Troubleshooting Switching
When troubleshooting interfaces and trunks, consider the following:
Confirm the state of the interfaces
# sh int | i line
If a interface is UP/DOWN, is it caused by a speed mismatch?
# sh int status
# sh int status
Is there a duplex mismath?
# sh int | i late collisions
# sh int | i late collisions
Is the switchport configured with the correct mode? (access/trunk/dynamic)
# sh int sw | i Name|Admin.*Mode
# sh int sw | i Name|Admin.*Mode
Are both sides of a trunk using the same encapsulation? (isl/do1q/negotiated)
# sh int trunk
# sh int trunk
Is the correct dot1q native VLAN used?
# sh int trunk
# sh int trunk
Is the dot1q native vlan the same between two switches on a link?
# sh int trunk
# sh int trunk
Are the pairing of default DTP modes able to negotiate a trunk successfully?
# sh dtp interface | i info|TOT
# sh dtp interface | i info|TOT
Are the correct interfaces configured to trunk to the correct switches?
# sh int trunk
# sh int trunk
Confirm the switch on the other side of a link.
# sh cdp neighbors
# sh cdp neighbors
If a SVI is DOWN/DOWN, does the SVI vlan exist?
# sh vlan brief | i {svi-vlan}
# sh vlan brief | i {svi-vlan}
If the trunk is connected to a router, was DTP disabled?
# sh run int {int} | i mode.trunk
# sh run int {int} | i mode.trunk
------------------------------------------------------------------------------------------
When troubleshooting user VLANs and host issues, consider the following:
Are you seeing a host's MAC address on the connected interface?
# sh mac-add int {int}
When troubleshooting user VLANs and host issues, consider the following:
Are you seeing a host's MAC address on the connected interface?
# sh mac-add int {int}
Are the correct VLAN assigned to a access interfaces? (Look at 'Vlan')
# sh int status
# sh int status
Are any MAC addresses hardcoded to an interface or null-switched?
# sh run | i mac.*static
# sh run | i mac.*static
Are other switches showing the host's MAC in their CAM table?
# sh mac-add add {mac}
# sh mac-add add {mac}
Are any VLAN's filtered on trunk links? (Look at 'Vlans allowed')
# sh int trunk
# sh int trunk
Are any ports exceeding the allowed amount of MAC address?
# sh port-security
# sh port-security
Are any interfaces in ERR-DISABLE state?
# sh int status
# sh int status
Any protected ports preventing communication?
# sh run | i interface|protected
# sh run | i interface|protected
Any unknown uni/multicast traffic blocked with port-block between switch ports?
# sh run | i interface|block
# sh run | i interface|block
Are any VLAN-ACLs configured to drop traffic?
# sh run | i vlan-list
# sh run | i vlan-list
Is 802.3x flow control disabled?
# sh flowcontrol
# sh flowcontrol
--------------------------------------------------------------------------------------
When troubleshooting VTP, consider the following:
Is the same VTP domain name used throughout the VTP domain? (Name is CaSe-SenSitive)
When troubleshooting VTP, consider the following:
Is the same VTP domain name used throughout the VTP domain? (Name is CaSe-SenSitive)
# sh vtp status | i Name
Are the switches in the correct VTP modes? (Server/Client/Transparent)# sh vtp status | i mode
Is the MD5 digest the same between switches in a VTP domain?
# sh vtp status | i MD5
# sh vtp status | i MD5
Before adding a new switch, confirm its config revision is LOWER than a server's!
# sh vtp status | i Revision
# sh vtp status | i Revision
f not change it to zero, by changing mode to tranparent and back
#vtp mode transparent|server
#vtp mode transparent|server
When troubleshooting dot1q tunnels, consider the following:
Was end-to-end layer2 connectivity tested before hand?
Was the system MTU increased (1504 bytes) to cater for the metro tag?
# sh system mtu
Was the system MTU increased (1504 bytes) to cater for the metro tag?
# sh system mtu
Was the dot1q tunnel mode specified?
