Time out interval: 5
Entry 1 ---
Expiration time: 39 Device ID: 1
Current neighbor state: Bidirectional Device name: FDO1515V0BS Port ID: Gi2/0/1
Neighbor echo 1 device: FDO1515V0BS Neighbor echo 1 port: Gi2/0/2
Message interval: 15 Time out interval: 5 CDP Device name: Switch
拔一芯:当Expiration time为0时,show udld Interface Gi2/0/1 ---
Port enable administrative configuration setting: Enabled / in aggressive mode Port enable operational state: Enabled / in aggressive mode Current bidirectional state: Unknown Current operational state: Disabled port Message interval: 7 Time out interval: 5
No neighbor cache information stored
有log输出:
*Mar 1 17:08:54.088: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi2/0/1, aggressive mode failure detected *Mar 1 17:08:54.088: %PM-4-ERR_DISABLE: udld error detected on Gi2/0/1, putting Gi2/0/1 in err-disable state *Mar 1 17:08:54.138: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down *Mar 1 17:08:56.093: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to down
4. 一个端口设置udld aggressive,另一个端口不设置udld
端口配置:
interface GigabitEthernet2/0/1 no switchport no ip address speed nonegotiate udld port aggressive !
interface GigabitEthernet2/0/2
speed nonegotiate spanning-tree portfast
show udld: Interface Gi2/0/1 ---
Port enable administrative configuration setting: Enabled / in aggressive mode Port enable operational state: Enabled / in aggressive mode Current bidirectional state: Unknown Current operational state: Advertisement Message interval: 7 Time out interval: 5
No neighbor cache information stored
Interface Gi2/0/2 ---
Port enable administrative configuration setting: Follows device default Port enable operational state: Disabled Current bidirectional state: Unknown 可见,两个端口都没有学到邻居信息
拔一芯,查看控制台,无输出,可见,udld不起作用,因为学不到邻居信息 所以,一对端口,必须同时启用udld,udld功能才能正常起作用。
5. 一个端口udld设置默认模式,一个端口设置aggressive模式
结果与udld定义一致,拔一芯,如果亮的端口设置的是默认模式,则一直亮;如果亮的端口设置的是aggressive模式,Expiration time为0,端口则会err-disabled。
6. 关于errdisable recovery的测试
配置如下:
errdisable recovery cause udld errdisable recovery interval 30
拔一芯,log输出如下:
*Mar 1 01:58:20.537: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/2, changed state to down *Mar 1 01:58:22.541: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to down
*Mar 1 01:59:05.055: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi2/0/1, aggressive mode failure detected *Mar 1 01:59:05.055: %PM-4-ERR_DISABLE: udld error detected on Gi2/0/1, putting Gi2/0/1 in err-disable state *Mar 1 01:59:05.105: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down *Mar 1 01:59:07.060: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to down *Mar 1 01:59:35.094: %PM-4-ERR_RECOVER: Attempting to recover from udld err-disable state on Gi2/0/1
*Mar 1 01:59:37.166: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to up
*Mar 1 01:59:37.175: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to up
udld检测,发现端口出现单向链路,置端口err-disable状态,然后errdisable recovery起作用,端口状态被恢复成up,此时udld已经失效,因为依然是单向链路,学不到邻居信息。
(四) 使用Cisco3750与LP连接测试
与lp连接,3750g交换机端口speed不能设置nonegotiate,因为lp端口不亮,这样测试将无法进行。
(五) 使用Cisco3750与H3C7506连接测试
最后进行测试,需要16A插排,先往后进行。
(六) 总结
UDLD,UniDirectional Link Detection—单向链路检测,是Cisco私有的二层协议,也是Cisco特有的名词。
当光纤链路,出现单向链路时,互联端口有时会出现一端端口亮up,一端端口灭down的情况,这种情况,会产生譬
如生成树无法正常运算,影响通信,或者监控无法正常报警等问题,这时,如果光纤链路两端互联的设备均为Cisco,就可以通过udld这个特性解决此类问题。
这时,依然up的端口,如果配置成udld aggressive,则此端口会置为err-disable。
但是,如果光纤链路两端的端口speed是自动协商的,出现单向链路时,两端端口会都灭,是不需要udld的,这是光
端口的特性。
所以,当光纤链路两端端口的speed协商模式是nonegotiate时,建议使用udld这个特性。
配置示例:
Switch(config)#errdisable recovery cause udld Switch(config)#errdisable recovery interval 3600 Switch(config)#int g2/0/1
Switch(config-if)#udld port aggressive 其中: ? ?
