最新消息:阿啰哈,本人90后,目前单身,欢迎妹子们来撩!.(。→‿←。) 微信:frank01991

ErrDisable特性

Cisco 林志斌 990浏览

工作中曾碰到几例终端断网事件,就是由于接口进入了ErrDisable状态所致的。
通过ErrDisable特性,在错误状态影响到整台交换机或网络其余部分之前,交换机能够检测到特定接口的错误状态并禁用该端口。很多错误状态会触发ErrDisable特性,根据Catalyst交换机和软件版本的不同,情况会略有差异。ErrDisable类似于链路Down状态。
 
There are various reasons for the interface to go into errdisable. The reason can be:
●Duplex mismatch
●Port channel misconfiguration
●BPDU guard violation
●UniDirectional Link Detection (UDLD) condition
●Late-collision detection
●Link-flap detection
●Security violation
●Port Aggregation Protocol (PAgP) flap
●Layer 2 Tunneling Protocol (L2TP) guard
●DHCP snooping rate-limit
●Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
●Address Resolution Protocol (ARP) inspection
●Inline power
Note: Error-disable detection is enabled for all of these reasons by default. In order to disable error-disable detection, use the no errdisable detect cause command. The show errdisable detect command displays the error-disable detection status.
 
下面的show信息是GNS3上2961的ErrDisable默认状态(根据具体型号的设备其状态会有所不同):
S1#sh err ?
  detect       Error disable detection
  flap-values  Flap values for error disable detection
  recovery     Error disable recovery
S1#sh err de(默认检测所可能的情况并置为ErrDisable状态)

S1#sh err fl(端口在一定时间内的翻动次数会导致ErrDisable状态)

ErrDisable Reason    Flaps    Time (sec)
-----------------    ------   ----------
pagp-flap              3       30 
dtp-flap               3       30 
link-flap              20      10 

S1#sh err re(默认超时特性未开启。另外,如果没有启用自动恢复,导致错误接口的问题根源被administrator修复后,可以通过shutdown再no shutdown来手工启用接口。但谨记,如果错误仍然存在,接口仍会返回到ErrDisable状态。)

ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Disabled
bpduguard            Disabled
rootguard            Disabled
pagp-flap            Disabled
dtp-flap             Disabled
link-flap            Disabled

Timer interval: 300 seconds(如果启用了自动恢复,默认错误接口会在5分钟后恢复且计时器间隔是可以修改的,但谨记,如果错误仍然存在,接口仍会返回到ErrDisable状态)
Interfaces that will be enabled at the next timeout:
 
S1(config)#err detect cause all(启用所有可支持状态的ErrDisable检测,也可单独检测指定的某个检测。因为ErrDisable特性已经集成到其它特性中,如port-security、bpduguard、EtherChannel等,所以就无需再显式的启用ErrDisable状态检测)
S1(config)#err recovery cause all(启用所有所有可支持状态的ErrDisable恢复)
S1(config)#err recovery interval 60(恢复间隔改为60秒)
 
S1(config)#do sh err de

ErrDisable Reason    Detection status
-----------------    ----------------
udld                 Enabled
bpduguard            Enabled
rootguard            Enabled
pagp-flap            Enabled
dtp-flap             Enabled
link-flap            Enabled

S1(config)#do sh err re 

ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Enabled
bpduguard            Enabled
rootguard            Enabled
pagp-flap            Enabled
dtp-flap             Enabled
link-flap            Enabled
Timer interval: 60 seconds
Interfaces that will be enabled at the next timeout:

下面是一个开启了bpduguard的portfast接口接收到BPDU之后的过程,接口进入了ErrDisable状态:
S1(config)#int f0/1
S1(config-if)#sh
S1(config-if)#sw m a
S1(config-if)#span port
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.
S1(config-if)#span bpduguard enable
S1(config-if)#no sh
S1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
S1(config-if)#%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on 0/1, putting 0/1 in err-disable state

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
S1(config-if)#do sh int f0/1
FastEthernet0/1 is down, line protocol is down (err-disabled)
  Hardware is Lance, address is 00d0.588d.c701 (bia 00d0.588d.c701)
 BW 100000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
[output cut]
Note: When a port is error-disabled, 该接口所关联的前面板中的LED灯会一直处于琥珀色状态。
还可以使用类似sh int、sh int f0/1、sh int f0/1 status命令来查看接口状态是否为ErrDisable,如:
cat6knative#show interfaces gigabitethernet 4/1 status
Port    Name               Status       Vlan       Duplex  Speed Type
Gi4/1                      err-disabled 10           full   1000 1000BaseSX
 
关于ErrDisable状态的各种修复指南,请参阅cisco技术文档

转载请注明:林志斌 » ErrDisable特性

发表评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址