使用CDP快速定位网络中的环路
凌乱的布线,层层的级联,就像一颗定时深水炸弹一样,让每个网管都寝室难安。我最近就遇到一起这样的事故,还好在DrogonGo老大的指点下,快速地解决了。
由于网络中核心层和汇聚层的交换都开了STP, 这次的事故并没有造成很大影响,只是影响该Vlan的速度,没有引起大规模的宕机事件;同时也说明了环路的问题可以潜伏很久而不被发现。
起因:
检查Syslog server时发现有一个Cisco2950交换机报了大量的日志:
-------------------------------------------
2008-03-31 15:46:58 192.168.92.2 Warning 368: 02:23:22: Native VLAN mismatch discovered on FastEthernet0/17 (100), with A2F-2950 FastEthernet0/31 (104).
2008-03-31 15:46:58 192.168.92.2 Warning 367: 02:23:22: Native VLAN mismatch discovered on FastEthernet0/31 (104), with A2F-2950 FastEthernet0/17 (100).
2008-03-31 15:45:58 192.168.92.2 Warning 366: 02:22:22: Native VLAN mismatch discovered on FastEthernet0/17 (100), with A2F-2950 FastEthernet0/31 (104).
2008-03-31 15:45:58 192.168.92.2 Warning 365: 02:22:22: Native VLAN mismatch discovered on FastEthernet0/31 (104), with A2F-2950 FastEthernet0/17 (100).
2008-03-31 15:44:58 192.168.92.2 Warning 364: 02:21:22: Native VLAN mismatch discovered on FastEthernet0/17 (100), with A2F-2950 FastEthernet0/31 (104).
2008-03-31 15:44:58 192.168.92.2 Warning 363: 02:21:22: Native VLAN mismatch discovered on FastEthernet0/31 (104), with A2F-2950 FastEthernet0/17 (100).
2008-03-31 15:43:58 192.168.92.2 Warning 362: 02:20:22: Native VLAN mismatch discovered on FastEthernet0/17 (100), with A2F-2950 FastEthernet0/31 (104).
-------------------------------------------
登陆两边的交换检查设置,发现两边的Native VLAN都是vlan92,于是觉得奇怪,不存在本地Vlan不匹配的情况.哪会是什么原因呢?
Telnet到A2F-2950以后,检查F0/17:
----------------------------------------------------------
A2F-2950#sh cdp nei f0/17
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
A2F-2950 Fas 0/17 156 S I WS-C2950G-Fas 0/31
A2F-2950#
------------------------------------------------------------------------------
A2F-2950#sh cdp nei f0/17 detail
-------------------------
Device ID: A2F-2950
Entry address(es):
IP address: 192.168.92.2
Platform: cisco WS-C2950G-48-EI, Capabilities: Switch IGMP
Interface: FastEthernet0/17, Port ID (outgoing port): FastEthernet0/31
Holdtime : 121 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 23-Mar-05 15:33 by yenanh
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000
0FFFFFFFF010221FF000000000000001562414A00FF0000
VTP Management Domain: 'tsb'
Native VLAN: 104 (Mismatch)
Duplex: full
Management address(es):
IP address: 192.168.92.2
----------------------------------------------------------
检查F0/31:
-----------------------------------------------------------------
A2F-2950#sh cdp nei f0/31
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
A2F-2950 Fas 0/31 136 S I WS-C2950G-Fas 0/17
A2F-2950#
-------------------------------------------------------------------------------
A2F-2950#sh cdp nei f0/31 detail
-------------------------
Device ID: A2F-2950
Entry address(es):
IP address: 192.168.92.2
Platform: cisco WS-C2950G-48-EI, Capabilities: Switch IGMP
Interface: FastEthernet0/31, Port ID (outgoing port): FastEthernet0/17
Holdtime : 132 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 23-Mar-05 15:33 by yenanh
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000
0FFFFFFFF010221FF000000000000001562414A00FF0000
VTP Management Domain: 'tsb'
Native VLAN: 100 (Mismatch)
Duplex: full
Management address(es):
IP address: 192.168.92.2
-----------------------------------------------------------------
明眼人一看就明白了吧,F0/17和F0/31两个端口怎么连到一起了?网络的Topology就不想提了,
拿不上台面啊,这个是历史遗留的问题,现在已经全部用综合布线了。找兄弟去查F0/17和F0/31的两台交换机,
祭出拔线大法,果然是被人用短线接在一起咯。
小结一下:
1. 合理的布线方案和严格的管理可以避免80%以上的链路问题。
2. 网络设备的日志监控必不可少,定期察看更是一个良好的习惯。
3. 很多不合理的表象下面一定隐藏着违背基本法则的事实。 |
发表于 2008-6-25 13:09:27
发表于 2008-6-25 16:08:46