errdisable recovery interval恢复时间为30到86400秒,默认为300秒,5分钟
当errdisable recovery后,如果依然是单向链路,则udld将失效,因为学不到对应的邻居信息,不能执行必要的hello检测,恢复的端口,会一直up下去。 注意: ? ?
光纤链路互联的两个端口,必须同时配置udld
如果光纤链路互联端口的speed可以自动协商,不需要使用udld,因为不会产生单向链路的问题,只要有一个链路有问题,互联两个端口都会down。
二、 广播及组播流量控制设计
Interface range fa0/1 -xxx
storm-control broadcast level 8.00 4.00 storm-control multicast level 8.00 4.00 storm-control action shutdown
设计要点:ES交换机接入端口上监视广播及组播流量,通过控制广播及组播的流量实现 对整体网络带宽的保护,在出现广播风暴时及时抑制。 设定范围:
?所有ES交换机接入端口。
?通过对端口带宽广播及组播流量的百分比进行阀值设定。
?LAN设定界限值(端口带宽百分比):当端口收到的广播或者组播流量达到端口带宽的8%时(8Mbps), 端口将通过Shutdown动作进行保护,流量下降到4%时端口将自动恢复原先状态。 测试广播包大时shutdown及恢复时间
(一) cisco下storm-control命令
接口配置模式下: storm-control ?
action Action to take for storm-control broadcast Broadcast address storm control multicast Multicast address storm control unicast Unicast address storm control
storm-control action ?
shutdown Shutdown this interface if a storm occurs trap Send SNMP trap if a storm occurs
storm-control broadcast ?
level Set storm suppression level on this interface
storm-control broadcast level 0.8 ? <0.00 - 100.00> Enter falling threshold
(二) 模拟广播风暴产生环境
1、交换机初始配置 2、环接交换机两个端口 3、no spanning-tree vlan 1
4、用网线,把电脑与交换机任一端口进行连接
5、产生广播风暴,交换机CPU与端口流量均大幅提高
产生广播风暴时,log的输出示例:
*Mar 1 00:04:50.958: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d92d.1893 in vlan 1 is flapping between port Gi2/0/5 and port Gi2/0/2
*Mar 1 00:05:01.931: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d92d.1893 in vlan 1 is flapping between port Gi2/0/1 and port Gi2/0/2
*Mar 1 00:05:17.055: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d92d.1893 in vlan 1 is flapping between port Gi2/0/2 and port Gi2/0/1
*Mar 1 00:05:32.155: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d92d.1893 in vlan 1 is flapping between port Gi2/0/2 and port Gi2/0/1 ......
端口流量: sh int g2/0/1
GigabitEthernet2/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0036.ffaa.3781 (bia 0036.ffaa.3781) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 32/255, rxload 32/255 Encapsulation ARPA, loopback not set Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never Last clearing of \
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 208 Queueing strategy: fifo Output queue: 0/0 (size/max)
5 minute input rate 128709000 bits/sec, 182816 packets/sec 5 minute output rate 128898000 bits/sec, 182237 packets/sec 87752023 packets input, 7753956242 bytes, 0 no buffer Received 87752023 broadcasts (32393650 multicasts) ......
88340976 packets output, 7848486122 bytes, 0 underruns ......
CPU使用率: sh processes cpu
CPU utilization for five seconds: 43%/32%; one minute: 29%; five minutes: 13%