S5700交换机端口阻塞

发布时间:  2016-08-28 浏览次数:  275 下载次数:  0
问题描述
组网结构:某局点实施,采用两台AR2240(V200R005C20SPC200)两台S5700(V200R008C00SPC500),AR2240 之间做链路捆绑,S5700之间做链路捆绑二三层混跑,两台交换机分别上联两台路由器,之间采用ospf路由协议。

 配置:
A交换机:
interface Vlan 5                                     
ip address 15.108.25.253 255.255.255.0
vrrp vrid 5 virtual-ip 15.108.25.254
#
#
interface Vlan 501
description TO-S5756-02-Eth-trunk10
ip address   15.198.201.169 255.255.255.252                                 
ospf network-type p2p
#
interface Eth-trunk 10
description TO-S5756-01-ET10
port link-type trunk
port trunk allow-pass vlan all
undo port trunk allow-pass vlan 1
trust dscp
#
interface Vlanif 502
description TO-AR2240-01-GigabitEthernet5/0/2
ip address 15.198.0.158 255.255.255.252
ospf network-type p2p
ospf cost XX                                   
#
interface LoopBack0
ip address 15.198.202.105 255.255.255.255                                 
#
interface G0/0/50                                      
description TO-S5756-01-G0/0/50
Eth-trunk 10
#
interface G0/0/51                                      
description TO-S5756-01-G0/0/51
Eth-trunk 10
#
interface G0/0/52                                   
description TO-DD-DDGS-AR2240-02-GigabitEthernet5/0/2
port link-type access
port default vlan 502
trust dscp
#
interface GigabitEthernet0/0/49
description TO-DD-DDGS-S5756-04-GigabitEthernet0/0/52
port link-type trunk
port trunk allow-pass vlan   5 501 502
undo port trunk allow-pass vlan 1
#
ospf 100 router-id 10.197.202.105                             
silent-interface LoopBack0
enable log
area 50
network 15.198.202.105 0.0.0.0
network 15.108.25.0 0.0.0.255
network  15.198.201.169 0.0.0.0
network  15.198.0.158 0.0.0.0


 B交换机:
interface Vlan 5                                     
ip address 15.108.25.252 255.255.255.0
vrrp vrid 5 virtual-ip 15.108.25.254
vrrp vrid 5 priority 110
#
#
interface Vlan 501
description TO-S5756-01-Eth-trunk10
ip address   15.198.201.170 255.255.255.252                                 
ospf network-type p2p
#
interface Eth-trunk 10
description TO-S5756-01-ET10
port link-type trunk
port trunk allow-pass vlan all
undo port trunk allow-pass vlan 1
trust dscp
#
interface Vlanif 502
description TO-AR2240-02-GigabitEthernet5/0/2
ip address 15.198.0.162 255.255.255.252
ospf network-type p2p
ospf cost XX                                    
#
interface LoopBack0
ip address 15.198.202.106 255.255.255.255                                 
#
interface G0/0/50                                      
description TO-S5756-01-G0/0/50
Eth-trunk 10
#
interface G0/0/51                                      
description TO-S5756-01-G0/0/51
Eth-trunk 10
#
interface G0/0/52                                   
description TO-DD-DDGS-AR2240-02-GigabitEthernet5/0/2
port link-type access
port default vlan 502
trust dscp
#
interface GigabitEthernet0/0/49
description TO-DD-DDGS-S5756-04-GigabitEthernet0/0/52
port link-type trunk
port trunk allow-pass vlan   5 501 502
undo port trunk allow-pass vlan 1
#
ospf 100 router-id 10.197.202.106                             
silent-interface LoopBack0
silent-interface vlanif5
enable log
area 50
network 15.198.202.106 0.0.0.0
network 15.108.25.0 0.0.0.255
network  15.198.201.170 0.0.0.0
network  15.198.0.162 0.0.0.0
#
发生的问题:A交换机下联的一个加油站无法上网



处理过程
登陆设备后发现,A设备上交换机的上联口是阻塞的,物理链路没有问题,但是当我们查看STP brief 的时候,发现上联口是阻塞的,再看A设备上的配置,
发现ospf 里面没有silent 掉 vlanif 5,初步推断是vrrp全网泛洪导致的,但是silent掉 vlanif 5 我们发现问题依然存在,之后我们发现A交换记得下联口,也就是
连接加油站无法上网的端口,我们发现放行了vlan 501 和vlan 502 ,经与加油站联系,加油站使用的是vlan 501,因为trunk口放行了vlan 501,所以导致了A交换机上联
口的逻辑环路,阻塞了交换机的上联口。之后,我们将交换机与路由器的互联vlan改为了vlan 1001 解决了这一问题。
根因

接入vlan与互联vlan之间相同导致冲突

解决方案
项目的实施,不但要理清现网的结构,更要理清现网中的设备的配置,尤其是与不替换的设备对接时 ,了解不替换设备的配置情况。

END