CCIE RS – Written – L2 – Implement and Troubleshoot Switch Administration

Implement and Troubleshoot Switch Administration

Managing MAC Address Table

The MAC address table contains address information that a switch uses to forward traffic between ports

  • MACs are associated with 1 or more ports
  • Dynamic address
    • Switch learned addresses that will age out when not in use
  • Static Addresses
    • Manually entered, does not age and not lost during switch reset

Disabling MAC Address Learning on Interface or VLAN

  • Causes flooding on network
  • Disabling on SVI, all IP packets are flooded in L2 domain
  • No mac address-table learning [interface]
  • Show vlan internal usage
  • Show mac address-table learning [interface]
  • Default mac address-table learning (Global config)

Errdisable Recovery

Software on switch that detects an error situation and diables the port

  • Port is effectivly shutdown
  • LED is set to amber
  • Show interface
cat6knative#show interfaces gigabitethernet 4/1 status

PortName Status Vlan DuplexSpeed Type
Gi4/1err-disabled 100full 1000 1000BaseSX
  • Syslog Message example (BPDU Guard)
    • %SPANTREE-SP-2-BLOCK_BPDUGUARD:
         Received BPDU on port GigabitEthernet4/1 with BPDU Guard enabled. Disabling port.
      %PM-SP-4-ERR_DISABLE:
         bpduguard error detected on Gi4/1, putting Gi4/1 in err-disable state
  • Causes of error disable
    • Duplex mismatch
    • Port channel misconfiguration
    • BPDU guard violation
    • UniDirectional Link Detection (UDLD) condition
    • Late-collision detection
    • Link-flap detection
    • Security violation
    • Port Aggregation Protocol (PAgP) flap
    • Layer 2 Tunneling Protocol (L2TP) guard
    • DHCP snooping rate-limit
    • Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
    • Address Resolution Protocol (ARP) inspection
    • Inline power
  • Error disable detection is enabled by default
    • Disable – no errdisable detect cause
    • Show errdisable detect
cat6knative#show errdisable recovery
ErrDisable ReasonTimer Status
-------------------------------
udld Enabled
bpduguardEnabled
security-violatioEnabled
channel-misconfigEnabled
pagp-flapEnabled
dtp-flap Enabled
link-flapEnabled
l2ptguardEnabled
psecure-violationEnabled
gbic-invalid Enabled
dhcp-rate-limitEnabled
mac-limitEnabled
unicast-floodEnabled
arp-inspection Enabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

InterfaceErrdisable reasonTime left(sec)
--------------------------------------------
Fa2/4bpduguard273
  • Recover port from error disable
    • Identify root cause of errdisable
    • Correct the problem
    • Re enable the port
      • Shutdown , no shutdown on the interface
      • Cmd: Errdisable recovery
cat6knative#errdisable recovery cause ?
all Enable timer to recover from all causes
arp-inspectionEnable timer to recover from arp inspection error disable
state
bpduguard Enable timer to recover from BPDU Guard error disable
state
channel-misconfig Enable timer to recover from channel misconfig disable
state
dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error
disable state
dtp-flapEnable timer to recover from dtp-flap error disable state
gbic-invalidEnable timer to recover from invalid GBIC error disable
state
l2ptguard Enable timer to recover from l2protocol-tunnel error
disable state
link-flap Enable timer to recover from link-flap error disable
state
mac-limit Enable timer to recover from mac limit disable state
pagp-flap Enable timer to recover from pagp-flap error disable
state
psecure-violation Enable timer to recover from psecure violation disable
state
security-violationEnable timer to recover from 802.1x violation disable
state
udldEnable timer to recover from udld error disable state
unicast-flood Enable timer to recover from unicast flood disable state

L2 MTU

The MTU on a switch may need to be adjusted based on protocols being used. Example: 802.1q tunnel requires extra header space, adjusting the MTU from 1500 to 1504 would prevent fragmentation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.