Interface Was Down Due to Cable Faults

Publication Date:  2015-07-02 Views:  218 Downloads:  0
Issue Description
Network Topology:


The USG5500 firewall was connected to the NMS alarm system of the customer via a S9300 switch. The alarm system sent a short message indicating that the firewall could not be pinged, and interface GigabitEthernet 2/0/0 of the firewall was down.
Handling Process
1. The logs in the log buffer were checked. The logs during the fault period were overwritten and no log was found to indicate that interface GigabitEthernet 2/0/0 was down.

2. The statistics information about GigabitEthernet 2/0/0 was displayed. Both physical and protocol states of the interface were down, and output collisions (3417095 collisions, 3992031 late collisions) were detected. The fault was preliminarily considered to be caused by a negotiation failure between the firewall and S9300 switch.

GigabitEthernet2/0/0 current state : DOWN   
Line protocol current state : DOWN
Description : to NM-HH-JQ-CE-3.CDMA GI8/0/6(cuifei20090110), Route Port 
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec) 
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is xxxx-e8c6-xxxx
Media type is twisted pair,loopback not set,promiscuous mode not set
1000Mb/s-speed mode, full-duplex mode, link type is force link
QoS max-bandwidth : 1000000 Kbps
Output queue : (Urgent queue : Size/Length/Discards)  0/50/0
Output queue : (Frag queue : Size/Length/Discards)  0/1000/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 
Output queue : (FIFO queue : Size/Length/Discards)  0/256/0
    Last 300 seconds input rate 0  bytes/sec, 0  packets/sec
    Last 300 seconds output rate 0  bytes/sec, 0  packets/sec
    Input: 14254885741 packets, 8108104528255 bytes
           14143174408 unicasts, 2982571 broadcasts, 108728579 multicasts
           183 errors, 0 runts, 0 giants, 162 FCS
           0 length error, 0 code error, 0 align errors, 21 other errors
    Output:17016508160 packets,  11022316376423 bytes
           16903289113 unicasts, 387050 broadcasts, 108848582 multicasts
           0 errors, 3417095 collisions, 3992031 late collisions
           0 ex. collisions, 0 FCS error
           0 deferred, 0 runts, 0 giants, 0 other errors

3. The negotiation mode of GigabitEthernet2/0/0 was displayed, and it was 1000M forced full duplex mode.

interface GigabitEthernet2/0/0
duplex full
description to NM-HH-JQ-CE-3.CDMA GI8/0/6(cuifei20090110)

4. The negotiation mode of the S9300 switch was 1000M autonegotiation and cannot be changed to forced 1000M. When both the firewall and S9300 were set to autonegotiation, the speed was only 100M. If autonegotiation was configured on one side and forced speed was configured on the other side, the negotiation failed. Meanwhile, the negotiated speed was only 100M, indicating that the link was abnormal.

5. After the following steps were performed, it was confirmed that the fault was caused by the cable connector. The faulty connector made the link unstable, leading to the failure of the negotiation between the firewall and S9300 switch and eventually the interface was down.
   1) The speed on the firewall was changed from forced speed to autonegotiation. The negotiated speed was only 100M.
   2) The cable was replaced. Then, the negotiated speed was 1000M.
   3) The connectors of the original cable were replaced. Then, the negotiated speed was 1000M.
Root Cause
Firewall interface GigabitEthernet 2/0/0 was down because the connectors of the cable between the firewall and switch were not properly prepared. 
Replace the cable connectors and ensure that the connectors and cable are normal.