NE5000E下挂交换机由于配置问题成环导致ISIS邻居频繁UP、DOWN

发布时间:  2011-11-08 浏览次数:  52 下载次数:  0
问题描述
版本信息:
NE5000E:vrp (r) software, version 5.70 (ne5000e v300r007c00spc500)+v300r007c00spc012
S9306:s9300 v100r002c00spc200+v100r002sph017
与版本无关。

组网概述:
         vlanif 10—————————————gi2/14/1/0
S9306                                                                    NE5000E
         vlanif 20—————————————gi2/14/1/1

故障概述:S9306通过2条GE链路启vlanif接口与NE5000E互联,分别起ISIS协议建立邻居关系,1条链路上的isis邻居关系频繁up/down。


NE5000E日志中有如下信息:
oct 24 2011 23:50:30 r1-c-xpf-ne5000e %%01isis/4/peer_down_reptp2padj(l)[14151075]:is-is 2004 neighbor 2221.7600.1183 was down on interface ge2/14/1/0 because repeated p2p neighbors were found. the hello packet was received at 23:50:29 last time; the maximum interval for sending hello packets was 9933989; the local router sent 1179822 hello packets and received 12205 packets; the type of the hello packet was p2p.

处理过程
从日志信息分析来看,造成ISIS邻居关系频繁up/down的原因是发现了重复的P2P邻居,经咨询即从一个端口发出的hello报文又从另外的端口收到了。

1、任意关闭其中1条链路,ISIS邻居关系都能正常建立并保持稳定,排除链路或ISIS配置问题;
2、检查NE5000E上的接口配置,无问题:
<ne5000e>display cu interface gigabitethernet 2/14/1/0
#
interface gigabitethernet2/14/1/0
 mtu 4470
 description dakehudaikuanbaozhang-9306-f1108150123::odf-9-9-e-7/8
 undo shutdown
 ip address 222.176.30.17 255.255.255.252
 isis enable 2004
 isis circuit-type p2p
 isis circuit-level level-2
 isis cost 1000
 isis small-hello
 ip netstream inbound
#

<ne5000e>display cu interface gigabitethernet 2/14/1/1
#
interface gigabitethernet2/14/1/1
 mtu 4470
 description dakehudaikuanbaozhang-9306-f1108150125::odf-9-9-e-9/10
 undo shutdown
 ip address 222.176.30.21 255.255.255.252
 isis enable 2004
 isis circuit-type p2p
 isis circuit-level level-2
 isis cost 1000
 isis small-hello
 ip netstream inbound
#

3、检查S9306上的配置:
dis cu interface xgigabitethernet 6/0/1
#
interface xgigabitethernet6/0/1
description to-clc2-ne5000e
port hybrid pvid vlan 10
port hybrid untagged vlan 2 to 4094
#
return
dis cu interface xgigabitethernet 6/0/0
#
interface xgigabitethernet6/0/0
description to-clc2-ne5000e
port hybrid pvid vlan 20
port hybrid untagged vlan 2 to 4094
#
根因
用户分别在2个端口上配置了pvid vlan 10和20作为与NE5000E的互联,同时透传了vlan 2 to 4094,这样从NE5000E上发出来的hello报文到达S9306的端口gi6/0/0后匹配上pvid 20,打上vlan 20的tag,由于gi6/0/1上配置了untagged vlan 2 to 4094,这样hello报文又会从该端口转发出去并剥离掉vlan 20的tag,NE5000E收到后上送CPU处理,发现该报文是自己发出的,就认为下面产生环路,打印日志,并初始化isis邻居。
解决方案
修改S93的接口配置,去除环路
建议与总结
交换机在与路由器进行三层对接时,可以将端口设置为access模式,路由器上用物理端口与之对接;或者端口设置成trunk或hybyid模式,透传vlan,路由器上起子接口进行对接,尽量不要修改交换机端口的pvid或透传所有vlan,这样容易形成环路,导致协议异常。

END