实例:
和客户IDC机房拉了一条MSTP线路,接入到Cisco 3750x后端口灯不亮,更换了端口也是不亮,查看端口信息发现因为客户端有环路导致我们接口出现err-disable错误。
故障现象:
线路不通,物理指示灯不亮,有的会显示为橙色(不同平台指示灯状态不同)
解决思路:
取消环路,将端口重启
排错过程:
1、查看接口状态
GigabitEthernet1/0/8 is down, line protocol is down (err-disabled)
C3750X-5F-I02-2-252#SHOwINTERfacesGIgabitEthernet1/0/8 GigabitEthernet1/0/8isdown,lineprotocolisdown(err-disabled) HardwareisGigabitEthernet,addressis00af.1fe0.63d0(bia00af.1fe0.63d0) Description:"HTZQNetwork" Internetaddressis165.16.241.174/30 MTU1500bytes,BW100000Kbit,DLY100usec, reliability255/255,txload1/255,rxload1/255 EncapsulationARPA,loopbacknotset Keepaliveset(10sec) Auto-duplex,Auto-speed,mediatypeis10/100/1000BaseTX inputflow-controlisoff,outputflow-controlisunsupported ARPtype:ARPA,ARPTimeout04:00:00 Lastinput16:07:19,output16:07:19,outputhangnever Lastclearingof"showinterface"countersnever Inputqueue:0/75/0/0(size/max/drops/flushes);Totaloutputdrops:0 Queueingstrategy:fifo Outputqueue:0/40(size/max) 5minuteinputrate0bits/sec,0packets/sec 5minuteoutputrate0bits/sec,0packets/sec 42packetsinput,10117bytes,0nobuffer Received33broadcasts(0IPmulticasts) 0runts,0giants,0throttles 0inputerrors,0CRC,0frame,0overrun,0ignored 0watchdog,19multicast,0pauseinput 0inputpacketswithdribbleconditiondetected 77packetsoutput,21350bytes,0underruns 0outputerrors,0collisions,9interfaceresets 0babbles,0latecollision,0deferred 0lostcarrier,0nocarrier,0PAUSEoutput 0outputbufferfailures,0outputbuffersswappedout C3750X-5F-I02-2-252#SHOwINTERfacesGIgabitEthernet1/0/8STATUS PortNameStatusVlanDuplexSpeedType Gi1/0/8"HTZQNetwork"err-disabledroutedautoauto10/100/1000BaseTX C3750X-5F-I02-2-252#
2、查看导致接口err-disable的原因
C3750X-5F-I02-2-252#showinterfacesstatuserr-disabled PortNameStatusReasonErr-disabledVlans Gi1/0/8"HTZQNetwork"err-disabledloopback Gi1/0/9err-disabledloopback Gi1/0/10err-disabledloopback Gi1/0/20err-disabledloopback C3750X-5F-I02-2-252#
从图中可以看出导致接口err-disable的原因是loopback,因为期间我更换过接口,因为环路导致了所有更换过的接口都是err-disable
看到哪些原因会导致接口处于err-disable
C3750X-5F-I02-2-252#showerrdisabledetect ErrDisableReasonDetectionMode ------------------------------ arp-inspectionEnabledport bpduguardEnabledport channel-misconfig(STP)Enabledport community-limitEnabledport dhcp-rate-limitEnabledport dtp-flapEnabledport gbic-invalidEnabledport inline-powerEnabledport invalid-policyEnabledport l2ptguardEnabledport link-flapEnabledport loopbackEnabledport lsgroupEnabledport mac-limitEnabledport pagp-flapEnabledport port-mode-failureEnabledport pppoe-ia-rate-limitEnabledport psecure-violationEnabledport/vlan security-violationEnabledport sfp-config-mismatchEnabledport small-frameEnabledport storm-controlEnabledport udldEnabledport vmpsEnabledport C3750X-5F-I02-2-252#
从列表中,我们可以看出常见的原因有udld,bpduguard,link-flap以及loopback等。 具体由什么原因导致当前接口err-disable可以由show interface status err-disable来查看。
3、恢复
在接口模式下采用shutdown,no shutdown进行手动的激活即可恢复,前提是环路要接触,不然接口会再次被置于err-disable。
在缺省配置下,一旦接口被置为err-disable,IOS将不会试图恢复接口。 这个可以由show errdisable recovery来查看,timer status下面所有的值都是disable。
C3750X-5F-I02-2-252#showerrdisablerecovery ErrDisableReasonTimerStatus ------------------------------- arp-inspectionDisabled bpduguardDisabled channel-misconfig(STP)Disabled dhcp-rate-limitDisabled dtp-flapDisabled gbic-invalidDisabled inline-powerDisabled l2ptguardDisabled link-flapDisabled mac-limitDisabled loopbackDisabled pagp-flapDisabled port-mode-failureDisabled pppoe-ia-rate-limitDisabled psecure-violationDisabled security-violationDisabled sfp-config-mismatchDisabled small-frameDisabled storm-controlDisabled udldDisabled vmpsDisabled Timerinterval:300seconds Interfacesthatwillbeenabledatthenexttimeout: C3750X-5F-I02-2-252#
配置IOS自动重新激活errdisable的接口
