登录进入交换机后,执行show log,会看到如下的提示: 21w6d: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-backdetected on FastEthernet0/20. 21w6d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/20,putting Fa0/20 in err-disable state 以上信息就明确表示由于检测到第20端口出现了环路,所以将该端口置于了err-disable状态。
查看端口的状态
Switch# show inter fa0/20 status Port Name Status Vlan Duplex Speed Type Fa0/20 link to databackup err-disabled 562 auto auto10/100BaseTX 这条信息更加明确的表示了该端口处于err-disabled状态。 既然看到了该端口是被置于了错误的状态了,我们就应该有办法将其再恢复成正常的状态。 拯救步骤2:将端口从错误状态中恢复回来
进入交换机全局配置模式,执行errdisablerecoverycause?,会看到如下信息: Switch(config)#errdisablerecoverycause ? all Enable timer to recover from all causes bpduguard Enable timer to recover from BPDU Guard error disablestate channel-misconfig Enable timer to recover from channel misconfigdisable state dhcp-rate-limit Enable timer to recover from dhcp-rate-limiterror disable state dtp-flap Enable timer to recover from dtp-flap error disablestate gbic-invalid Enable timer to recover from invalid GBIC errordisable state l2ptguard Enable timer to recover from l2protocol-tunnel errordisable state link-flap Enable timer to recover from link-flap error disablestate loopback Enable timer to recover from loopback detected disablestate pagp-flap Enable timer to recover from pagp-flap error disablestate psecure-violation Enable timer to recover from psecure violationdisable state security-violation Enable timer to recover from 802.1x violationdisable state udld Enable timer to recover from udld error disable state unicast-flood Enable timer to recover from unicast flood disablestate vmps Enable timer to recover from vmps shutdown error disablestate
端口都可以正常工作了。这下总算在不重交换机的情况下,将几个处于“假死”状态的端口“拯救”了回来。 关于接口处于err-disable的故障排查 故障症状: 线路不通,物理指示灯灭或者显示为橙色(不同平台指示灯状态不同) show interface 输出显示接口状态: FastEthernet0/47 is down, line protocol is down(err-disabled) 接口状态是err-disable。
sw1#show interfaces status
Port Name Status Vlan Duplex Speed Type Fa0/47 err-disabled 1 auto auto 10/100BaseTX
sw1#show interfaces status err-disabled Port Name Status Reason Fa0/47 err-disabled bpduguard 接口产生err-disable的原因可以由以下的命令来查看,系统缺省的配置是所有列出的原因都能导致接口被置为err-
sw1#show errdisablerecovery ErrDisableReason Timer Status ----------------- -------------- udld Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled vmps Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled dhcp-rate-limit Disabled unicast-flood Disabled loopback Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reasonTime left(sec) --------- ----------------- -------------- Fa0/47 bpduguard 217 配置IOS重新激活errdisable的接口,使用以下命令:
sw1(config)#errdisablerecoverycause bpduguard sw1(config)#errdisablerecoverycause ? all Enable timer to recover from all causes bpduguard Enable timer to recover from BPDU Guard error disablestate channel-misconfig Enable timer to recover from channel misconfigdisable state dhcp-rate-limit Enable timer to recover from dhcp-rate-limit errordisable state dtp-flap Enable timer to recover from dtp-flap error disablestate gbic-invalid Enable timer to recover from invalid GBIC errordisable state l2ptguard Enable timer to recover from l2protocol-tunnel errordisable state link-flap Enable timer to recover from link-flap error disablestate loopback Enable timer to recover from loopback detected disablestate pagp-flap Enable timer to recover from pagp-flap error disablestate psecure-violation Enable timer to recover from psecure violationdisable state security-violation Enable timer to recover from 802.1x violationdisable state udld Enable timer to recover from udld error disable state unicast-flood Enable timer to recover from unicast flood disablestate vmps Enable timer to recover from vmps shutdown error disable
No ports are disabled by UDLD. 同时,接口在被置为err-disable的时候,通常有一系列的日志产生,如下: *Mar 15 15:47:19.984: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU onport FastEthernet0/47 with BPDU
disable state sw1# *Mar 15 15:47:21.996: %LINK-3-UPDOWN: Interface FastEthernet0/47,changed state to down 收集这些日志也非常管用。 所以建议配置一个syslog server,收集log信息。
故障症状: 线路不通,物理指示灯灭或者显示为橙色(不同平台指示灯状态不同) show interface 输出显示接口状态: FastEthernet0/47 is down, line protocol is down(err-disabled) 接口状态是err-disable。 sw1#show interfaces status Port Name Status Vlan Duplex Speed Type Fa0/47 err-disabled 1 auto auto 10/100BaseTX 如果出现了接口状态为err-disable,show interfaces statuserr-disabled命令能查看触发err-disable的原因。 下面示例原因为bpduguard,在连接了交换机的端口配置了spanning-tree bpduguard enable。 sw1#show interfaces status err-disabled[b] Port Name [b]Status Reason Fa0/47 err-disabled [b]bpduguard[b] 接口产生err-disable的原因可以由以下的命令来查看,系统缺省的配置是所有列出的原因都能导致接口被置为err-
