张文宁,某局点 S12500X-AF升级后直连fw不通,对端arp学习异常问题
组网及说明
/
告警信息
/
问题描述
接到某公司反馈一组S12500X备FW互联,升级后版本到R2820+H03后,与备FW直连不通,业务走主FW,业务暂未受影响:
我们的表项学习正常:
===============display mac-address===============
MAC Address VLAN ID State Port/Nickname Aging
642f-c7c7-51f1 1015 Learned BAGG1015 Y
===============display arp all===============
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
10.112.255.236 642f-c7c7-51f1 1015 BAGG1015 1200 D
抓包只看到发送过来的报文:
Debug 我们却有收有发:
*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_RCV: -MDC=1-Slot=0; Received an ARP message, operation: 1, sender MAC: 642f-c7c7-51f1, sender IP: 10.112.255.236, target MAC: 0000-0000-0000, target IP: 10.112.255.233
*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_SEND: -MDC=1-Slot=0; Sent an ARP message, operation: 2, sender MAC: 0000-5e00-010f, sender IP: 10.112.255.233, target MAC: 642f-c7c7-51f1, target IP: 10.112.255.236
*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_RCV: -MDC=1-Slot=0; Received an ARP message, operation: 1, sender MAC: 642f-c7c7-51f1, sender IP: 10.112.255.236, target MAC: 0000-0000-0000, target IP: 10.112.255.234
*Oct 12 20:57:52:481 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_SEND: -MDC=1-Slot=0; Sent an ARP message, operation: 2, sender MAC: 74ea-c828-0001, sender IP: 10.112.255.234, target MAC: 642f-c7c7-51f1, target IP: 10.112.255.236
过程分析
从debug信息分析,问题锁定在设备发包环节上,进一步对应的物理端口,发现物理UP,但底层被错误的STP block了:
Aggregate Interface: Bridge-Aggregation1015
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 74ea-c828-0000
Local:
Port Status Priority Index Oper-Key Flag
XGE0/0/11 S 32768 9 9 {ACDEF}
XGE0/0/12 S 32768 18 9 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
XGE0/0/11(R) 32768 292 3 0x8000, 642f-c7c7-51f0 {ACDEF}
XGE0/0/12 32768 293 3 0x8000, 642f-c7c7-51f0 {ACDEF}
#
interface Bridge-Aggregation1015
description to_WIFI-FW01-outside
port access vlan 1015
link-aggregation mode dynamic
STP edged-port
#
====bcm slot 0 chip 0 ps====
xe11( 11) up 10G FD SW No Block None FA SR 12284
xe12( 12) up 10G FD SW No Forward None FA SR 12284
====debug port mapping chassis 1 slot 0====
[Interface] [Unit] [Port] [Name] [Combo?] [Active?] [IfIndex] [MID] [Link]
=======================================================================
XGE0/0/11 0 11 xe11 no no 0xb 0 up
XGE0/0/12 0 12 xe12 no no 0xc 0 up
XGE0/0/13 0 13 xe13 no no 0xd 0 up
因此可以锁定是版本已知问题:
202203150167
问题现象:震荡DR接口,概率出现DR聚合成员端口被STP BLOCK。
问题产生条件:全局使能STP,震荡DR接口。
说明:对于已有问题的环境,安装补丁后需要先shutdown/undo shutdown接口恢复。
解决方法
综上,现场打H03补丁前触发了已知问题,T0/0/11口底层错误STP block了,所以转发不通,现场已经部署H03补丁,只要shutdown/undo shutdown T0/0/11即可恢复。
版权声明:我们致力于保护作者版权,注重分享,本文内容及图片(只作为美观性配图使用)由CRM小助手整理收集与网络(无任何非法侵犯第三方意图),仅供学习参考交流使用,不代表CRM论坛观点。如有侵权,请联系我们,我们将及时删除处理。
CRM论坛投稿:投稿地址
CRM论坛(CRMBBS.COM)始办于2019年,是致力于CRM实施方案、免费CRM软件、SCRM系统、客户管理系统的垂直内容社区网站,CRM论坛持续专注于CRM领域,在不断深化理解CRM系统的同时,进一步利用新型互联网技术,为用户实现企业、客户、合作伙伴与产品之间的无缝连接与交互。