问题:

交换机S5700与防火墙USG5500无法对接Eth-trunk LACP-static模式,两端正常配置后,端口状态显示错误,Eth-trunk端口无法up 。

问题描述:

交换机侧 GE0/0/5和GE 0/0/6 组成Eth-trunk3 通过LACP-static与防火墙对接;防火墙侧采用端口GE0/0/1和GE0/0/2组成Eth-trunk1通过LACP-static与交换机对接。

交换机侧配置:

interface Eth-Trunk3

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 301 321

mode lacp-static

#

interface GigabitEthernet0/0/5

eth-trunk 3

#

interface GigabitEthernet0/0/6

eth-trunk 3

#

防火墙侧的配置:

interface Eth-Trunk1

alias Eth-Trunk1

mode lacp-static

#interface GigabitEthernet0/0/1

undo enable snmp trap updown physic-status

eth-trunk 1

lacp peer-portno 0002

#

interface GigabitEthernet0/0/2

undo enable snmp trap updown physic-status

eth-trunk 1

lacp peer-portno 0003

#

交换机侧端口状态显示:

单独查看物理端口,其物理状态UP;

[Ser-9306-1]disp interface GigabitEthernet 0/0/5

GigabitEthernet0/0/5 current state : UP

Line protocol current state : UP

Description:

Switch Port, TPID : 8100(Hex), The Maximum Frame Length is 9216

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc99-5ec3

Last physical up time   : 2014-02-26 16:29 UTC-08:00

Last physical down time : 2014-02-26 16:29 UTC-08:00

Current system time: 2014-02-26 16:29-08:00

Hardware address is 4c1f-cc99-5ec3

Last 300 seconds input rate 0 bytes/sec, 0 packets/sec

Last 300 seconds output rate 0 bytes/sec, 0 packets/sec

Input: 177196 bytes, 1429 packets

Output: 178064 bytes, 1436 packets

Input:

Unicast: 0 packets, Multicast: 1429 packets

Broadcast: 0 packets

Output:

Unicast: 0 packets, Multicast: 1436 packets

Broadcast: 0 packets

Input bandwidth utilization  :    0%

Output bandwidth utilization :    0%

[Ser-9306-1]disp interface GigabitEthernet 0/0/6

GigabitEthernet0/0/6 current state : UP

Line protocol current state : UP

Description:

Switch Port, TPID : 8100(Hex), The Maximum Frame Length is 9216

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc99-5ec3

Last physical up time   : 2014-02-26 16:29 UTC-08:00

Last physical down time : 2014-02-26 16:29 UTC-08:00

Current system time: 2014-02-26 16:29-08:00

Hardware address is 4c1f-cc99-5ec3

Last 300 seconds input rate 0 bytes/sec, 0 packets/sec

Last 300 seconds output rate 0 bytes/sec, 0 packets/sec

Input: 177072 bytes, 1428 packets

Output: 177568 bytes, 1432 packets

Input:

Unicast: 0 packets, Multicast: 1428 packets

Broadcast: 0 packets

Output:

Unicast: 0 packets, Multicast: 1432 packets

Broadcast: 0 packets

Input bandwidth utilization  :    0%

Output bandwidth utilization :    0%

查看Eth-trunk时,却发现成员端口down,与单独查看的物理接口状态不一致!!!

[Ser-9306-1]display interface Eth-Trunk 3

Eth-Trunk3 current state : DOWN

Line protocol current state : DOWN

Description:

Switch Port, PVID :    1, Hash arithmetic : According to SIP-XOR-DIP,Maximal BW: 4294967.29G, Current BW: 0M, The Maximum Frame Length is 9216

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4c1f-cc99-5ec3

Current system time: 2014-02-26 16:29-08:00

Input bandwidth utilization  :    0%

Output bandwidth utilization :    0%

-----------------------------------------------------

PortName                      Status      Weight

-----------------------------------------------------

GigabitEthernet0/0/5          DOWN        1

GigabitEthernet0/0/6          DOWN        1

-----------------------------------------------------

The Number of Ports in Trunk : 2

The Number of UP Ports in Trunk : 0

[Ser-9306-1]display eth-trunk 3 verbose

Eth-Trunk3's state information is:

Local:

