实例:
和客户IDC机房拉了一条MSTP线路,接入到Cisco 3750x后端口灯不亮,更换了端口也是不亮,查看端口信息发现因为客户端有环路导致我们接口出现err-disable错误。
故障现象:
线路不通,物理指示灯不亮,有的会显示为橙色(不同平台指示灯状态不同)
解决思路:
取消环路,将端口重启
排错过程:
1、查看接口状态
GigabitEthernet1/0/8 is down, line protocol is down (err-disabled)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
C3750X-5F-I02-2-252
#SHOw INTERfaces GIgabitEthernet 1/0/8
GigabitEthernet1
/0/8
is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 00af.1fe0.63d0 (bia 00af.1fe0.63d0)
Description:
"HTZQ Network"
Internet address is 165.16.241.174
/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255
/255
, txload 1
/255
, rxload 1
/255
Encapsulation ARPA, loopback not
set
Keepalive
set
(10 sec)
Auto-duplex, Auto-speed, media
type
is 10
/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP
type
: ARPA, ARP Timeout 04:00:00
Last input 16:07:19, output 16:07:19, output hang never
Last clearing of
"show interface"
counters never
Input queue: 0
/75/0/0
(size
/max/drops/flushes
); Total output drops: 0
Queueing strategy: fifo
Output queue: 0
/40
(size
/max
)
5 minute input rate 0 bits
/sec
, 0 packets
/sec
5 minute output rate 0 bits
/sec
, 0 packets
/sec
42 packets input, 10117 bytes, 0 no buffer
Received 33 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 19 multicast, 0 pause input
0 input packets with dribble condition detected
77 packets output, 21350 bytes, 0 underruns
0 output errors, 0 collisions, 9 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
C3750X-5F-I02-2-252
#SHOw INTERfaces GIgabitEthernet 1/0/8 STATUS
Port Name Status Vlan Duplex Speed Type
Gi1
/0/8
"HTZQ Network"
err-disabled routed auto auto 10
/100/1000BaseTX
C3750X-5F-I02-2-252
#
|
2、查看导致接口err-disable的原因
|
1
2
3
4
5
6
7
8
|
C3750X-5F-I02-2-252
#show interfaces status err-disabled
Port Name Status Reason Err-disabled Vlans
Gi1
/0/8
"HTZQ Network"
err-disabled loopback
Gi1
/0/9
err-disabled loopback
Gi1
/0/10
err-disabled loopback
Gi1
/0/20
err-disabled loopback
C3750X-5F-I02-2-252
#
|
从图中可以看出导致接口err-disable的原因是loopback,因为期间我更换过接口,因为环路导致了所有更换过的接口都是err-disable
看到哪些原因会导致接口处于err-disable
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
C3750X-5F-I02-2-252
#show errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
arp-inspection Enabled port
bpduguard Enabled port
channel-misconfig (STP) Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
gbic-invalid Enabled port
inline-power Enabled port
invalid-policy Enabled port
l2ptguard Enabled port
link-flap Enabled port
loopback Enabled port
lsgroup Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port
/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
small-frame Enabled port
storm-control Enabled port
udld Enabled port
vmps Enabled port
C3750X-5F-I02-2-252
#
|
从列表中,我们可以看出常见的原因有udld,bpduguard,link-flap以及loopback等。 具体由什么原因导致当前接口err-disable可以由show interface status err-disable来查看。
3、恢复
在接口模式下采用shutdown,no shutdown进行手动的激活即可恢复,前提是环路要接触,不然接口会再次被置于err-disable。
在缺省配置下,一旦接口被置为err-disable,IOS将不会试图恢复接口。 这个可以由show errdisable recovery来查看,timer status下面所有的值都是disable。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
C3750X-5F-I02-2-252
#show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
arp-inspection Disabled
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
l2ptguard Disabled
link-flap Disabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Disabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
C3750X-5F-I02-2-252
#
|
配置IOS自动重新激活errdisable的接口
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
C3750X-5F-I02-2-252(config)
#errdisable recovery cause ?
all Enable timer to recover from all error causes
arp-inspection Enable timer to recover from arp inspection error disable state
bpduguard Enable timer to recover from BPDU Guard error
channel-misconfig (STP) Enable timer to recover from channel misconfig error
dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error
dtp-flap Enable timer to recover from dtp-flap error
gbic-invalid Enable timer to recover from invalid GBIC error
inline-power Enable timer to recover from inline-power error
l2ptguard Enable timer to recover from l2protocol-tunnel error
link-flap Enable timer to recover from link-flap error
loopback Enable timer to recover from loopback error
mac-limit Enable timer to recover from mac limit disable state
pagp-flap Enable timer to recover from pagp-flap error
port-mode-failure Enable timer to recover from port mode change failure
pppoe-ia-rate-limit Enable timer to recover from PPPoE IA rate-limit error
psecure-violation Enable timer to recover from psecure violation error
security-violation Enable timer to recover from 802.1x violation error
sfp-config-mismatch Enable timer to recover from SFP config mismatch error
small-frame Enable timer to recover from small frame error
storm-control Enable timer to recover from storm-control error
udld Enable timer to recover from udld error
vmps Enable timer to recover from vmps
shutdown
error
C3750X-5F-I02-2-252(config)
#errdisable recovery cause loopback
|
可以指定什么情况下导致接口err-disable后自动激活,也可以选择所有导致接口err-disable后自动接口。
配置完上述命令后,IOS在一段时间后试图恢复被置为err-disable的接口,这段时间缺省为300秒,这个时间通过show errdisable recovery的Timer interval: 300 seconds值。
调整err-disable的超时时间,可以使用以下命令:
|
1
2
3
4
|
C3750X-5F-I02-2-252(config)
#errdisable recovery interval ?