# sh run int {int} | i tunnel.*mode
# sh run int {int} | i tunnel.*mode
Was the correct metro tag defined?
# sh run int {int} | i access vlan
# sh run int {int} | i access vlan
If required was CDP, VTP and STP transport enabled?
# sh run int {int} | i l2prot
# sh run int {int} | i l2prot
When troubleshooting etherchannels, consider the following:
------------------------------------------------------------------------------------------
What are the state of the ports and the channel status?
# sh etherchannel summary
------------------------------------------------------------------------------------------
What are the state of the ports and the channel status?
# sh etherchannel summary
(U) means the port is in use and (D) means the port is down
(SU) means layer2-channel UP and (SD) means layer2-channel is DOWN
(RU) means layer3-channel UP and (RD) means layer3-channel is DOWN
(SU) means layer2-channel UP and (SD) means layer2-channel is DOWN
(RU) means layer3-channel UP and (RD) means layer3-channel is DOWN
Do both sides use the same channeling protocol?
# sh run int {int} | i mode
# sh run int {int} | i mode
Are they compatible to negotiate? (NOT passive-to-passive etc)
Do all member ports have the same configuration?
# sh run int {int}
Do all member ports have the same configuration?
# sh run int {int}
Was the configuration done in the correct order? If not delete and do it again!
When troubleshooting STP, consider the following:
Is the expected switch the root bridge for a specific vlan? (Root ID = Bridge ID)
# sh span vlan {vlan}
When troubleshooting STP, consider the following:
Is the expected switch the root bridge for a specific vlan? (Root ID = Bridge ID)
# sh span vlan {vlan}
If not, which switch is the root bridge? (Follow the root port!)
# sh span vlan {vlan} | i Root
# sh span vlan {vlan} | i Root
Find the switch attached to that port, and repeat until on the root.
# sh cdp nei {root-port}
# sh cdp nei {root-port}
Why was a specific switch elected as root bridge?
Was the default bridge priority changed? (default is 32768 + sys-id-ext)
# sh span vlan 20 | i priority
Was the default bridge priority changed? (default is 32768 + sys-id-ext)
# sh span vlan 20 | i priority
Was the system ID extension disabled making the switch more preferred?
# sh run | i extend
# sh run | i extend
Remember routers don't use the Sys-id-ext, thus making them root by default!
If none of the above the switch with the highest MAC got elected
# sh span vlan {vlan} | i Address
If none of the above the switch with the highest MAC got elected
# sh span vlan {vlan} | i Address
Not seeing the expected ports in the expected states?
#sh span vlan {vlan} | i Root
#sh span vlan {vlan} | i Root
If not, establish why!
# sh span vlan {vlan} detail
# sh span vlan {vlan} detail
Which port has the lowest cumulative cost to the root? (lower = better)
# sh span vlan {vlan} detail | i cost
# sh span vlan {vlan} detail | i cost
A LOCAL root port can be influenced by changing port costs!
#span vlan {vlan} cost {cost}
#span vlan {vlan} cost {cost}
Which interface/s goes to the switch with lowest upstream bridge-ID?
# sh span vlan {vlan} det | i bridg|VLAN
# sh span vlan {vlan} det | i bridg|VLAN
Which port has the lowest port-ID? (port priority + port number)
# sh span vlan {vlan} det | i desig|VLAN
# sh span vlan {vlan} det | i desig|VLAN
This can be influenced by the upstream switch's port priority
#span vlan {vlan} priority {priority}
#span vlan {vlan} priority {priority}
Are any BDPU's filtered potentially causing STP loops?
# sh run | i bpdufilter|backup int
# sh run | i bpdufilter|backup int
Is spanning tree disabled for a specific vlan?
# sh spanning-tree vlan 20
# sh spanning-tree vlan 20
Are any interfaces in ERR-DISABLE state?
# sh int status
# sh int status
Are error recovery enabled for the required services?
# sh errdisable recovery
# sh errdisable recovery
No comments:
Post a Comment