C3750X-5F-I02-2-252(config)#errdisablerecoverycause? allEnabletimertorecoverfromallerrorcauses arp-inspectionEnabletimertorecoverfromarpinspectionerrordisablestate bpduguardEnabletimertorecoverfromBPDUGuarderror channel-misconfig(STP)Enabletimertorecoverfromchannelmisconfigerror dhcp-rate-limitEnabletimertorecoverfromdhcp-rate-limiterror dtp-flapEnabletimertorecoverfromdtp-flaperror gbic-invalidEnabletimertorecoverfrominvalidGBICerror inline-powerEnabletimertorecoverfrominline-powererror l2ptguardEnabletimertorecoverfroml2protocol-tunnelerror link-flapEnabletimertorecoverfromlink-flaperror loopbackEnabletimertorecoverfromloopbackerror mac-limitEnabletimertorecoverfrommaclimitdisablestate pagp-flapEnabletimertorecoverfrompagp-flaperror port-mode-failureEnabletimertorecoverfromportmodechangefailure pppoe-ia-rate-limitEnabletimertorecoverfromPPPoEIArate-limiterror psecure-violationEnabletimertorecoverfrompsecureviolationerror security-violationEnabletimertorecoverfrom802.1xviolationerror sfp-config-mismatchEnabletimertorecoverfromSFPconfigmismatcherror small-frameEnabletimertorecoverfromsmallframeerror storm-controlEnabletimertorecoverfromstorm-controlerror udldEnabletimertorecoverfromudlderror vmpsEnabletimertorecoverfromvmpsshutdownerror C3750X-5F-I02-2-252(config)#errdisablerecoverycauseloopback
可以指定什么情况下导致接口err-disable后自动激活,也可以选择所有导致接口err-disable后自动接口。
配置完上述命令后,IOS在一段时间后试图恢复被置为err-disable的接口,这段时间缺省为300秒,这个时间通过show errdisable recovery的Timer interval: 300 seconds值。
调整err-disable的超时时间,可以使用以下命令:
C3750X-5F-I02-2-252(config)#errdisablerecoveryinterval? <30-86400>timer-interval(sec) C3750X-5F-I02-2-252(config)#errdisablerecoveryinterval600
可以调整在30-86400秒,缺省是300秒
查看所有接口的状态
C3750X-5F-I02-2-252#showinterfacesstatus PortNameStatusVlanDuplexSpeedType Gi1/0/1"AANetwork"connectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/2"BBNetworkconnectedrouteda-fulla-10010/100/1000BaseTX Gi1/0/3"CCNetwork"connectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/4"DDNetwork"connectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/5"EENetwork"connectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/6"FFNetwork"connectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/7"GGNetworkconnectedrouteda-halfa-10010/100/1000BaseTX Gi1/0/8"HHNetwork"connectedrouteda-fulla-10010/100/1000BaseTX Gi1/0/9err-disabled1autoauto10/100/1000BaseTX Gi1/0/10err-disabled1autoauto10/100/1000BaseTX Gi1/0/11notconnect515autoauto10/100/1000BaseTX Gi1/0/12connected515a-fulla-100010/100/1000BaseTX Gi1/0/13connected514a-fulla-10010/100/1000BaseTX Gi1/0/14connected514a-fulla-10010/100/1000BaseTX Gi1/0/15notconnect513autoauto10/100/1000BaseTX Gi1/0/16notconnect513autoauto10/100/1000BaseTX Gi1/0/17connected502a-fulla-100010/100/1000BaseTX Gi1/0/18connected502a-fulla-100010/100/1000BaseTX Gi1/0/19connected502a-fulla-100010/100/1000BaseTX Gi1/0/20err-disabled502autoauto10/100/1000BaseTX Gi1/0/21connected515a-fulla-100010/100/1000BaseTX Gi1/0/22connected515a-fulla-100010/100/1000BaseTX Gi1/0/23notconnect1autoauto10/100/1000BaseTX Gi1/0/24connectedtrunka-fulla-100010/100/1000BaseTX Fa0notconnectroutedautoauto10/100BaseTX C3750X-5F-I02-2-252#
扩展:
配置接口速率和双工模式
接口双工模式分为全双工和半双工,指的是数据的传输方式:
1.半双工(Half Duplex)是指接口任意时刻只能接收数据或者发送数据,并存在最大传输距离的限制。
2.全双工(Full Duplex)是指在发送数据的同时也能够接收数据,两者同步进行,最大吞吐量可达到双倍速率,且消除了半双工的物理距离限制。目前的网卡一般都支持全双工。
配置接口双工模式
接口模式配置可以是自协商模式(auto)、半双工模式(half)、全双工模式(full)
自协商的内容包括两端接口的双工模式和接口速率。一旦协商通过,链路两端的设备就锁定在同样的双工模式和接口速率。自协商功能只有在链路两端设备均支持才可以生效。如果对端设备不支持自协商功能,或者对端设备自协商机制和本端设备不一致,则接口可能会处于Down状态
如果数据流量较大,则链路两端的自协商结果只能为全双工模式,不能为半双工模式,否则会出现丢包现象。如果数据流量较小,链路两端的自协商结果为半双工模式即可以满足数据传输需求。
链路两端的双工模式必须保持一致。电接口对接时有可能因为两端接口自协商模式不一致等原因,造成接口被协商成半双工模式,此时可能会出现报文交互异常现象
C3750X-5F-I02-2-252(config)#interfaceGigabitEthernet1/0/8 C3750X-5F-I02-2-252(config-if)#duplex? autoEnableAUTOduplexconfiguration fullForcefullduplexoperation halfForcehalf-duplexoperation C3750X-5F-I02-2-252(config-if)#speed? 10Force10Mbpsoperation 100Force100Mbpsoperation 1000Force1000Mbpsoperation autoEnableAUTOspeedconfiguration C3750X-5F-I02-2-252(config-if)#