Troubleshoot Err-disable recovery


:Mr.zhou 转载请注明来源  阅读: 1,513 次 

1.1.c Troubleshoot Err-disable recovery

Errdisable

  功能

  如果将一个端口配置为开启状态,但交换机系统软件发现此端口出现错误,此时交换机会将此端口关闭。换句话说,交换机系统软件会将一个处于错误环境的端口自动关闭。

  当端口处于error disabled状态,它将被有效的关闭,不会发送和接受数据。端口对应的指示灯会变为橙色。当你在输入show interfaces 时,此端口状态会显示为 err-disabled 。

cat6k#show interfaces gigabitethernet 4/1 status 

Port    Name       Status       Vlan       Duplex  Speed Type
Gi4/1              err-disabled 100          full   1000 1000BaseSX

  如果一个端口因为错误而被禁用,控制台或者日志中看到以下类似的信息:

%SPANTREE-SP-2-BLOCK_BPDUGUARD: 
   Received BPDU on port GigabitEthernet4/1 with BPDU Guard enabled. Disabling port.
%PM-SP-4-ERR_DISABLE: 
   bpduguard error detected on Gi4/1, putting Gi4/1 in err-disable state

  Error Disable 功能有两个目的:

  × 让管理员知道什么时候哪个端口出现了错误
  × 不让出现错误的端口影响其他正常工作的端口

导致 Errdisable 的原因

  × A cable that is out of specification (either too long, the wrong type, or defective) 线缆问题
  × A bad network interface card (NIC) card (with physical problems or driver problems) 网卡问题
  × A port duplex misconfiguration 端口双工配置问题
  × Duplex mismatch 互连两个端口单双工不匹配
  × Port channel misconfiguration 端口组配置错误
  × BPDU guard violation BPDU保护策略
  × UniDirectional Link Detection (UDLD) condition 单项链路检测发现问题
  × Late-collision detection
  × Link-flap detection
  × Security violation
  × Port Aggregation Protocol (PAgP) flap
  × Layer 2 Tunneling Protocol (L2TP) guard
  × DHCP snooping rate-limit
  × Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
  × Address Resolution Protocol (ARP) inspection
  × Inline power

  Error-disable 默认启用了所有错误条件检测。可以通过 no errdisable detect cause 命令来禁用Error-disable检测。可以通过 show errdisable detect 显示目前Error-disable 检测的状态。

  通过show interfaces 命令来显示端口 Error-disable 的状态。

cat6k#show interfaces gigabitethernet 4/1 status 

!--- Refer to show interfaces status for more information on the command.

Port    Name               Status       Vlan       Duplex  Speed Type
Gi4/1                      Connected    100          full   1000 1000BaseSX

cat6k#show interfaces gigabitethernet 4/1 status 

!--- Refer to show interfaces status for more information on the command.

Port    Name               Status       Vlan       Duplex  Speed Type
Gi4/1                      err-disabled 100          full   1000 1000BaseSX

  可以通过控制台信息、日志、show errdisable recovery 命令来确定导致端口为error-disable状态的原因。

%SPANTREE-SP-2-BLOCK_BPDUGUARD: 
   Received BPDU on port GigabitEthernet4/1 with BPDU Guard enabled. Disabling port.

%PM-SP-4-ERR_DISABLE: 
   bpduguard error detected on Gi4/1, putting Gi4/1 in err-disable state

 %SPANTREE-2-CHNMISCFG: STP loop - channel 11/1-2 is disabled in vlan 1

cat6k#show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Enabled
bpduguard            Enabled
security-violatio    Enabled
channel-misconfig    Enabled
pagp-flap            Enabled
dtp-flap             Enabled
link-flap            Enabled
l2ptguard            Enabled
psecure-violation    Enabled
gbic-invalid         Enabled
dhcp-rate-limit      Enabled
mac-limit            Enabled
unicast-flood        Enabled
arp-inspection       Enabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

Interface      Errdisable reason      Time left(sec)
---------    ---------------------    --------------
  Fa2/4                bpduguard          273

将端口从Error-disable状态恢复过来

  应该在重新开启端口前将错误解决,不然端口状态还会自动变为error-disable 。

%SPANTREE-2-CHNL_MISCFG: Detected loop due to etherchannel misconfiguration 
of Gi4/1


cat6k#show etherchannel summary

!--- Refer to show etherchannel for more information on the command.

Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        u - unsuitable for bundling
Number of channel-groups in use: 0
Number of aggregators:           0

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------

cat6knative#show interfaces gigabitethernet 4/1 status

Port    Name               Status       Vlan       Duplex  Speed Type
Gi4/1                      err-disabled 100          full   1000 1000BaseSX

cat6k(config-terminal)#interface gigabitethernet 4/1
cat6k(config-if)#channel-group 3 mode desirable non-silent
cat6k(config-if)#spanning-tree bpduguard enable

cat6k(config-if)#spanning-tree portfast enable

%PM-SP-4-ERR_DISABLE: bpduguard error detected on Gi4/1, putting Gi4/1 in 
err-disable state.

cat6k#show interfaces gigabitethernet 4/1 status

Port    Name               Status       Vlan       Duplex  Speed Type
Gi4/1                      err-disabled 100          full   1000 1000BaseSX

cat6k(config-if)#spanning-tree portfast disable

从新启用接口

  当修复问题后,在没有配置交换机 errdisable recovery 时,此端口依然为关闭状态。此时需要在该接口下输入 shutdown 后在no shutdown 。

  errdisable recovery 命令允许配置在遇到特定错误导致端口关闭后的指定时间后自动开启端口。

  show errdisable recovery 命令显示所有可能导致端口为error disable的原因及默认的recovery状态。

cat6k#show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Disabled
bpduguard            Disabled
security-violatio    Disabled
channel-misconfig    Disabled
pagp-flap            Disabled
dtp-flap             Disabled
link-flap            Disabled
l2ptguard            Disabled
psecure-violation    Disabled
gbic-invalid         Disabled
dhcp-rate-limit      Disabled
mac-limit            Disabled
unicast-flood        Disabled
arp-inspection       Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:
cat6k#errdisable recovery cause ?
  all                 Enable timer to recover from all causes
  arp-inspection      Enable timer to recover from arp inspection error disable
                      state
  bpduguard           Enable timer to recover from BPDU Guard error disable
                      state
  channel-misconfig   Enable timer to recover from channel misconfig disable
                      state
  dhcp-rate-limit     Enable timer to recover from dhcp-rate-limit error
                      disable state
  dtp-flap            Enable timer to recover from dtp-flap error disable state
  gbic-invalid        Enable timer to recover from invalid GBIC error disable
                      state
  l2ptguard           Enable timer to recover from l2protocol-tunnel error
                      disable state
  link-flap           Enable timer to recover from link-flap error disable
                      state
  mac-limit           Enable timer to recover from mac limit disable state
  pagp-flap           Enable timer to recover from pagp-flap error disable
                      state
  psecure-violation   Enable timer to recover from psecure violation disable
                      state
  security-violation  Enable timer to recover from 802.1x violation disable
                      state
  udld                Enable timer to recover from udld error disable state
  unicast-flood       Enable timer to recover from unicast flood disable state
cat6knative(Config)#errdisable recovery cause bpduguard
cat6k#show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Disabled
bpduguard            Enabled
security-violatio    Disabled
channel-misconfig    Disabled
pagp-flap            Disabled
dtp-flap             Disabled
link-flap            Disabled
l2ptguard            Disabled
psecure-violation    Disabled
gbic-invalid         Disabled
dhcp-rate-limit      Disabled
mac-limit            Disabled
unicast-flood        Disabled
arp-inspection       Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

Interface      Errdisable reason      Time left(sec)
---------    ---------------------    --------------
  Fa2/4                bpduguard          290
cat6k(Config)#errdisable recovery interval timer_interval_in_seconds

cat6k(Config)#errdisable recovery interval 400

相关命令

  × show version
  × show interfaces interface interface_number status
  × show errdisable detect
  × show interfaces status err-disabled
  × show etherchannel summary
  × show errdisable recovery
  × show errdisable detect


http://www.z-dig.com/troubleshoot-err-disable-recovery.html


正文部分到此结束


转载请注明原文链接
若您在阅读过程中发现错误,请邮件或留言告知本人。谢谢