300秒解除的环保护
HLJMS-KF5F-L1and2-ZX-SW01-S5750(config-if-GigabitEthernet 1/0/5)#errdisable recovery interval 300
查看环路的端口信息
HLJMS-KF5F-L1and2-ZX-SW01-S5750(config-if-GigabitEthernet 1/0/5)#show rldp
GigabitEthernet 1/0/5
port state : normal
neighbor bridge : 0000.0000.0000
neighbor port :
loop detect information:
action: shutdown-port
state : normal
GigabitEthernet 1/0/7
port state : normal
neighbor bridge : 0074.9ccd.9d25
neighbor port : GigabitEthernet 2/0/7
loop detect information:
action: shutdown-port
state : normal
GigabitEthernet 2/0/5
port state : normal
neighbor bridge : 0074.9ccd.9d25
neighbor port : GigabitEthernet 1/0/5
loop detect information:
action: shutdown-port
state : normal
GigabitEthernet 2/0/7
port state : normal
neighbor bridge : 0000.0000.0000
neighbor port :
loop detect information:
action: shutdown-port
state : normal
二、技术分析
1、交换机关闭端口原因:
因电源断电后,佳木斯5号和7号楼层交换机,重启时间早于汇聚交换机,导致汇聚交换机RLDP功能启动,RLDP主要是应用到交换机上做环路检测用(汇聚层也可以开RLDP防环),特别适用于交换机下联HUB上面自身打环的情况,在项目实施的时候厂商都推荐交换机的各个接终端用户的端口都开启RLDP,作为一个优化配置进行事先部署,防止端口下的各类环路问题。对设备产生不可逆的损伤。
2功能简介:
(1)RLDP:RLDP全称是Rapid Link Detection Protocol,是锐捷网络自主开发的一个用于快速检测以太网链路故障的链路协议。
一般的以太网链路检测机制都只是利用物理连接的状态,通过物理层的自动协商来检测链路的连通性。
(2)BPDU Guard:BPDU Guard即BPDU防护,如果该端口配置了BPDU Guard功能,如果该端口收到了BPDU报文,就进入Error-disabled 状态,无法转发数据
佳木斯网络组网出现环路情形:三角环路(两台汇聚连接同一台接入)
三、解决方案
1、继续使用RLDP功能,护止环路发生。(环路风险,高于端口不可用。环路可能导致全局业务不可用)
2、设置接口自动恢复时间
3、接入交换机配置如下:
Rujijie#configure terminal
Rujijie(config)#rldp enable ------>全局开启RLDP功能(已配置)
Rujijie(config)#interface range g0/1-24 ------>对于下联PC或HUB的端口需要开启,不要在接入交换机的上联口开启该功能(已配置)
Rujijie(config-if-range)#rldp port loop-detect shutdown-port ------>接口开启RLDP功能,如果检测出环路后shutdow该端口(已配置)
Rujijie(config-if-range)#exit
Rujijie(config)#errdisablerecovery interval 300 ------>如果端口被RLDP检测并shutdown,再过300秒后会自动恢复,重新检测是否有环路(本次新增,下个网络上线日配置)
Rujijie(config)#end
Rujijie#wr
四、功能验证
1、查看RLDP的状态
2、当g0/5和g0/
7口环起来后会出现如下log
Rujijie#
*Mar 19 20:16:00: %RLDP-3-LINK_DETECT_ERROR: loop detection error detect on interface GigabitEthernet 0/7.set this interface errordisable!
*Mar 19 20:16:00: %RLDP-3-LINK_DETECT_ERROR: loop detection error detect on interface GigabitEthernet 0/5.set this interface errordisable!
Mar 19 20:16:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface VLAN 1, changed state to down.
*Mar 19 20:16:02: %LINK-3-UPDOWN: Interface GigabitEthernet 0/5, changed state to down.
*Mar 19 20:16:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 0/5, changed state to down.
*Mar 19 20:16:02: %LINK-3-UPDOWN: Interface GigabitEthernet 0/7, changed state to down.
*Mar 19 20:16:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 0/7, changed state to down.
3、查看接口状态,发现这两个口被disable了
4、过了300S,交换机会把端口自动变为恢复状态,如下:
*Mar 19 20:21:01: %PORT_SECURITY-4-ERR_RECOVER: Interface GigabitEthernet 0/5 recover from an error.
*Mar 19 20:21:01: %PORT_SECURITY-4-ERR_RECOVER: Interface GigabitEthernet 0/7 recover from an error.
*Mar 19 20:21:01: %RLDP-3-LINK_DETECT_RECOVER: rldp recover interface GigabitEthernet 0/7 from loop error
*Mar 19 20:21:01: %RLDP-3-LINK_DETECT_RECOVER: rldp recover interface GigabitEthernet 0/5 from loop error
*Mar 19 20:21:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface VLAN 1, changed state to up.
*Mar 19 20:21:06: %LINK-3-UPDOWN: Interface GigabitEthernet 0/5, changed state to up.
*Mar 19 20:21:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 0/5, changed state to up.
*Mar 19 20:21:06: %LINK-3-UPDOWN: Interface GigabitEthernet 0/7, changed state to up.
*Mar 19 20:21:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 0/7, changed state to up.
5、如果需要立即恢复被disable的端口,可以通过如下命令实现;
Rujijie#rldp reset
Rujijie#
*Mar 19 20:34:32: %PORT_SECURITY-4-ERR_RECOVER: Interface GigabitEthernet 0/7 recover from an error.
*Mar 19 20:34:32: %RLDP-3-LINK_DETECT_RECOVER: rldp recover interface GigabitEthernet 0/7 from loop error
*Mar 19 20:34:32: %PORT_SECURITY-4-ERR_RECOVER: Interface GigabitEthernet 0/5 recover from an error.
*Mar 19 20:34:32: %RLDP-3-LINK_DETECT_RECOVER: rldp recover interface GigabitEthernet 0/5 from loop error