<30-86400> timer-interval(sec)
C3750X-5F-I02-2-252(config)
#errdisable recovery interval 600
|
可以调整在30-86400秒,缺省是300秒
查看所有接口的状态
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
C3750X-5F-I02-2-252
#show interfaces status
Port Name Status Vlan Duplex Speed Type
Gi1
/0/1
"AA Network"
connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/2
"BB Network connected routed a-full a-100 10
/100/1000BaseTX
Gi1
/0/3
"CC Network"
connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/4
"DD Network"
connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/5
"EE Network"
connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/6
"FF Network"
connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/7
"GG Network connected routed a-half a-100 10
/100/1000BaseTX
Gi1
/0/8
"HH Network"
connected routed a-full a-100 10
/100/1000BaseTX
Gi1
/0/9
err-disabled 1 auto auto 10
/100/1000BaseTX
Gi1
/0/10
err-disabled 1 auto auto 10
/100/1000BaseTX
Gi1
/0/11
notconnect 515 auto auto 10
/100/1000BaseTX
Gi1
/0/12
connected 515 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/13
connected 514 a-full a-100 10
/100/1000BaseTX
Gi1
/0/14
connected 514 a-full a-100 10
/100/1000BaseTX
Gi1
/0/15
notconnect 513 auto auto 10
/100/1000BaseTX
Gi1
/0/16
notconnect 513 auto auto 10
/100/1000BaseTX
Gi1
/0/17
connected 502 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/18
connected 502 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/19
connected 502 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/20
err-disabled 502 auto auto 10
/100/1000BaseTX
Gi1
/0/21
connected 515 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/22
connected 515 a-full a-1000 10
/100/1000BaseTX
Gi1
/0/23
notconnect 1 auto auto 10
/100/1000BaseTX
Gi1
/0/24
connected trunk a-full a-1000 10
/100/1000BaseTX
Fa0 notconnect routed auto auto 10
/100BaseTX
C3750X-5F-I02-2-252
#
|
配置接口速率和双工模式
接口双工模式分为全双工和半双工,指的是数据的传输方式:
1.半双工(Half Duplex)是指接口任意时刻只能接收数据或者发送数据,并存在最大传输距离的限制。
2.全双工(Full Duplex)是指在发送数据的同时也能够接收数据,两者同步进行,最大吞吐量可达到双倍速率,且消除了半双工的物理距离限制。目前的网卡一般都支持全双工。
配置接口双工模式
接口双工模式可以是自协商模式(auto)、半双工模式(half)、全双工模式(full)
自协商的内容包括两端接口的双工模式和接口速率。一旦协商通过,链路两端的设备就锁定在同样的双工模式和接口速率。自协商功能只有在链路两端设备均支持才可以生效。如果对端设备不支持自协商功能,或者对端设备自协商机制和本端设备不一致,则接口可能会处于Down状态
如果数据流量较大,则链路两端的自协商结果只能为全双工模式,不能为半双工模式,否则会出现丢包现象。如果数据流量较小,链路两端的自协商结果为半双工模式即可以满足数据传输需求。
链路两端的双工模式必须保持一致。电接口对接时有可能因为两端接口自协商模式不一致等原因,造成接口被协商成半双工模式,此时可能会出现报文交互异常现象
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
C3750X-5F-I02-2-252
#SHOw INTERfaces GigabitEthernet1/0/8
GigabitEthernet1
/0/8
is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 00af.1fe0.63d0 (bia 00af.1fe0.63d0)
Description:
"HTZQ Network"
Internet address is 165.16.241.174
/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255
/255
, txload 1
/255
, rxload 1
/255
Encapsulation ARPA, loopback not
set
Keepalive
set
(10 sec)
Auto-duplex, Auto-speed, media
type
is 10
/100/1000BaseTX
# auto | full | half设置端口为-自动/全双工/半双工
input flow-control is off, output flow-control is unsupported
ARP
type
: ARPA, ARP Timeout 04:00:00
Last input 01:41:48, output 01:41:48, output hang never
Last clearing of
"show interface"
counters never
Input queue: 0
/75/0/0
(size
/max/drops/flushes
); Total output drops: 0
Queueing strategy: fifo
C3750X-5F-I02-2-252(config)
#INTErface GigabitEthernet1/0/8
C3750X-5F-I02-2-252(config-
if
)
# DUplex full
C3750X-5F-I02-2-252(config-
if
)
# Speed 100
C3750X-5F-I02-2-252(config-
if
)
#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
1000 Force 1000 Mbps operation
auto Enable AUTO speed configuration
C3750X-5F-I02-2-252(config-
if
)
#
|
本文转自 justin_peng 51CTO博客,原文链接:http://blog.51cto.com/ityunwei2017/1966890,如需转载请自行联系原作者
