This article is intended: a good memory as bad written, this information from the network, the main purpose of combing end, if infringement contact will be deleted.
Abstract: When using the SDN VXLAN-based solutions, the basic requirement is to modify the physical network MTU, let it be greater than 1600 (NSX), the following summarizes several major manufacturers to configure different models or versions of the switch, the future will continue to update, too Please have been configured experienced counterparts to help supplement.
Configuration Description:
When the general configuration of MTU, note that all devices arranged end to end along the way, if the source and destination in the same network segment, only need to configure all the devices along the interface Layer MTU. Generally in accordance with the different devices may require global configuration MTU, the MTU or disposed on the corresponding interface.
If the source and destination in a different network segment, arranged along all Layer except the MTU, the need to configure the gateway interface the two networks MTU (Layer interface).
Arrangement is a general interface vlan 100, mtu 1600
Cisco Series Switches
Nexus Series Switches:
Three MTU
#SVI interface configuration: Switch (config) #interface VLAN. 1 Switch (config-IF) #mtu 9216 # Physical Layer Interface Configuration: Switch (config) 1/1 #interface Ethernet Switch (config-IF) #no switchport Switch ( config-if) #mtu 9216
MTU story
Layer MTU can be configured based on the port or by Qos. At present, only Nexus 7000, 7700, 9300, and 9500 support port configurations MTU. Nexus 3048, 3064, 3100, 3500, 5000, 5500, and 6000 configuration This configuration will take effect on all interfaces;
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
Nexus 7000, 7700, 9300, and 9500 configuration
The following is based on interface configurations:
Switch(config)#interface ethernet 1/1 Switch(config-if)#mtu 9216
Nexus 2000 configuration
Note: the Nexus 2000 MTU configuration needs to be configured on a switch FEX parent, if the parent Switches support MTU interface, then the interface configuration corresponding to, if not, you need to use network-qos.
Note that when using FEX, Fabric Port Channel (FPC), which is connected to a port aggregation group FEX also need to configure the MTU
interface port-channel136 switchport mode fex-fabric fex associate 136 vpc 136 mtu 9216
Note: After version 6.2, Nexus 7000 Fabric Port Channel does not support direct interface to configure the MTU, you must create a global QoS policy to adjust MTU.
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
MTU value verification:
Three MTU
# All Nexus series switches can interface through show eth x / y command to view the interface MTU: Nexus # interface ethernet 1/19 Show Ethernet1 / 19 IS up Dedicated Interface Hardware: 100/1000/10000 Ethernet, address: 547f.ee5d. 413 c (BIA 547f.ee5d.40fa) MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec # using the show interface vlan X command to view the interface SVI MTU: Leaf3 Show # interface vlan 1 Vlan1 IS Down (Non-Routable the MODE VDC), Line IS Down Protocol Hardware EtherSVI IS, IS 547f.eed8.ec7c address Internet address IS 1.1.1.1/23 MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec
MTU story
#Nexus 3100, 3500, 5000, 5500, 及 6000
Nexus#show queuing interface ethernet 1/1
Ethernet1/1 queuing information:
TX Queuing
qos-group sched-type oper-bandwidth
0 WRR 100
RX Queuing
qos-group 0
q-size: 469760, HW MTU: 9216 (9216 configured)
#Nexus 3000, 7000, 7700, 及 9000
Nexus#show interface ethernet 1/12
Ethernet1/12 is up
admin state is up, Dedicated Interface
Hardware: 1000/10000 Ethernet, address: 7c0e.ceca.f183 (bia 7c0e.ceca.f183)
MTU 9216 bytes, BW 10000000 Kbit, DLY 10 usec
#Nexus 5000, 6000, 及 7000 的 FEX 接口
Nexus#show queuing interface ethernet 136/1/1
if_slot 68, ifidx 0x1f870000
Ethernet136/1/1 queuing information:
Input buffer allocation:
Qos-group: 0
frh: 3
drop-type: drop
cos: 0 1 2 3 4 5 6 7
xon xoff buffer-size
---------+---------+-----------
19200 78080 90880
Queueing:
queue qos-group cos priority bandwidth mtu
--------+------------+--------------------+---------+----------------+--------
3 0 0 1 2 3 4 5 6 WRR 100 9280
#**Nexus 9000 的FEX 接口 **
9396-B#show interface ethernet 104/1/1
Ethernet104/1/1 is up
admin state is up,
Hardware: 100/1000 Ethernet, address: 5475.d0e0.e5c2 (bia 5475.d0e0.e5c2)
MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec
Common causes switch interface appears (err-disable) are:
- EtherChannel misconfiguration (port link aggregation protocol (PAgP oscillation))
- Duplex mismatch (duplex mismatch)
- BPDU port guard
- UDLD (Uni-Link Detection)
- Link-flap error (oscillating link)
- Loopback error
- Port security violation
- DHCP Snooping speed limit
The reason err-disable analysis:
. 1, an EtherChannel misconfiguration: Ethernet Channel (EC) Configuration error:
If you want the EC to work properly, the EC participation to the configuration port binding, must be consistent, such as in the same VLAN, same trunk mode, speed, duplex mode match and so on. If the EC disposed at one end, while the other end is not configured EC, STP will participate in the closed configuration to the EC EC one port. And when the swing is in PAgP mode on the mode switch information is not sent out to PAgP negotiation. In this case STP determines the loop problem, so the port is set to err-disable state
The solution: the FEC mode configuration for the channel-group 1 mode desirable non- silent This means that only when the two sides after the FEC negotiated successfully established channel, otherwise the interface is still in the normal state.
