cisco 交流机呈现环路的措置体例收集情形:
4 _2 M+ E1 s5 P. n8 h# Z: `& jcisco 4006交流机两台,经由过程2条光纤模块1/1-2设置装备摆设trunk彼此毗连,然后毗连其他收集设备或者主机。
0 c% v v8 A7 L R1 z
! W/ y9 m1 m) A6 |1 z故障现象:2 v% }* r% \3 n2 x6 U
cisco 4006交流机cpu操作率过高,营业时断时续,无法正常进行,交流机日志采集的信息如下:
, A# S" U6 e! S5 r. {$ |2007 May 24 03:55:40 %SYS-4-P2_WARN: 1/Host 00:02:fd:06:d0:b0 is flapping between port 1/2 and port 1/1
' u* v( F$ Q+ G9 w" V# i; \7 Z2007 May 24 03:55:42 %SYS-4-P2_WARN: 1/Host 00:04:de:17:28:20 is flapping between port 1/2 and port 4/45
$ x: w! E$ v4 W" q7 ^$ e& C- o$ `( R2007 May 24 03:55:44 %SYS-4-P2_WARN: 1/Host 00:00:0c:07:ac:01 is flapping between port 1/2 and port 4/47
/ j2 v6 L+ `. q2007 May 24 03:55:45 %SYS-4-P2_WARN: 1/Host 00:05:9a:20:78:20 is flapping between port 1/2 and port 4/47
- P+ N6 E) ~2 P2 O4 a2 e2007 May 24 03:55:48 %SYS-4-P2_WARN: 1/Host 00:02:fd:06:d0:b0 is flapping between port 1/1 and port 1/2: Z1 H8 s4 T7 s; m' D6 a- z
2007 May 24 03:55:49 %SYS-4-P2_WARN: 1/Host 00:11:25:19:c3:c2 is flapping between port 1/2 and port 4/13
/ ^: C7 j! F/ \! z# a2007 May 24 03:55:53 %PAGP-5-PORTFROMSTPort 4/45 left bridge port 4/45) s% V6 Q3 ^1 m/ m+ |4 L4 q! I
2007 May 24 03:55:54 %SYS-4-P2_WARN: 1/Host 00:06:29:ec:aa:f2 is flapping between port 1/2 and port 4/37
" Z5 s! I+ M" u/ V2007 May 24 03:55:54 %SYS-4-P2_WARN: 1/Host 00:10:5c:c5:6a:ca is flapping between port 1/1 and port 4/7
4 R- m, F; S" q# E2007 May 24 03:55:54 %SYS-4-P2_WARN: 1/Host 00:09:6b:f5:0f:33 is flapping between port 1/1 and port 4/13# H7 H4 b/ D3 M
2007 May 24 03:55:54 %SYS-4-P2_WARN: 1/Host 00:10:5c:45:6a:ca is flapping between port 1/2 and port 1/1% ~' _4 V: g8 p* l9 e' `/ ^
2007 May 24 03:55:54 %SYS-4-P2_WARN: 1/Host 00:16:ec:7b:6c:b4 is flapping between port 1/1 and port 1/2
4 K; S& d* X9 a4 K- B2007 May 24 03:55:55 %SYS-4-P2_WARN: 1/Host 00:10:5c:c5:6a:ca is flapping between port 1/1 and port 4/7 6 ]3 m3 e9 O) l5 B( b
两台cisco 4006交流机之间呈现环路,某种原因使得STP算法失踪效,导致收集上呈现广播风暴。" Q/ T$ Q; ]+ B: @
" C4 S# Y* b, U$ b1 Q( f: W% n措置轨范:
h6 c9 j p9 R; s/ Y1、首先重启了两台cisco4006交流机(其实收集上还毗连了两台IBM小型机经由过程HACMP做了双机,因为双机对共享资本的呵护,对备机发出了 shutdown呼吁;正确的做法,应该先封锁一台交流机,或者将备机的hacmp遏制后再封锁两台交流机),启动后,cpu操作率下降,营业得以正常进行;, c. D& Z1 z' {7 q# z
2、接下来,按照报错信息上提到的各个端口搜检收集中是否存在环路。经搜检,出了两台4006之间有环路外,不存在其他环路,各呼吁搜检结不美观正常,所用到的呼吁有:show spantree active,show trunk,show config,show vlan,show port 等。# {( I, K$ u3 K$ ~
3、使用端口镜像体例对流经交流机上的数据进行抓包,看是否有可疑的arp包,是否为arp病毒导致收集呈现环缕鹕盱查结不美观未发现。使用的呼吁为:set span;使用的工具为:sniffer。
5 k) ~- [2 a3 x" c5 p2 b' x0 h3 Z4、考虑到曾经碰着过cisco STP算法呈现bug的情形,抉择对两台交流机之间的设置装备摆设做一个改动,将1/1-2两个光纤端口做成一个channel,然后在做trunk,这样既连结了两台交流机之间的毗连冗余,又可以消弭环路。使用的呼吁为:
0 t# b' n+ ~( u7 j; o* v! Uset port channel 1/1-2 53/ M/ k2 P* m9 u" N
set port channel 1/1-2 mode on
) |: i/ m. Z6 f( o8 @" E双方做完后,经由过程show portchannel查看状况,其中4006-2为notconnect,另一边4006-1为errdisable;在4006-1上执行呼吁:setport 1/1-2 enable;在使用show port channel查看,双方的状况均为connected;4 a2 ~ G" p) Q# t1 F
在其一一台交流机上设置trunk:4 Y* |4 L: S4 f* P* o
set trunk 1/1-2 on 13 \7 v0 ^% K' w( J$ J' a
使用show trunk呼吁查看状况正常;
, Q+ W2 ]9 B: i9 c使用show spantree active 查看正常:6 o) K$ a% t( m: U
4006-2> (enable) show spantree7 }* K# u1 e' x
VLAN 1
2 l- D+ X) {$ ?# VSpanning tree enabled* i8 R- F3 L+ ^$ `! e
Spanning tree type ieee
- J9 ]' B& A- NDesignated Root 00-05-32-db-b0-00, R0 \( K% g: @' Q; j, Z
Designated Root Priority 32768( z; l0 l# `2 B; Z$ Y1 O4 O/ S4 J5 b
Designated Root Cost 3
7 {2 D* A7 e) A1 T8 i4 a# M: ADesignated Root Port 1/1-2 (agPort 13/1)
% P7 h, |5 S. c( GRoot Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
K$ c' p5 b' ?% H; ~9 B8 UBridge ID MAC ADDR 00-05-32-db-b4-00
# G# N, L! K' z1 A+ yBridge ID Priority 32768
, O5 r N7 R$ ~Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
/ e) D% u6 n# e7 z, @# x, wPort Vlan Port-State Cost Prio Portfast Channel_id5 g6 B( ?. r | F8 t
------------------------ ---- ------------- --------- ---- -------- ----------
0 ]$ F% ~& t! ?* E& @1/1-2 1 forwarding 3 32 disabled 769
, t! V: L A( q$ \2 }7 R1 A7 @" B W: R) p+ f+ P5 h
这样,在STP计较时,会将1/1-2当成一个端口在计较,年夜而消弭了环路。 |