一则spanning-tree
故障
发一个在ciscoforum上看到的一个很好的故障分析帖子
拓扑:
2台DSLAM设备同时接到一个光端机的1和2口上,一对光纤到局里的一个光端机上,1和2口都用五类线连接到cisco3750的fa1/0/3和fa1/0/4上。
问题描述:
(1)
在cisco3750上新建vlan420,把fa1/0/3和1/0/4都加到420里,交换机上的3口亮绿灯,但4口却一直亮橘黄色灯,也就是常见的
spanning-tree转发等待时一样的颜色,用show spanning-tree命令一看,出现下面提示:
VLAN0420
Spanning
tree enabled protocol ieee
Root
ID Priority 33188
Address
0014.6afd.ab80
This
bridge is the root
Hello
Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge
ID Priority 33188 (priority 32768 sys-id-ext 420)
Address
0014.6afd.ab80
Hello
Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging
Time 300
Interface
Role Sts Cost Prio.Nbr Type
----------------
---- --- --------- -------- --------------------------------
Fa1/0/3
Desg FWD 19 128.5 P2p
Fa1/0/4
Desg BLK 19 128.6 P2p
应该是给bloking了,问题会是因为在同一个光端机里出来的吗?
所以,我做了以下操作:
inter
fa1/0/4
spanning-tree
bpdufilter enable
发现4口的灯变成绿色的了,高兴得大声欢呼,但不知道犯了个严重的错误,因为用了这条命令之后,fa1/0/4端口的环路阻塞功能取消了,所以就出现了环路,拨号用户都无法访问internet。
接着就no
spanning-tree bpdufilter enable 在fa1/0/4,问题依旧那样,4口的灯无法变绿色。
(2)问题没有解决,就换个方法试试,于是就新建了vlan
403和vlan 404,
inter
vlan 403
ip
add 192.168.100.13 255.255.255.252 连接此端口的DSLAM地址是192.168.100.14 255.255.255.252
inter
vlan 404
ip
add 192.168.100.17 255.255.255.252 连接此端口的DSLAM地址是192.168.100.18 255.255.255.252
int
fa1/0/3
sw
mode acc
sw
acc vlan 403
int
fa1/0/4
sw
mode acc
sw
acc vlan 404
问题出现了,每隔30秒左右不停地发一下信息:
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/4 (404), with ADSLswitch FastEthernet1/0/3 (403).
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (404).
说明:此时的业务并没有停下来,我想应该也是个广播吧,但这样总不是个事呀,于是用:
inter
fa1/0/4
no
sw acc vlan 404
本想这回应该不会再有提示了吧,嘿,又出现了下面的提示:
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/4 (1), with ADSLswitch FastEthernet1/0/3 (403).
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (1).
结果:
面对以上情况,本人已没有招对付了,除非我在端口不划vlan,直接配地址了,但也不知道成不成,所以在这里向大伙请教请教,希望有经验的兄弟能够帮忙,谢谢了!
交换机配置:
ADSLswitch#sh
run
Building
configuration...
Current
configuration : 4404 bytes
!
version
12.2
no
service pad
service
timestamps debug uptime
service
timestamps log uptime
no
service password-encryption
!
hostname
ADSLswitch
!
enable
secret 5 $1$XkRU$kfrkr6NvMqc681pUyqTWs1
!
no
aaa new-model
switch
1 provision ws-c3750-24ts
ip
subnet-zero
ip
routing
!
!
!
!
no
file verify auto
spanning-tree
mode pvst
spanning-tree
extend system-id
!
vlan
internal allocation policy ascending
!
interface
FastEthernet1/0/1
switchport
access vlan 401
switchport
mode access
!
interface
FastEthernet1/0/2
switchport
access vlan 402
switchport
mode access
!
interface
FastEthernet1/0/3
switchport
access vlan 403
switchport
mode access
!
interface
FastEthernet1/0/4
switchport
access vlan 404
switchport
mode access
!
interface
FastEthernet1/0/5
switchport
access vlan 405
switchport
mode access
!
interface
FastEthernet1/0/6
switchport
access vlan 406
switchport
mode access
!
interface
FastEthernet1/0/7
switchport
access vlan 407
switchport
mode access
!
interface
FastEthernet1/0/8
switchport
access vlan 409
switchport
mode access
!
interface
FastEthernet1/0/9
switchport
access vlan 410
switchport
mode access
!
interface
FastEthernet1/0/10
switchport
mode access
!
interface
FastEthernet1/0/11
switchport
access vlan 411
switchport
mode access
!
interface
FastEthernet1/0/12
switchport
access vlan 412
switchport
mode access
!
interface
FastEthernet1/0/13
switchport
access vlan 412
switchport
mode access
!
interface
FastEthernet1/0/14
!
interface
FastEthernet1/0/15
!
interface
FastEthernet1/0/16
!
interface
FastEthernet1/0/17
!
interface
FastEthernet1/0/18
!
