2960 Ethernet interfaces going down
in [Cisco]
|
Prev: Cisco ASA 5500 to Router site to site VPN
Next: Failing Phase2 Auth - IPSec - All IPSec SA proposals found unacceptable
From: John Oliver on 25 Nov 2008 13:25 In the past week or two, I've hada three or four Gigabit Ethernet interfaces on about as many 2960s go down and say "err-diabled". One doesn't even have anything attached to it! SES-Distribution#sh int Gi0/4 GigabitEthernet0/4 is down, line protocol is down (err-disabled) Hardware is Gigabit Ethernet, address is 0022.be29.eb04 (bia 0022.be29.eb04) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 1w5d, output 1w5d, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 15298 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 18322903 packets input, 20805679728 bytes, 0 no buffer Received 18297621 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 15121276 multicast, 0 pause input 0 input packets with dribble condition detected 166633 packets output, 226858846 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out However, no errors are counted. How can I start to figure out what is happening and why? -- * John Oliver http://www.john-oliver.net/ *
From: Nicolai on 25 Nov 2008 14:15 > However, no errors are counted. How can I start to figure out what is > happening and why? it could be: Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 15298 But my guess would be some sort of port-security triggered. Please post the configuration of the mentioned interface
From: Sam Wilson on 25 Nov 2008 14:46 In article <slrngiogof.4jg.joliver(a)ns.sdsitehosting.net>, John Oliver <joliver(a)john-oliver.net> wrote: > In the past week or two, I've hada three or four Gigabit Ethernet > interfaces on about as many 2960s go down and say "err-diabled". > : > : > However, no errors are counted. How can I start to figure out what is > happening and why? Start with "sh errdis ?" and look at the options. I don't have a 2960 to hand but the 3550 I just checked offers detect, flap-values and recovery. We have recovery enabled and "sh errdis rec" shows (would show) a list of interfaces that would be reenabled at the next timeout. I don't know what you'll see. Sam
From: John Oliver on 25 Nov 2008 15:15 On Tue, 25 Nov 2008 19:46:22 +0000, Sam Wilson wrote: > In article <slrngiogof.4jg.joliver(a)ns.sdsitehosting.net>, > John Oliver <joliver(a)john-oliver.net> wrote: > >> In the past week or two, I've hada three or four Gigabit Ethernet >> interfaces on about as many 2960s go down and say "err-diabled". >> : >> : >> However, no errors are counted. How can I start to figure out what is >> happening and why? > > Start with "sh errdis ?" and look at the options. I don't have a 2960 > to hand but the 3550 I just checked offers detect, flap-values and > recovery. We have recovery enabled and "sh errdis rec" shows (would > show) a list of interfaces that would be reenabled at the next timeout. > I don't know what you'll see. SES-Distribution#sh errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled link-flap Disabled loopback Disabled pagp-flap Disabled psecure-violation Disabled security-violatio Disabled sfp-config-mismat Disabled storm-control Disabled udld Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: SES-Distribution#sh errdisable det SES-Distribution#sh errdisable detect ErrDisable Reason Detection Mode ----------------- --------- ---- bpduguard Enabled port channel-misconfig Enabled port community-limit Enabled port dhcp-rate-limit Enabled port dtp-flap Enabled port gbic-invalid Enabled port invalid-policy Enabled port link-flap Enabled port loopback Enabled port lsgroup Enabled port pagp-flap Enabled port psecure-violation Enabled port/vlan security-violatio Enabled port sfp-config-mismat Enabled port storm-control Enabled port udld Enabled port vmps Enabled port SES-Distribution#sh errdisable fl SES-Distribution#sh errdisable flap-values ErrDisable Reason Flaps Time (sec) ----------------- ------ ---------- pagp-flap 3 30 dtp-flap 3 30 link-flap 5 10 -- * John Oliver http://www.john-oliver.net/ *
From: John Oliver on 25 Nov 2008 15:19