disable。 sw1#show errdisabledetect ErrDisableReason Detection status ----------------- ---------------- udld Enabled bpduguard Enabled security-violatio Enabled channel-misconfig Enabled psecure-violation Enabled dhcp-rate-limit Enabled unicast-flood Enabled vmps Enabled pagp-flap Enabled dtp-flap Enabled link-flap Enabled l2ptguard Enabled gbic-invalid Enabled loopback Enabled dhcp-rate-limit Enabled unicast-flood Enabled 从列表中,我们可以看出常见的原因有udld,bpduguard,link-flap以及loopback等。 具体由什么原因导致当前接口err-disable可以由show interface statuserr-disable来查看。 在接口模式下采用shutdown,no shutdown进行手动的激活。 在缺省配置下,一旦接口被置为err-disable,IOS将不会试图恢复接口。 这个可以由show errdisablerecovery来查看,timerstatus下面所有的值都是disable。 下面的示例中,由于手工配置了bpduguard恢复,所以timer status的值变为Enable。 sw1#show errdisablerecovery ErrDisableReason Timer Status ----------------- -------------- udld Disabled bpduguard Enabled security-violatio Disabled channel-misconfig Disabled vmps Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled dhcp-rate-limit Disabled unicast-flood Disabled loopback Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reasonTime left(sec) --------- ----------------- -------------- Fa0/47 bpduguard 217 配置IOS重新激活errdisable的接口,使用以下命令: sw1(config)#errdisablerecoverycause bpduguard sw1(config)#errdisablerecoverycause ? all Enable timer to recover from all causes bpduguard Enable timer to recover from BPDU Guard error disablestate channel-misconfig Enable timer to recover from channel misconfigdisable state dhcp-rate-limit Enable timer to recover from dhcp-rate-limit errordisable state dtp-flap Enable timer to recover from dtp-flap error disablestate gbic-invalid Enable timer to recover from invalid GBIC errordisable state l2ptguard Enable timer to recover from l2protocol-tunnel errordisable state link-flap Enable timer to recover from link-flap error disablestate loopback Enable timer to recover from loopback detected disablestate pagp-flap Enable timer to recover from pagp-flap error disablestate psecure-violation Enable timer to recover from psecure violationdisable state security-violation Enable timer to recover from 802.1x violationdisable state udld Enable timer to recover from udld error disable state unicast-flood Enable timer to recover from unicast flood disablestate vmps Enable timer to recover from vmps shutdown error disable 配置完上述命令后,IOS在一段时间后试图恢复被置为err-disable的接口,这段时间缺省为300秒。 但是,如果引起err-disable的源没有根治,在恢复工作后,接口会再次被置为err-disable。 调整err-disable的超时时间,可以使用以下命令: sw1(config)#errdisablerecovery interval? <30-86400> timer-interval(sec) 可以调整在30-86400秒,缺省是300秒。 如果产生err-disable的原因是udld,下面有一条命令非常管用: sw1#udld reset No ports are disabled by UDLD. 同时,接口在被置为err-disable的时候,通常有一系列的日志产生,如下: *Mar 15 15:47:19.984: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU onport FastEthernet0/47 with BPDU
disable state sw1# *Mar 15 15:47:21.996: %LINK-3-UPDOWN: Interface FastEthernet0/47,changed state to down 收集这些日志也非常管用。 所以建议配置一个syslog server,收集log信息。 sw1#show interfaces status Port Name Status Vlan Du... 开启errdisable功能,这样可以使用show
errdisable来查看引发errdisable的原因是什么,再更加信息内容进行解决。 你要是想不影响使用的话,先用 no errdisable detectcauseloopback 执行一下,将已经死掉的端口,no sh 一下
效的方法,你可查看有问题的 switch的所有rj45和gi口的状态,哪个有errdisable信息哪个就有问题。 switch#show interfaces status err-disabled Port Name Status Reason Fa0/22 err-disabled link-flap Fa0/37 For office in 100K err-disabled link-flap Fa0/41 unknow err-disabled link-flap Fa0/42 Training Dc066 err-disabled link-flap Fa0/45 Production line VM err-disabled link-flap switch#show errdisabledetect ErrDisableReason Detection status ----------------- ---------------- pagp-flap Enabled dtp-flap Enabled link-flap Enabled l2ptguardEnabled gbic-invalid Enabled loopback
Enabled switch#show interfaces status err-disabled Port Name Status Reason Fa0/22 err-disabled link-flap Fa0/37 For office in 100K err-disabled link-flap Fa0/41 unknow err-disabled link-flap Fa0/42 Training Dc066 err-disabled link-flap Fa0/45 Production line VM err-disabled link-flap switch#sh errdisableflap-values ErrDisableReason Flaps Time (sec) ----------------- ------ ---------- pagp-flap 3 30 dtp-flap 3 30 link-flap 5 10 ( link-flap这就是因为链路质量不好导致的) 关闭errdisable
Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator
u - unsuitable for bundling Number of channel-groups in use: 0 Number of aggregators: 0
EC没有正常工作是由于端口被设置为err-disabled状态: NUAIKO#show interfaces gigabitethernet 2/1 status
Port Name Status Vlan Duplex Speed Type Gi2/1 err-disabled 100 full 1000 1000BaseSX