LAG ID: 3               WorkingMode: STATIC

Preempt Delay: Disabled     Hash arithmetic: According to SIP-XOR-DIP

System Priority: 32768      System ID: 4c1f-cc99-5ec3

Least Active-linknumber: 1  Max Active-linknumber: 8

Operate status: down        Number Of Up Port In Trunk: 0

--------------------------------------------------------------------------------

ActorPortName          Status   PortType PortPri PortNo PortKey PortState Weight

GigabitEthernet0/0/5   Unselect 1000TG   32768   6      913     10110000  1

GigabitEthernet0/0/6   Unselect 1000TG   32768   7      913     10110000  1

Partner:

--------------------------------------------------------------------------------

ActorPortName          SysPri   SystemID        PortPri PortNo PortKey PortState

GigabitEthernet0/0/5   32768    0000-0009-2700  32768   2      128     10100010

GigabitEthernet0/0/6   32768    0000-0009-2700  32768   3      128     10100010

防火墙侧也是类似的效果:

[FW-1]display interface GigabitEthernet 0/0/1

16:48:03  2014/02/26

GigabitEthernet0/0/1 current state : UP

Line protocol current state : UP

Description : Huawei, SRG Series, GigabitEthernet0/0/1 Interface, Route Port

The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-0009-2701

Eth-Trunk number: 1

QoS max-bandwidth : 1000000 Kbps

Output queue : (Urgent queue : Size/Length/Discards)  0/50/0

Output queue : (Frag queue : Size/Length/Discards)  0/1000/0

Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0

Output queue : (FIFO queue : Size/Length/Discards)  0/256/0

[FW-1]display interface GigabitEthernet 0/0/2

16:48:05  2014/02/26

GigabitEthernet0/0/2 current state : UP

Line protocol current state : UP

Description : Huawei, SRG Series, GigabitEthernet0/0/2 Interface, Route Port

The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-0009-2702

Eth-Trunk number: 1

QoS max-bandwidth : 1000000 Kbps

Output queue : (Urgent queue : Size/Length/Discards)  0/50/0

Output queue : (Frag queue : Size/Length/Discards)  0/1000/0

Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0

Output queue : (FIFO queue : Size/Length/Discards)  0/256/0

[FW-1]display interface Eth-Trunk 1

16:48:11  2014/02/26

Eth-Trunk1 current state : DOWN

Line protocol current state : DOWN

Description : Huawei, SRG Series, Eth-Trunk1 Interface, Route Port

Hash arithmetic : According to IP

The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)

Internet protocol processing : disabled

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-0009-2702

Eth-Trunk number: 1

Physical is ETH_TRUNK

Last 300 seconds input rate 0 bits/s, 0 packets/s

Last 300 seconds output rate 0 bits/s, 0 packets/s

packets input,  bytes

packets output,  bytes

[FW-1]display eth-trunk 1 verbose

16:48:30  2014/02/26

Eth-Trunk1's state information is:

Local:

LAG ID:1                               WorkingMode: STATIC

Preempt Delay: Disable                 Hash Arichmetic: According to IP

System Priority: 32768                 System ID: 0000-0009-2700

Lease active-linknumber: 1             Max active-linknumber: 8

Operate Status: down                   Number of Up Port in Trunk: 2

----------------------------------------------------

ActorPortName          Status   PortType PortPri PortNo PortKey PortState Weigth

GigabitEthernet0/0/1   Unselect 1GE      32768   2      128     10100010  1

GigabitEthernet0/0/2   Unselect 1GE      32768   3      128     10100010  1

Partner:

----------------------------------------------------

ActorPortName          SysPri    SystemID  PortPri PortNo  PortKey   PortState

GigabitEthernet0/0/1   65535  0000-0000-0000  65535  0     0         01000000

GigabitEthernet0/0/2   65535  0000-0000-0000  65535  0     0         01000000

trunk口不通防火墙_交换机S5700与防火墙USG5500无法对接Eth-trunk LACP-static模式相关推荐

  1. 交换机不配access口能通吗_h3c交换机和华为交换机配trunk口不通,配access口就可以...

    h3c是核心交换机,,华为是楼道交换机 h3c过去的口的配置 nterface GigabitEthernet3/0/4 port link-mode bridge description to 2q ...

  2. trunk口不通防火墙_为何S5700交换机通过trunk直连防火墙USG5500,都互相无法ping通...

    为何S5700交换机通过trunk直连防火墙USG5500,都互相无法ping通. FW1: # interface Vlanif10 ip address 10.10.10.2 255.255.25 ...