2, Duplex mismatch: mismatched duplex mode.
After the end configured to half-duplex, he will detect whether the peer data transmission, only stop transmitting data to the end, he would like to send ack packet to make the link up, but to end it became a full-duplex configuration he do not care whether the link is idle, so that he would stop sending requests link up, so go on, the link state becomes the err-disable.
3, BPDU port guard: BPDU lead
That is, and portfast BPDU guard and relevant. If an interface is configured portfast, that means that this interface should be connected to a pc, pc will not send BPDU frame spanning-tree is, so this port also receives BPDU to generate spanning-tree, the administrator is also out of good intentions on the same interface is configured with BPDU guard to prevent unknown BPDU frame to enhance security, but he just does not care to configure a switch receives this BPDU guard and portfast on the interface, so this interface received a BPDU frame, because the configuration the BPDU guard, this interface is natural to enter into err-disable state.
Solution: no spanning-tree portfast bpduguard default, or directly to the portfast off.
4, UDLD: Unidirectional Link Detection
2 is a private UDLD cisco layer protocol for unidirectional link problem detection. Sometimes the physical layer is up but the link layer is down, this time you need UDLD to detect whether the link is really up. When the ends are configured UDLD AB, A sends B a frame containing its own port id UDLD after UDLD B receives a return frame, and which contains the A port id received, when A receives after this frame and the port id found himself among them, that this link is good. Conversely becomes a err-disable state. Suppose A is configured with UDLD, and B is not configured UDLD: A to B to send a frame containing its own port id after receipt of B does not know what the frame is that it does not return a UDLD frame contains the port id of A , this time a link would think this is a one-way link, naturally became the err-disable state.
5, Link-flap error: error jitter link.
When the link up again within 10 seconds, Down five, then proceeds to err-disable state.
6, Loopback error: error loop
When keepalive information, and from which this information is received from the interface after the switch egress port is sent, the loop error occurs. Keepalive message is sent out from all ports the switch by default. However, due to STP failed to block certain ports, causing these messages may be forwarded back to form a logical loop. Port will therefore enter err-disable state
7, port security: Port security policy violation
Port security feature is provided according to the MAC address, the dynamic characteristics of the switch port protection. In violation of this policy will lead to enter the port err-disable state. Thanks to a port-security violation shutdown
Manual recovery mode err-disable of:
? Switch to enter the global configuration mode, perform errdisable recovery cause, you will see the following message:
Switch(config)#errdisable recovery cause ?
all Enable timer to recover from all causes
bpduguard Enable timer to recover from BPDU Guard error disable state
channel-misconfig Enable timer to recover from channel misconfig disable state
dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state
dtp-flap Enable timer to recover from dtp-flap error disable state
gbic-invalid Enable timer to recover from invalid GBIC error disable state
l2ptguard Enable timer to recover from l2protocol-tunnel error disable state link-flap Enable timer to recover from link-flap error disable state loopback Enable timer to recover from loopback detected disable state pagp-flap Enable timer to recover from pagp-flap error disable state psecure-violation Enable timer to recover from psecure violation disable state security-violation Enable timer to recover from 802.1x violation disable state udld Enable timer to recover from udld error disable state unicast-flood Enable timer to recover from unicast flood disable state vmps Enable timer to recover from vmps shutdown error disable state
From the options listed, we can see, there are a lot of reasons cause the port is placed in an error state, assume that the cause of non-err-disable loop, you can type commands directly:
Switch(config)#errdisable recovery cause loopback #显示被置于错误状态端口的恢复情况
Switch# show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
udld Disabled
bpduguard Disabled
security-violatio Disabled
channel-misconfig Disabled
vmps Disabled
pagp-flap Disabled
dtp-flap Disabled link-flap Disabled gbic-invalid Disabled l2ptguard Disabled psecure-violation Disabled gbic-invalid Disabled dhcp-rate-limit Disabled unicast-flood Disabled loopback Enabled Timer interval: 300seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left (sec) --------- ----------------- ----- --------- the Fa0 / 276. 8 Loopback the Fa0 / 267. 17 Loopback the Fa0 / 20 is Loopback 250 # information display can be seen from the above, this switch has three ports (Fa0 / 8, Fa0 / 17 , Fa0 / 20), respectively, will resume after 276,267,250 seconds a normal state, the reality is this, I waited a few minutes later, we found a laptop computer, were received tried it on these ports, port can work normally. This time finally re-switch without a case, several in "suspended animation" port state "save" back.
By configuring the recovery cause errdisable? Recovery err-disable, IOS trying to recover after a period of time is set to err-disable an interface, this time the default is 300 seconds. However, if the source err-disable cause no cure, after recovery, the interface will again be set to err-disable. Adjust err-disable timeout, use the following command:
W1 (config) #errdisable Recovery interval The?
<30-86400> timer- interval The (sec)
can be adjusted 30-86400 seconds. The default is 300 seconds.
If an err- reason disable is udld, below there is a very useful command:
SW1 # UDLD the RESET
No the ports are Disabled by UDLD.