시스코 스위치 link-flap 에러 처리
상태 : C3550 스위치 포트가 link-flap 에러를 감지하고, 포트 상태를 err-disabled 상태로 변경함. 39번 포트에 연결된 장비는 통신이 안되는 상황 발생.
link-flap 은 인터페이스(스위치포트)가 up/down 을 반복하는 것을 의미한다.
먼저, 스위치 로그를 확인해 본다.
Switch #show log ... May 28 07:38:16: %LINK-3-UPDOWN: Interface FastEthernet0/39, changed state to up May 28 07:38:18: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/39, putting Fa0/39 in err-disable state May 28 07:38:18: %LINK-3-UPDOWN: Interface FastEthernet0/39, changed state to down ...
포트 상태를 확인해 보면, 39번 포트는 err-disabled 상태이다.
Switch # show int status Port Name Status Vlan Duplex Speed Type Fa0/1 connected trunk a-full a-100 10/100BaseTX ... Fa0/38 notconnect 1 auto auto 10/100BaseTX Fa0/39 err-disabled 1 auto auto 10/100BaseTX Fa0/40 notconnect 1 auto auto 10/100BaseTX Fa0/41 notconnect 1 auto auto 10/100BaseTX ...
10초동안 5번 flap발생하면, 스위치 포트는 err-disabled 상태가 된다.
flap-vlaue값은 아래 명령어로 확인 가능하다.
Switch #show errdisable flap-values ErrDisable Reason Flaps Time (sec) ----------------- ------ ---------- pagp-flap 3 30 dtp-flap 3 30 link-flap 5 10
일단, 인터페이스를 down, up 하여 해당 포트를 이용 가능하도록 할 수 있다.
Switch # conf t Enter configuration commands, one per line. End with CNTL/Z. Switch (config)#int fa0/39 Switch (config-if)#shutdown May 28 10:40:32: %LINK-5-CHANGED: Interface FastEthernet0/39, changed state to administratively down. Switch (config-if)#no shutdown Switch (config-if)#end
동일한 현상이 다시 발생할경우를 대비하여 자동으로 포트가 복구되도록 설정한다.
err-disable 검출은 아래 항목들이 enabled 되어 있음.
Switch #show errdisable detect ErrDisable Reason Detection Mode ----------------- --------- ---- arp-inspection Enabled port bpduguard Enabled port channel-misconfig Enabled port community-limit Enabled port dhcp-rate-limit Enabled port dtp-flap Enabled port ekey Enabled port gbic-invalid Enabled port invalid-policy Enabled port l2ptguard Enabled port link-flap Enabled port link-monitor-failure Enabled port loopback Enabled port lsgroup Enabled port oam-remote-failure Enabled port mac-limit Enabled port pagp-flap Enabled port port-mode-failure Enabled port psecure-violation Enabled port/vlan security-violation Enabled port sfp-config-mismatch Enabled port storm-control Enabled port udld Enabled port unicast-flood Enabled port vmps Enabled port Switch #
errdisable 상태에서 recovery 상태를 보면, disable 되어 있음.
Switch #show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled link-monitor-failure Disabled loopback Disabled oam-remote-failure Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Disabled security-violation Disabled sfp-config-mismatch Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout:
link-flap으로 포트가 err-disabled 상태가 되었을때, 30초후 자동 복구 되도록 설정한다.
Switch #conf t Enter configuration commands, one per line. End with CNTL/Z. Switch (config)#errdisable recovery cause link-flap Switch (config)#errdisable recovery interval 30 Switch (config)#end
아래처럼 link-flap으로 인한 오류는 자동으로 복구되도록 설정된 것을 볼 수 있다.
Switch #sh errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled l2ptguard Disabled link-flap Enabled mac-limit Disabled link-monitor-failure Disabled loopback Disabled oam-remote-failure Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Disabled security-violation Disabled sfp-config-mismatch Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 30 seconds Interfaces that will be enabled at the next timeout: Switch #
동일한 시간동안 더 많은 link-flap을 감지해야 err-disabled 되도록 하려면,
Switch #conf t Enter configuration commands, one per line. End with CNTL/Z. Switch (config)#errdisable flap-setting cause link-flap max-flaps 10 time 10 Switch (config)#end Switch #show errdisable flap-values ErrDisable Reason Flaps Time (sec) ----------------- ------ ---------- pagp-flap 3 30 dtp-flap 3 30 link-flap 10 10
이제, link-flap 값이 변경 된 것을 볼 수 있다.
link-flap 발생한 경우 자동 복구된 로그.
May 30 01:49:23: %LINK-3-UPDOWN: Interface FastEthernet0/39, changed state to down May 30 07:29:24: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/39, putting Fa0/39 in err-disable state May 30 07:29:54: %PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Fa0/39 May 30 07:30:00: %LINK-3-UPDOWN: Interface FastEthernet0/39, changed state to up