  3. telnet本机端口不通原因_【Academic】ssh端口转发实战复习 之 R

    所有[Academic]标记的文章都是工作学习过程中随手敲敲的技术相关的笔记/记录,欢迎有兴趣的大佬交流指正. 最近腿脚不方便,请了假在家办公.作为一个热爱工作的新青年我想在家连到公司的服务器,于是先 ...

  4. mysql 注入 绕过防火墙_绕过阿里云防火墙继续扫描探测和SQL注入

    前言 如今的互联网,WAF泛滥的年代,实在让我等脚本小子苦恼ing,尤其是阿里云服务器的自带防护,那不是一般的叫人牙疼,十个站8个站都是阿里云.... 最近遇到几个站都是阿里云的服务器,比如:泛微e- ...

  5. linux 关闭本地防火墙_如何使用Linux防火墙阻止本地欺骗地址

    linux 关闭本地防火墙 攻击者正在寻找复杂的方法来渗透受入侵检测和防御系统保护的远程网络. 没有IDS / IPS可以阻止或控制决心接管您的网络的黑客的攻击. 配置不当会使攻击者绕过所有已实施的网 ...

  6. trunk口_什么是Trunk?Trunk详解

    在二层交换机的性能参数中,常常提到一个重要的指标:Trunk,许多的二层交换机产品在介绍其性能时,都会提到能够支持TRUNK功能,从而可以为互连的交换机之间提供更好的传输性能.那到底什么是TRUNK呢 ...

  7. 交换机access和trunk口配置及应用

    交换机access和trunk口的配置 以下拓扑模拟一家公司同部门之间通过不同交换机接入,实现同部门可以互访不同部门之间隔离. 通过加入不同vlan,配置交换机接口实现,三台交换机配置如下. 交换机A ...

  8. Catlyst 6509告警信息--把trunk口配置成access

    Catlyst 6509告警信息--把trunk口配置成access. Catlyst 6509核心交换告警信息处理--把trunk口配置成access. 2008-12-28    (jj) 1.  ...

  9. trunk口_Trunk的概念与设置

    在二层交换机的性能参数中,常常提到一个重要的指标:TRUNK ,许多的二层交换机产品在介绍其性能时,都会提到能够支持TRUNK 功能,从而可以为互连的交换机之间提供更好的传输性能.那到底什么是TRUN ...

最新文章

  1. 【转载】你真的了解补码吗
  2. 查看mysql是否安装成功和mysql的版本信息
  3. [邻接表] 学习邻接表的表示方法+BFS
  4. C# if---else---练习题整理
  5. 路印zkRollup AMM将在月底启动流动性挖矿
  6. 重启手机出现机器人加一个叹号_印度科幻脑洞高能!《宝莱坞机器人2.0》内地定档...
  7. 深度学习 --- 受限玻尔兹曼机RBM(MCMC接受率详解)
  8. hibernate 多对多操作(级联操作)
  9. ByteBuf详解和Netty中的拆包粘包原理解析
  10. android 广播 源码,广播电台APP源代码 电台APP源代码 播客APP源代码 Android源代码...
  11. 量价交易——寻找妖股的底部结构
  12. 用计算机刻录光盘,笔记本电脑刻录光盘 手把手教你刻录光盘
  13. PDF如何免费转Word
  14. Reversible Data Hiding in Encrypted Images by Reversible Image Transformation
  15. Cannot add or update a child row: a foreign key constraint fails都有哪些原因
  16. 记一次Linux文件系统引发的项目启动错误(war包没有问题只有指定目录启动报错)
  17. 已嵌入微信公众号内的小图聊天机器人介绍和使用说明
  18. 使用Python实现QQ窗口抖动
  19. form表单—2种提交方式
  20. 新手上路,如何迅速搭建一套源码系统

热门文章

  1. WEB开发之JavaScript与jQuery够用即可-庞永旺-专题视频课程
  2. Glew 配置 win7 64位 注意
  3. 实验室(宿舍)上ipv6——设置普通路由器
  4. 如何使用Android studio实现扑克牌翻牌效果?
  5. Nacos + Gateway 实现动态刷新路由
  6. 倒计时 3 天 | 海豚调度对话 Apache ShenYu(Incubating)核心开发,揭秘玩转DataOps “绝杀技”...
  7. 全球猎头公司排名 2006
  8. 香港舞蹈家荣毅捷“回乡”办学记:民族的就是世界的
  9. goahead 用action方式实现动态页面
  10. 工地施工最靠谱的监测,系统扬尘预警监测解决方案