USG5500防火墙跟S5300静态lacp对接接口不up

发布时间:  2014-06-24 浏览次数:  446 下载次数:  0
问题描述
USG5500防火墙跟S5300静态lacp对接接口不up。
故障现象:
USG5500侧查看:
[USG5500]display interface brief                  //Eth-trunk 2物理和协议都down
11:07:27  2014/01/03    
PHY: Physical      
*down: administratively down                   
^down: standby down
(s): spoofing      
InUti/OutUti: input utility/output utility     
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors   
Cellular0/1/0               down  up(s)       0%     0%          0          0   
Eth-Trunk2                  down  down     0.01%  0.01%          0          0   
  GigabitEthernet0/0/2      up    up       0.01%  0.01%          0          0   
  GigabitEthernet0/0/3      up    up       0.01%  0.01%          0          0 
[USG5500]display  trunk-membership eth-trunk  2    // Eth-trunk 2 down 
11:08:26  2014/01/03    
Trunk ID                     : 2               
Used Status                  : VALID           
TYPE  : Ethernet        
Working Mode                 : Load-balance    
Working State                : Normal          
Number Of Ports In Trunk     : 2               
Number Of Up Ports In Trunk  : 2               
Operate Status               : Down            
Interface GigabitEthernet0/0/2, valid, operate up, weight=1, standby interface NULL                    
                   
Interface GigabitEthernet0/0/3, valid, operate up, weight=1, standby interface NULL  
告警信息
处理过程
1、设备配置
////////////////////USG5500////////////////////
#                  
interface Eth-Trunk2    
alias Eth-Trunk2  
ip address 10.79.69.81 255.255.255.240        
mode lacp-static 
#                  
interface GigabitEthernet0/0/2                 
undo enable snmp trap updown physic-status    
eth-trunk 2       
#                  
interface GigabitEthernet0/0/3                 
undo enable snmp trap updown physic-status    
eth-trunk 2       
#

////////////////////S5300////////////////////
#                  
interface Eth-Trunk2 
mode lacp-static
#                   
interface GigabitEthernet0/0/21

  eth-trunk 2

#                 
interface GigabitEthernet0/0/33                
eth-trunk 2       

从USG5500侧查看

[USG5500]display lacp statistics eth-trunk 2       // lacp报文有收有发                      
11:09:24  2014/01/03    
Eth-Trunk2's PDU statistic is                 
  ------------------------------------------------------------------------------
Port                    LacpRevPdu   LacpSentPdu  MarkerRevPdu MarkerSentPdu   
GigabitEthernet0/0/2    30           31           0            0          
GigabitEthernet0/0/3    30           31           0            0       

S5300侧查看:
[S5300]display  interface brief                   //Eth-trunk 2物理和协议都down            
PHY: Physical      
*down: administratively down                   
^down: standby     
(l): loopback      
(s): spoofing      
(b): BFD down      
(e): ETHOAM down   
(d): Dampening Suppressed                      
InUti/OutUti: input utility/output utility     
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors   
Eth-Trunk0                  down  down        0%     0%          0          0   
Eth-Trunk1                  down  down        0%     0%          0          0   
Eth-Trunk2                  down  down        0%     0%          0          0   
  GigabitEthernet0/0/21     up    up       0.01%  0.01%          0          0   
  GigabitEthernet0/0/33     up    up       0.01%  0.01%          0          0 

[S5300]display  trunkmembership eth-trunk  2      // Eth-trunk 2 down
Trunk ID: 2        
used status: VALID 
TYPE: ethernet     
Working Mode : Static   
Number Of Ports in Trunk = 2                   
Number Of UP Ports in Trunk = 0                
operate status: down    
                   
Interface GigabitEthernet0/0/21, valid, operate down, weight=1,            
Interface GigabitEthernet0/0/33, valid, operate down, weight=1, 

[Quidway]display  lacp  statistics eth-trunk  2    // lacp报文只有发没有收 
Eth-Trunk2's PDU statistic is:                
------------------------------------------------------------------------------ 
Port                    LacpRevPdu   LacpSentPdu  MarkerRevPdu MarkerSentPdu   
GigabitEthernet0/0/21   0            157          0            0
GigabitEthernet0/0/33   0            157          0            0
3、故障结论:
S5300配置静态LACP模式链路聚合时,需要在接口视图下配置bpdu enable命令,使S5300能够接收并处理LACP协议报文;如果不执行该命令,则S5300将LACP协议报文丢弃,Eth-Trunk链路状态为Down。

4、解决方案:
bpdu enable :  使能BPDU功能只影响BPDU报文的接收,不影响报文发送。因此,没有使能BPDU功能的接口可以发送BPDU报文。如果不使能BPDU功能,将影响LACP、LLDP、STP和HGMP等需要通过BPDU报文进行交互 的功能。交换机上,某一个ETH-TRUNK链路的具体配置:
#
interface Eth-Trunk2    
mode lacp-static
bpdu enable            

#
 
根因
可能的原因:
1)链路问题
2)配置问题
3)协议兼容性问题
建议与总结


S系列交换机 (S9700/S7700/S5700/S3700)配置静态LACP模式链路聚合时,都需要配置BPDU enable,这个命令并不只对生成树协议起作用,bpdu enable命令用来配置接口允许以下报文通过:
LACP报文
NDP报文
NTDP拓扑收集报文
STP协议的BPDU报文
RSTP协议的BPDU报文
MSTP协议的BPDU报文
LLDP协议的BPDU报文
3AH协议的BPDU报文
所以配置以上协议的时候一定要注意开启BPDU。

END