Access Ports are flapping and link-flap protection not working

Endy000000 · ‎12-15-2023

Hello,

I would like to implement Link Flap protection on our Cisco 9300 devices. For some reason the commands i have currently do not errdisable a flapping port.

Model: C9300-48U
Version: 17.09.03

show run interface GigabitEthernet3/0/2
Building configuration...

Current configuration : 300 bytes
!
interface GigabitEthernet3/0/2
switchport access vlan XXX
switchport mode access
switchport voice vlan XXX
device-tracking attach-policy IPDT_MAX_10
access-session port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
service-policy type control subscriber ISE-POLICY
end

show run | inc err
errdisable flap-setting cause link-flap max-flaps 3 time 1800
errdisable recovery cause pagp-flap

show errdisable flap-values
ErrDisable Reason Flaps Time (sec)
----------------- ------ ----------
pagp-flap 3 30
dtp-flap 3 30
link-flap 3 1800

show errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
arp-inspection Enabled port
bpduguard Enabled port
channel-misconfig Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
evpn-mh-core-isolation Enabled port
gbic-invalid Enabled port
iif-reg-failure Enabled port
inline-power Enabled port
invalid-policy Enabled port
l2ptguard Enabled port
link-flap Enabled port
link-monitor-failure Enabled port
loopback Enabled port
loopdetect Enabled port
lsgroup Enabled port
oam-remote-failure Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
sgacl_limitation:enforcem Enabled port
sgacl_limitation:multiple Enabled port
storm-control Enabled port
udld Enabled port
psp Enabled port
dual-active-recovery Enabled port
evc-lite input mapping fa Enabled port
vsl-and-non-vsl-port-pair Enabled port
fasthello-and-non-fasthel Enabled port
mvrp Enabled port
mrp-miscabling Enabled port

*Dec 15 2023 12:44:48.231 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 12:44:49.233 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 12:44:52.405 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 12:44:55.356 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 12:44:58.452 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 12:44:59.452 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 12:45:24.109 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 12:45:25.111 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 12:45:28.282 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 12:45:29.282 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 13:09:08.348 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 13:09:09.348 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 13:09:12.521 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 13:09:15.471 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 13:09:18.569 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 13:09:19.570 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 13:09:42.937 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 13:09:43.938 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to down
*Dec 15 2023 13:09:47.108 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 13:09:48.109 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/2, changed state to up
*Dec 15 2023 14:24:18.918 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/29, changed state to down
*Dec 15 2023 14:24:20.921 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/29, changed state to up
*Dec 15 2023 14:24:26.176 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/29, changed state to down
*Dec 15 2023 14:24:27.176 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/29, changed state to down

Reza Sharifi · ‎12-15-2023

Hi,

Can you add this command to your config and test it again:

errdisable detect cause link-flap

HTH

MHM Cisco World · ‎12-15-2023

I am interest how you test this setting' i.e. how you make link flapping.

MHM

Endy000000 · ‎12-15-2023

We have a ton of active ports in my environment. I dont have to go far to find more flapping ports. This flap might be from a damaged ethernet cable.

MHM Cisco World · ‎12-15-2023

As @Reza Sharifi mention enable errdisable for flap-link

MHM

Endy000000 · ‎12-15-2023

@Reza Sharifi and @MHM Cisco World
This is my current configuration. It's still not working.

show run all | include errdisable
errdisable detect cause loopdetect
errdisable detect cause loopback
errdisable detect cause gbic-invalid
errdisable detect cause sfp-config-mismatch
errdisable detect cause pagp-flap
errdisable detect cause dtp-flap
errdisable detect cause link-flap
errdisable detect cause l2ptguard
errdisable detect cause pppoe-ia-rate-limit
errdisable detect cause dhcp-rate-limit
errdisable detect cause arp-inspection
errdisable detect cause inline-power
errdisable detect cause all
errdisable flap-setting cause link-flap max-flaps 3 time 1800

MHM Cisco World · ‎12-15-2023

Can i see show interface status

MHM

Endy000000 · ‎12-15-2023

show interfaces gigabitEthernet 3/0/2 status

Port Name Status Vlan Duplex Speed Type
Gi3/0/2 connected 000 a-full a-1000 10/100/1000BaseTX

GigabitEthernet3/0/2 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is XXXX.XXXX.XXXX (bia XXXX.XXXX.XXXX)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:24, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 150365
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 19000 bits/sec, 24 packets/sec
18937062 packets input, 6079431128 bytes, 0 no buffer
Received 524222 broadcasts (494507 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 494507 multicast, 0 pause input
0 input packets with dribble condition detected
96307636 packets output, 21777552219 bytes, 0 underruns
Output 9779021 broadcasts (65166142 multicasts)
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

MHM Cisco World · ‎12-15-2023

Below command I need to see it output

Show interface status

MHM

Endy000000 · ‎12-15-2023

**Duplicated reply**

Endy000000 · ‎12-15-2023

Here you go @MHM Cisco World

MHM Cisco World · ‎12-15-2023

The port must go to errdisable since it flapping but I dont see any port with errdisable.

