我的一台2960GG透过多模 10G SFP-10GBase-LRM光纤接核心3850交换机,今天早上之间网络不通,3850G和2960上的SFP模块指示灯都不亮,查看CISCO 2960G端口有如下提示:
#show int status err-disabled
Port Name Status Reason Err-disabled Vlans
Te6/0/1 [TRUNK] swi-core01 err-disabled link-flap解决如下:
int Te6/0/1
shut
no shut
end
OK!!!查阅关于link-flap及err-disable的资料如下:
Cisco网站上关于link-flap的说明:
Link-flap error
Link flap means that the interface continually goes up and down. The interface is put into the errdisabled state if it flaps more than five times in 10 seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch, or bad Gigabit Interface Converter (GBIC) card. Look at the console messages or the messages that were sent to the syslog server that state the reason for the port shutdown.
我的翻译:
Link flap的意思是接口持续性的up和down。如果一个接口在10秒内发生超过5次up/down,将被置为errdisable状态。link-flap的原因为layer-1层的诸如网线问题、双工不匹配或者故障的千兆GBIC卡。可以查看console或者syslog服务器下的log日志,获取端口shutdwn的原因。出现了这个问题,我们不得不重视起交换机端口“假死”的现象,寻求在交换机不重启的状态下将该端口“拯救”回来的方法。
拯救步骤1:查看日志/端口的状态
登录进入交换机后,执行show log,会看到如下的提示:
21w6d: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on FastEthernet0/20.
21w6d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/20, putting Fa0/20 in err-disable state
以上信息就明确表示由于检测到第20端口出现了环路,所以将该端口置于了err-disable状态。
查看端口的状态
Switch
#show int te6/0/1 status
Port Name Status Vlan Duplex Speed Type
Te6/0/1 [TRUNK] swi-core01 err-disabled 1 full 10G SFP-10GBase-LRM这条信息更加明确的表示了该端口处于err-disabled状态。
既然看到了该端口是被置于了错误的状态了,我们就应该有办法将其再恢复成正常的状态。
拯救步骤2:将端口从错误状态中恢复回来
进入交换机全局配置模式,执行errdisable recovery cause ?,会看到如下信息:
Switch(config)#errdisable recovery cause ?
all Enable timer to recover from all causes
bpduguard Enable timer to recover from BPDU Guard error disable state
channel-misconfig Enable timer to recover from channel misconfig disable state
dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state
dtp-flap Enable timer to recover from dtp-flap error disable state
gbic-invalid Enable timer to recover from invalid GBIC error disable state
l2ptguard Enable timer to recover from l2protocol-tunnel error disable state
link-flap Enable timer to recover from link-flap error disable state 链路报错修复
loopback Enable timer to recover from loopback detected disable state 环路报错修复
pagp-flap Enable timer to recover from pagp-flap error disable state
psecure-violation Enable timer to recover from psecure violation disable state
security-violation Enable timer to recover from 802.1x violation disable state
udld Enable timer to recover from udld error disable state
unicast-flood Enable timer to recover from unicast flood disable state
vmps Enable timer to recover from vmps shutdown error disable state从列出的选项中,我们可以看出,有非常多的原因会引起端口被置于错误状态,由于我们明确的知道这台交换机上的端口是由于环路问题而被置于错误状态的,所以就可以直接键入命令:
Switch(config)#errdisable recovery cause link-flap
是啊,就这么简单的一条命令,就把困挠我们很长时间的问题解决了,真的就这么神奇。那么如何验证这条命令是生效了呢?
拯救步骤3:显示被置于错误状态端口的恢复情况
switch#show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
arp-inspection Disabled
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
link-flap Enabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Disabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
psp Disabled
dual-active-recovery Disabled
evc-lite input mapping fa Disabled
Recovery command: "clear Disabled
Timer interval: 300 seconds
Interface Errdisable reason Time left(sec)
--------- ----------------- --------------
Interfaces that will be enabled at the next timeout:
Interface Errdisable reason Time left(sec)
--------- ----------------- --------------
Te6/0/1 link-flap 222
从以上显示的信息可以看出,这台交换机有一个端口(Te6/0/1)会222秒之后恢复为正常的状态,实际情况也是这样,等了几分钟以后。这下总算在不重交换机的情况下,将几个处于“假死”状态的端口“拯救”了回来。
文章来源:https://www.cnaaa.net,转载请注明出处:https://www.cnaaa.net/archives/12141