On Tue, 25 Nov 2008 20:15:38 +0100, Nicolai wrote: >> However, no errors are counted. How can I start to figure out what is >> happening and why? > > it could be: > > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 15298 Every Gi interface shows the same thing. > But my guess would be some sort of port-security triggered. > > Please post the configuration of the mentioned interface There is no config for this specific interface, other then VLAN membership: SES-Distribution#sh run Building configuration... Current configuration : 4102 bytes ! ! Last configuration change at 08:50:00 PST Thu Nov 13 2008 by admin ! NVRAM config last updated at 08:53:43 PST Thu Nov 13 2008 by admin ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname SES-Distribution ! enable secret 5 ****************************** ! username admin privilege 15 password 7 ******************** aaa new-model aaa authentication login default local aaa authorization exec default local aaa authorization network default local ! aaa session-id common clock timezone PST -8 clock summer-time PDT recurring system mtu routing 1500 ip subnet-zero ! ip domain-name domain.com ip name-server 10.99.16.5 ip name-server 10.99.16.7 ip igmp snooping tcn query solicit ip igmp snooping querier no ip igmp snooping vlan 1 ! ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 switchport access vlan 2 ! interface GigabitEthernet0/3 switchport access vlan 2 ! interface GigabitEthernet0/4 switchport access vlan 2 ! interface GigabitEthernet0/5 switchport access vlan 2 ! interface GigabitEthernet0/6 switchport access vlan 2 ! interface GigabitEthernet0/7 switchport access vlan 2 ! interface GigabitEthernet0/8 switchport access vlan 2 ! interface GigabitEthernet0/9 switchport access vlan 3 ! interface GigabitEthernet0/10 switchport access vlan 3 ! interface GigabitEthernet0/11 switchport access vlan 3 ! interface GigabitEthernet0/12 switchport access vlan 3 ! interface GigabitEthernet0/13 switchport access vlan 3 ! interface GigabitEthernet0/14 switchport access vlan 3 ! interface GigabitEthernet0/15 switchport access vlan 3 ! interface GigabitEthernet0/16 switchport access vlan 3 ! interface GigabitEthernet0/17 switchport access vlan 4 ! interface GigabitEthernet0/18 switchport access vlan 4 ! interface GigabitEthernet0/19 switchport access vlan 4 ! interface GigabitEthernet0/20 switchport access vlan 4 ! interface GigabitEthernet0/21 switchport access vlan 4 ! interface GigabitEthernet0/22 switchport access vlan 4 ! interface GigabitEthernet0/23 switchport access vlan 4 ! interface GigabitEthernet0/24 switchport access vlan 4 ! interface GigabitEthernet0/25 switchport access vlan 5 ! interface GigabitEthernet0/26 switchport access vlan 5 ! interface GigabitEthernet0/27 switchport access vlan 5 ! interface GigabitEthernet0/28 switchport access vlan 5 ! interface GigabitEthernet0/29 switchport access vlan 5 ! interface GigabitEthernet0/30 switchport access vlan 5 ! interface GigabitEthernet0/31 switchport access vlan 5 ! interface GigabitEthernet0/32 switchport access vlan 5 ! interface GigabitEthernet0/33 switchport access vlan 6 ! interface GigabitEthernet0/34 switchport access vlan 6 ! interface GigabitEthernet0/35 switchport access vlan 6 ! interface GigabitEthernet0/36 switchport access vlan 6 ! interface GigabitEthernet0/37 switchport access vlan 6 ! interface GigabitEthernet0/38 switchport access vlan 6 ! interface GigabitEthernet0/39 switchport access vlan 6 ! interface GigabitEthernet0/40 switchport access vlan 6 ! interface GigabitEthernet0/41 switchport access vlan 5 ! interface GigabitEthernet0/42 switchport access vlan 5 ! interface GigabitEthernet0/43 switchport access vlan 5 ! interface GigabitEthernet0/44 switchport access vlan 5 ! interface GigabitEthernet0/45 switchport access vlan 5 ! interface GigabitEthernet0/46 switchport access vlan 5 ! interface GigabitEthernet0/47 switchport access vlan 5 ! interface GigabitEthernet0/48 switchport access vlan 5 ! interface Vlan1 ip address 10.99.16.54 255.255.248.0 no ip route-cache ! interface Vlan2 no ip address no ip route-cache ! ip default-gateway 10.99.16.1 ip http server ip http secure-server snmp-server community public RO radius-server source-ports 1645-1646 ! control-plane ! ! line con 0 line vty 5 15 ! ntp clock-period 36028626 ntp server 10.99.16.5 end -- * John Oliver http://www.john-oliver.net/ * |