Then I see vlan 000 so I check you post you run MAB

I think this is bug check below

https://bst.cisco.com/bugsearch/bug/CSCus32281?rfs=qvlogin

MHM

Endy000000 · ‎12-18-2023

So this morning i noticed that 1 port out of 5 went errdisabled due to link flapping! So the command kinda works?

#######

#show interfaces status err-disabled
Port Name Status Reason Err-disabled Vlans

Gi3/0/3 err-disabled link-flap

#######
Dec 16 2023 10:00:19.385 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet5/0/3, changed state to down
Dec 16 2023 10:00:20.386 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/3, changed state to down
Dec 16 2023 10:00:22.202 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/39, changed state to down
Dec 16 2023 10:00:22.246 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/3, changed state to down
Dec 16 2023 10:00:22.923 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/30, changed state to down
Dec 16 2023 10:00:23.204 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/39, changed state to down
Dec 16 2023 10:00:23.925 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet4/0/30, changed state to down
Dec 16 2023 10:00:25.355 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/3, changed state to down
Dec 16 2023 10:00:25.605 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/3, changed state to up
Dec 16 2023 10:00:26.604 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet5/0/3, changed state to up
Dec 16 2023 10:00:27.648 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet5/0/3, changed state to down
Dec 16 2023 10:00:28.453 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/39, changed state to up
Dec 16 2023 10:00:28.650 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/3, changed state to down
Dec 16 2023 10:00:28.927 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet4/0/30, changed state to up
Dec 16 2023 10:00:29.453 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/39, changed state to up
Dec 16 2023 10:00:29.927 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/30, changed state to up
Dec 16 2023 10:00:29.989 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/3, changed state to down
Dec 16 2023 10:00:30.658 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/39, changed state to down
Dec 16 2023 10:00:30.990 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to down
Dec 16 2023 10:00:31.660 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/39, changed state to down
Dec 16 2023 10:00:31.675 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/3, changed state to up
Dec 16 2023 10:00:32.190 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/3, changed state to up
Dec 16 2023 10:00:32.674 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet5/0/3, changed state to up
Dec 16 2023 10:00:33.190 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/3, changed state to up
Dec 16 2023 10:00:34.633 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/39, changed state to up
Dec 16 2023 10:00:35.633 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/39, changed state to up
Dec 16 2023 10:00:36.227 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to up
Dec 16 2023 10:00:37.227 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/3, changed state to up
Dec 16 2023 10:00:38.153 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/30, changed state to down
Dec 16 2023 10:00:38.896 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/3, changed state to down
Dec 16 2023 10:00:39.156 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet4/0/30, changed state to down
Dec 16 2023 10:00:39.898 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to down
Dec 16 2023 10:00:41.613 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/3, changed state to down
Dec 16 2023 10:00:42.252 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet4/0/30, changed state to up
Dec 16 2023 10:00:42.614 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/3, changed state to down
Dec 16 2023 10:00:42.891 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to up
Dec 16 2023 10:00:43.254 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/30, changed state to up
Dec 16 2023 10:00:43.694 UTC: %PM-4-ERR_DISABLE: link-flap error detected on Gi3/0/3, putting Gi3/0/3 in err-disable state
Dec 16 2023 10:00:43.893 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/3, changed state to up

#######

#show run | inc err
errdisable flap-setting cause link-flap max-flaps 3 time 600

#######

#show run interface Gi3/0/3
Building configuration...

Current configuration : 300 bytes
!
interface GigabitEthernet3/0/3
switchport access vlan 814
switchport mode access
switchport voice vlan 1814
device-tracking attach-policy IPDT_MAX_10
access-session port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
service-policy type control subscriber ISE-POLICY
end

#show run interface Gi1/0/39
Building configuration...

Current configuration : 338 bytes
!
interface GigabitEthernet1/0/39
switchport access vlan 814
switchport mode access
switchport voice vlan 1814
device-tracking attach-policy IPDT_MAX_10
access-session port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
service-policy type control subscriber ISE-POLICY
end

#######

Any idea why out of 5 flapping ports, only 1 went into errdisabled?

MHM Cisco World · ‎12-18-2023

Did you check bug I share'

This how can I call it' it cosmetic bug' the port is not flapping in read but it appear to flapping when you auth via MAB.

The one that go to errdisable is real flapping.

MHM