10 err-disabled loopback Gi1/0/20 err-disabled loopback C3750X-5F-I02-2-252#
从图中可以看出导致接口err-disable的原因是loopback,因为期间我更换过接口,因为环路导致了所有更换过的接口都是err-disable
看到哪些原因会导致接口处于err-disable
C3750X-5F-I02-2-252#show errdisable detect ErrDisable Reason Detection Mode ----------------- --------- ---- arp-inspection Enabled port bpduguard Enabled port channel-misconfig (STP) Enabled port community-limit Enabled port dhcp-rate-limit Enabled port dtp-flap Enabled port gbic-invalid Enabled port inline-power Enabled port invalid-policy Enabled port l2ptguard Enabled port link-flap Enabled port loopback Enabled port lsgroup Enabled port mac-limit Enabled port pagp-flap Enabled port port-mode-failure Enabled port pppoe-ia-rate-limit Enabled port psecure-violation Enabled port/vlan security-violation Enabled port sfp-config-mismatch Enabled port small-frame Enabled port storm-control Enabled port udld Enabled port vmps Enabled port C3750X-5F-I02-2-252#
从列表中,我们可以看出常见的原因有udld,bpduguard,link-flap以及loopback等。 具体由什么原因导致当前接口err-disable可以由show interface status err-disable来查看。
3、恢复
在接口模式下采用shutdown,no shutdown进行手动的激活即可恢复,前提是环路要接触,不然接口会再次被置于err-disable。
在缺省配置下,一旦接口被置为err-disable,IOS将不会试图恢复接口。 这个可以由show errdisable recovery来查看,timer status下面所有的值都是disable。
C3750X-5F-I02-2-252#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig (STP) Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled loopback Disabled pagp-flap Disabled port-mode-failure Disabled pppoe-ia-rate-limit Disabled psecure-violation Disabled security-violation Disabled sfp-config-mismatch Disabled small-frame Disabled storm-control Disabled udld Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: C3750X-5F-I02-2-252#
配置IOS自动重新激活errdisable的接口
C3750X-5F-I02-2-252(config)#errdisable recovery cause ? all Enable timer to recover from all error causes arp-inspection Enable timer to recover from arp inspection error disable state bpduguard Enable timer to recover from BPDU Guard error channel-misconfig (STP) Enable timer to recover from channel misconfig error dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error dtp-flap Enable timer to recover from dtp-flap error gbic-invalid Enable timer to recover from invalid GBIC error inline-power Enable timer to recover from inline-power error l2ptguard Enable timer to recover from l2protocol-tunnel error link-flap Enable timer to recover from link-flap error loopback Enable timer to recover from loopback error mac-limit Enable timer to recover from mac limit disable state pagp-flap Enable timer to recover from pagp-flap error port-mode-failure Enable timer to recover from port mode change failure pppoe-ia-rate-limit Enable timer to recover from PPPoE IA rate-limit error psecure-violation Enable timer to recover from psecure violation error security-violation Enable timer to recover from 802.1x violation error sfp-config-mismatch Enable timer to recover from SFP config mismatch error small-frame Enable timer to recover from small frame error storm-control Enable timer to recover from storm-control error udld Enable timer to recover from udld error vmps Enable timer to recover from vmps shutdown error C3750X-5F-I02-2-252(config)#errdisable recovery cause loopback
可以指定什么情况下导致接口err-disable后自动激活,也可以选择所有导致接口err-disable后自动接口。