interface
FastEthernet1/0/19
!
interface
FastEthernet1/0/20
!
interface
FastEthernet1/0/21
!
interface
FastEthernet1/0/22
!
interface
FastEthernet1/0/23
!
interface
FastEthernet1/0/24
no
switchport
ip
address 192.168.100.2 255.255.255.252
!
interface
GigabitEthernet1/0/1
switchport
access vlan 408
switchport
mode access
!
interface
GigabitEthernet1/0/2
!
interface
Vlan1
no
ip address
!
interface
Vlan401
ip
address 192.168.100.5 255.255.255.252
ip
access-group 112 in
!
interface
Vlan402
ip
address 192.168.100.9 255.255.255.252
ip
access-group 112 in
!
interface
Vlan403
ip
address 192.168.100.13 255.255.255.252
ip
access-group 112 in
!
interface
Vlan404
ip
address 192.168.100.17 255.255.255.252
!
interface
Vlan405
ip
address 192.168.100.21 255.255.255.252
ip
access-group 112 in
!
interface
Vlan406
ip
address 192.168.100.25 255.255.255.252
ip
access-group 112 in
!
interface
Vlan407
ip
address 192.168.100.29 255.255.255.252
ip
access-group 112 in
!
interface
Vlan408
ip
address 192.168.100.33 255.255.255.252
ip
access-group 112 in
!
interface
Vlan409
ip
address 192.168.100.37 255.255.255.252
ip
access-group 112 in
!
interface
Vlan410
ip
address 192.168.100.41 255.255.255.252
ip
access-group 112 in
!
interface
Vlan411
ip
address 192.168.100.45 255.255.255.252
ip
access-group 112 in
!
interface
Vlan412
ip
address 172.16.16.94 255.255.255.224
ip
access-group 112 in
!
ip
classless
ip
route 0.0.0.0 0.0.0.0 192.168.100.1
ip
route 172.16.0.0 255.255.254.0 192.168.100.6
ip
route 172.16.2.0 255.255.254.0 192.168.100.14
ip
route 172.16.4.0 255.255.254.0 192.168.100.22
ip
route 172.16.6.0 255.255.254.0 192.168.100.26
ip
route 172.16.8.0 255.255.254.0 192.168.100.30
ip
route 172.16.10.0 255.255.254.0 192.168.100.34
ip
route 172.16.12.0 255.255.255.0 192.168.100.38
ip
route 172.16.13.0 255.255.255.0 192.168.100.42
ip
route 172.16.14.0 255.255.255.0 192.168.100.46
ip
route 172.16.18.0 255.255.254.0 192.168.100.10
ip
route 172.16.24.0 255.255.254.0 192.168.100.18
ip
http server
!
access-list
112 deny tcp any any eq 4444
access-list
112 deny udp any any eq tftp
access-list
112 deny tcp any any eq 135
access-list
112 deny udp any any eq 135
access-list
112 deny tcp any any eq 139
access-list
112 deny udp any any eq netbios-ss
access-list
112 deny tcp any any eq 445
access-list
112 deny udp any any eq 445
access-list
112 deny tcp any any eq 593
access-list
112 deny udp any any eq 593
access-list
112 deny udp any any eq 1434
access-list
112 deny tcp any any eq 1025
access-list
112 deny tcp any any eq 3127
access-list
112 deny tcp any any eq 6129
access-list
112 deny tcp any any eq 2745
access-list
112 permit ip any any
!
control-plane
!
!
line
con 0
line
vty 0 4
password
0000000
login
line
vty 5 15
no
login
!
!
