Implement and Troubleshoot Switch Administration
Managing MAC Address Table
The MAC address table contains address information that a switch uses to forward traffic between ports
- MACs are associated with 1 or more ports
- Dynamic address
- Switch learned addresses that will age out when not in use
- Static Addresses
- Manually entered, does not age and not lost during switch reset
Disabling MAC Address Learning on Interface or VLAN
- Causes flooding on network
- Disabling on SVI, all IP packets are flooded in L2 domain
- No mac address-table learning [interface]
- Show vlan internal usage
- Show mac address-table learning [interface]
- Default mac address-table learning (Global config)
Errdisable Recovery
Software on switch that detects an error situation and diables the port
- Port is effectivly shutdown
- LED is set to amber
- Show interface
cat6knative#show interfaces gigabitethernet 4/1 status PortName Status Vlan DuplexSpeed Type Gi4/1err-disabled 100full 1000 1000BaseSX
- Syslog Message example (BPDU Guard)
- %SPANTREE-SP-2-BLOCK_BPDUGUARD:
Received BPDU on port GigabitEthernet4/1 with BPDU Guard enabled. Disabling port.
%PM-SP-4-ERR_DISABLE:
bpduguard error detected on Gi4/1, putting Gi4/1 in err-disable state
- %SPANTREE-SP-2-BLOCK_BPDUGUARD:
- Causes of error disable
- Duplex mismatch
- Port channel misconfiguration
- BPDU guard violation
- UniDirectional Link Detection (UDLD) condition
- Late-collision detection
- Link-flap detection
- Security violation
- Port Aggregation Protocol (PAgP) flap
- Layer 2 Tunneling Protocol (L2TP) guard
- DHCP snooping rate-limit
- Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
- Address Resolution Protocol (ARP) inspection
- Inline power
- Error disable detection is enabled by default
- Disable – no errdisable detect cause
- Show errdisable detect
cat6knative#show errdisable recovery ErrDisable ReasonTimer Status ------------------------------- udld Enabled bpduguardEnabled security-violatioEnabled channel-misconfigEnabled pagp-flapEnabled dtp-flap Enabled link-flapEnabled l2ptguardEnabled psecure-violationEnabled gbic-invalid Enabled dhcp-rate-limitEnabled mac-limitEnabled unicast-floodEnabled arp-inspection Enabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: InterfaceErrdisable reasonTime left(sec) -------------------------------------------- Fa2/4bpduguard273
- Recover port from error disable
- Identify root cause of errdisable
- Correct the problem
- Re enable the port
- Shutdown , no shutdown on the interface
- Cmd: Errdisable recovery
cat6knative#errdisable recovery cause ? all Enable timer to recover from all causes arp-inspectionEnable timer to recover from arp inspection error disable state bpduguard Enable timer to recover from BPDU Guard error disable state channel-misconfig Enable timer to recover from channel misconfig disable state dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state dtp-flapEnable timer to recover from dtp-flap error disable state gbic-invalidEnable timer to recover from invalid GBIC error disable state l2ptguard Enable timer to recover from l2protocol-tunnel error disable state link-flap Enable timer to recover from link-flap error disable state mac-limit Enable timer to recover from mac limit disable state pagp-flap Enable timer to recover from pagp-flap error disable state psecure-violation Enable timer to recover from psecure violation disable state security-violationEnable timer to recover from 802.1x violation disable state udldEnable timer to recover from udld error disable state unicast-flood Enable timer to recover from unicast flood disable state
L2 MTU
The MTU on a switch may need to be adjusted based on protocols being used. Example: 802.1q tunnel requires extra header space, adjusting the MTU from 1500 to 1504 would prevent fragmentation.