配置完上述命令后,IOS在一段时间后试图恢复被置为err-disable的接口,这段时间缺省为300秒,这个时间通过show errdisable recovery的Timer interval: 300 seconds值。
调整err-disable的超时时间,可以使用以下命令:
C3750X-5F-I02-2-252(config)#errdisable recovery interval ? <30-86400> timer-interval(sec) C3750X-5F-I02-2-252(config)#errdisable recovery interval 600
可以调整在30-86400秒,缺省是300秒
查看所有接口的状态
C3750X-5F-I02-2-252#show interfaces status Port Name Status Vlan Duplex Speed Type Gi1/0/1 "AA Network" connected routed a-half a-100 10/100/1000BaseTX Gi1/0/2 "BB Network connected routed a-full a-100 10/100/1000BaseTX Gi1/0/3 "CC Network" connected routed a-half a-100 10/100/1000BaseTX Gi1/0/4 "DD Network" connected routed a-half a-100 10/100/1000BaseTX Gi1/0/5 "EE Network" connected routed a-half a-100 10/100/1000BaseTX Gi1/0/6 "FF Network" connected routed a-half a-100 10/100/1000BaseTX Gi1/0/7 "GG Network connected routed a-half a-100 10/100/1000BaseTX Gi1/0/8 "HH Network" connected routed a-full a-100 10/100/1000BaseTX Gi1/0/9 err-disabled 1 auto auto 10/100/1000BaseTX Gi1/0/10 err-disabled 1 auto auto 10/100/1000BaseTX Gi1/0/11 notconnect 515 auto auto 10/100/1000BaseTX Gi1/0/12 connected 515 a-full a-1000 10/100/1000BaseTX Gi1/0/13 connected 514 a-full a-100 10/100/1000BaseTX Gi1/0/14 connected 514 a-full a-100 10/100/1000BaseTX Gi1/0/15 notconnect 513 auto auto 10/100/1000BaseTX Gi1/0/16 notconnect 513 auto auto 10/100/1000BaseTX Gi1/0/17 connected 502 a-full a-1000 10/100/1000BaseTX Gi1/0/18 connected 502 a-full a-1000 10/100/1000BaseTX Gi1/0/19 connected 502 a-full a-1000 10/100/1000BaseTX Gi1/0/20 err-disabled 502 auto auto 10/100/1000BaseTX Gi1/0/21 connected 515 a-full a-1000 10/100/1000BaseTX Gi1/0/22 connected 515 a-full a-1000 10/100/1000BaseTX Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/24 connected trunk a-full a-1000 10/100/1000BaseTX Fa0 notconnect routed auto auto 10/100BaseTX C3750X-5F-I02-2-252#
配置接口速率和双工模式
接口双工模式分为全双工和半双工,指的是数据的传输方式:
1.半双工(Half Duplex)是指接口任意时刻只能接收数据或者发送数据,并存在最大传输距离的限制。
2.全双工(Full Duplex)是指在发送数据的同时也能够接收数据,两者同步进行,最大吞吐量可达到双倍速率,且消除了半双工的物理距离限制。目前的网卡一般都支持全双工。
配置接口双工模式
接口双工模式可以是自协商模式(auto)、半双工模式(half)、全双工模式(full)
自协商的内容包括两端接口的双工模式和接口速率。一旦协商通过,链路两端的设备就锁定在同样的双工模式和接口速率。自协商功能只有在链路两端设备均支持才可以生效。如果对端设备不支持自协商功能,或者对端设备自协商机制和本端设备不一致,则接口可能会处于Down状态
如果数据流量较大,则链路两端的自协商结果只能为全双工模式,不能为半双工模式,否则会出现丢包现象。如果数据流量较小,链路两端的自协商结果为半双工模式即可以满足数据传输需求。
链路两端的双工模式必须保持一致。电接口对接时有可能因为两端接口自协商模式不一致等原因,造成接口被协商成半双工模式,此时可能会出现报文交互异常现象
C3750X-5F-I02-2-252#SHOw INTERfaces GigabitEthernet1/0/8 GigabitEthernet1/0/8 is down, line protocol is down (err-disabled) Hardware is Gigabit Ethernet, address is 00af.1fe0.63d0 (bia 00af.1fe0.63d0) Description: "HTZQ Network" Internet address is 165.16.241.174/30 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX # auto | full | half设置端口为-自动/全双工/半双工 input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 01:41:48, output 01:41:48, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo C3750X-5F-I02-2-252(config)#INTErface GigabitEthernet1/0/8 C3750X-5F-I02-2-252(config-if)# DUplex full C3750X-5F-I02-2-252(config-if)# Speed 100 C3750X-5F-I02-2-252(config-if)#speed ? 10 Force 10 Mbps operation 100 Force 100 Mbps operation 1000 Force 1000 Mbps operation auto Enable AUTO speed configuration C3750X-5F-I02-2-252(config-if)#