end
ADSLswitch#sh
vlan
VLAN
Name Status Ports
----
-------------------------------- --------- -------------------------------
1
default active Fa1/0/10, Fa1/0/14, Fa1/0/15, Fa1/0/16, Fa1/0/17, Fa1/0/18,
Fa1/0/19,
Fa1/0/20
Fa1/0/21,
Fa1/0/22, Fa1/0/23, Gi1/0/2
401
VLAN0401 active Fa1/0/1
402
VLAN0402 active Fa1/0/2
403
VLAN0403 active Fa1/0/3
404
VLAN0404 active Fa1/0/4
405
VLAN0405 active Fa1/0/5
406
VLAN0406 active Fa1/0/6
407
VLAN0407 active Fa1/0/7
408
VLAN0408 active Gi1/0/1
409
VLAN0409 active Fa1/0/8
410
VLAN0410 active Fa1/0/9
411
VLAN0411 active Fa1/0/11
412
VLAN0412 active Fa1/0/12, Fa1/0/13
413
VLAN0413 active
1002
fddi-default act/unsup
1003
token-ring-default act/unsup
1004
fddinet-default act/unsup
1005
trnet-default act/unsup
VLAN
Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
----
----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1
enet 100001 1500 - - - - - 0 0
401
enet 100401 1500 - - - - - 0 0
402
enet 100402 1500 - - - - - 0 0
403
enet 100403 1500 - - - - - 0 0
404
enet 100404 1500 - - - - - 0 0
405
enet 100405 1500 - - - - - 0 0
406
enet 100406 1500 - - - - - 0 0
407
enet 100407 1500 - - - - - 0 0
408
enet 100408 1500 - - - - - 0 0
409
enet 100409 1500 - - - - - 0 0
410
enet 100410 1500 - - - - - 0 0
411
enet 100411 1500 - - - - - 0 0
412
enet 100412 1500 - - - - - 0 0
413
enet 100413 1500 - - - - - 0 0
1002
fddi 101002 1500 - - - - - 0 0
1003
tr 101003 1500 - - - - srb 0 0
1004
fdnet 101004 1500 - - - ieee - 0 0
1005
trnet 101005 1500 - - - ibm - 0 0
Remote
SPAN VLANs
------------------------------------------------------------------------------
Primary
Secondary Type Ports
-------
--------- ----------------- ------------------------------------------
ADSLswitch#sh
ip int bri
Interface
IP-Address OK? Method Status Protocol
Vlan1
unassigned YES NVRAM up down
Vlan401
192.168.100.5 YES NVRAM up up
Vlan402
192.168.100.9 YES NVRAM up up
Vlan403
192.168.100.13 YES NVRAM up up
Vlan404
192.168.100.17 YES manual up up
Vlan405
192.168.100.21 YES NVRAM up down
Vlan406
192.168.100.25 YES NVRAM up up
Vlan407
192.168.100.29 YES NVRAM up up
Vlan408
192.168.100.33 YES NVRAM up down
Vlan409
192.168.100.37 YES NVRAM up down
Vlan410
192.168.100.41 YES NVRAM up up
Vlan411
192.168.100.45 YES NVRAM up up
Vlan412
172.16.16.94 YES NVRAM up down
FastEthernet1/0/1
unassigned YES unset up up
FastEthernet1/0/2
unassigned YES unset up up
FastEthernet1/0/3
unassigned YES unset up up
FastEthernet1/0/4
unassigned YES unset up up
FastEthernet1/0/5
unassigned YES unset down down
FastEthernet1/0/6
unassigned YES unset up up
FastEthernet1/0/7
unassigned YES unset up up
FastEthernet1/0/8
unassigned YES unset down down
FastEthernet1/0/9
unassigned YES unset up up
FastEthernet1/0/10
unassigned YES unset down down
FastEthernet1/0/11
unassigned YES unset up up
FastEthernet1/0/12
unassigned YES unset down down
FastEthernet1/0/13
unassigned YES unset down down
FastEthernet1/0/14
unassigned YES unset down down
FastEthernet1/0/15
unassigned YES unset down down
FastEthernet1/0/16
unassigned YES unset down down
FastEthernet1/0/17
unassigned YES unset down down
FastEthernet1/0/18
unassigned YES unset down down
FastEthernet1/0/19
unassigned YES unset down down
FastEthernet1/0/20
unassigned YES unset down down
FastEthernet1/0/21
unassigned YES unset down down
FastEthernet1/0/22
unassigned YES unset down down
FastEthernet1/0/23
unassigned YES unset down down
FastEthernet1/0/24
192.168.100.2 YES NVRAM up up
GigabitEthernet1/0/1
unassigned YES unset down down
GigabitEthernet1/0/2
unassigned YES unset down down
ADSLswitch#
fa1/0/3和1/0/4下联设备肯定有环路!
1、在cisco3750上新建vlan420,把fa1/0/3和1/0/4都加到420里,交换机上的3口亮绿灯,但4口却一直亮橘黄色灯
说明spanning-tree在工作,选择root端口,你可以只连一个接口,另一个接口shutdown,打断环路,应该下联设备应正常使用。
2、(2)问题没有解决,就换个方法试试,于是就新建了vlan
403和vlan 404,
inter
vlan 403
ip
add 192.168.100.13 255.255.255.252 连接此端口的DSLAM地址是192.168.100.14 255.255.255.252
inter
vlan 404
ip
add 192.168.100.17 255.255.255.252 连接此端口的DSLAM地址是192.168.100.18 255.255.255.252
int
fa1/0/3
sw
mode acc
sw
acc vlan 403
int
fa1/0/4
sw
mode acc
sw
acc vlan 404
问题出现了,每隔30秒左右不停地发一下信息:
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/4 (404), with ADSLswitch FastEthernet1/0/3 (403).
1d02h:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
FastEthernet1/0/3 (403), with ADSLswitch FastEthernet1/0/4 (404).
说明:此时的业务并没有停下来,我想应该也是个广播吧,但这样总不是个事呀,于是用:
inter
fa1/0/4
no
sw acc vlan 404
说明下联是有环路的!!!建议你检查,最好端掉一根。
在你vlan
420里指定root根桥
spanning-tree
vlan 420 priority 0
另一个端口应该可以断掉
|