已解决: 请教交换机上报警环路的原因分析

jialingwang4038 · ‎11-06-2023

交换机上（级联口分别上联2台主备交换机）报警环路，，网络内也有丢包，图如下：

查看生成树发现，级联口状态一直变化，显示灯一会黄一会绿，gi0/1上联主交换机，gi0/2上联备交换机，

请教大神该问题如何解决，谢谢！！！

ilay · ‎11-15-2023

确认主交换机F0/17没其他东西哈，就是个hub？

在此基础上的调整

主交换机F0/17

int f0/17

switchport mode access

spanning-tree portfast

!

spanning-tree vlan 1-4094 priority 8192

备交换机

spanning-tree vlan 1-4094 priority 12288

!

可选的优化：

主、备交换机：（主备配置相同，但修改时两台设备之间的连接会中断）

int range g0/1 -2

channel-group 1 mode active

!

int po1

switchport mode trunk

!

在原帖中查看解决方案

ilay · ‎11-07-2023

感觉像是G0/1的链路不稳定，导致stp一直在震荡，g0/1,g0/2的状态一直在切换。

可以临时断掉G0/1的链路试试，然后再单独测试一下G0/1所用的链路，或者更换新的线缆

jialingwang4038 · ‎11-07-2023

根据您的建议，把gi0/2级联线断开后，链路就稳定了，原先的连接方式如图，是否连接方式错误导致环路？

ilay · ‎11-07-2023

是断掉了G0/2接口么？看log里面是G0/1接口的生成树状态一直在切换

连接方式应该没有问题，在传统的网络里面没有依赖stack或者vpc等技术单纯靠链路的冗余连接是必然存在环路的情况的。这种情况下在交换机生成树的作用下，会通过计算，逻辑阻塞掉某台设备上的一个端口，达到逻辑无环的状态。

正常的情况下会稳定在一个接口FWD，一个接口BLK的状态。

现在的状况是G0/1接口的状态一直在变，不稳定，这个像是Gi0/1连接上层交换机的这根线质量不太好，可能有松动，或者破损等等，可以直接用替换法来验证一下。（也可以先在主交换机上看看有没有接口up/down的记录）

如果是考虑配置上面的问题，需要将主备交换机、二层交换机，相关的接口配置，以及生成树的配置贴出来看看。

jialingwang4038 · ‎11-07-2023

图上标注错误了，左边是G0/2，右边是G0/1，

根据您的建议，Gi0/1连接上层交换机的这根线替换新的线，G0/1接口的状态也一直在变，不稳定，我将配置贴出来

二层交换机：

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree uplinkfast
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 5
ip ssh version 2
!
!
interface FastEthernet0/1
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/3
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/4
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/5
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/6
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/7
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/8
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/9
switchport mode access
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/10
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/11
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/12
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/13
description 8f-guitai
switchport mode access
switchport port-security violation restrict
speed 100
duplex full
mac access-group mac-n in
spanning-tree portfast
!
interface FastEthernet0/14
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/15
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/16
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/17
switchport mode access
switchport port-security violation restrict
speed 100
duplex full
mac access-group mac-SPJZ in
spanning-tree portfast
!
interface FastEthernet0/18
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/19
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/20
switchport mode access
switchport port-security violation restrict
speed 100
duplex full
mac access-group mac-fanyunhe in
spanning-tree portfast
!
interface FastEthernet0/21
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/22
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/23
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/24
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/25
switchport mode access
switchport port-security violation restrict
speed 100
duplex full
mac access-group mac-30.64 in
spanning-tree portfast
!
interface FastEthernet0/26
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/27
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/28
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/30
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/31
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/32
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/33
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/34
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/35
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/36
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/37
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/38
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/39
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/40
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/41
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/42
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/43
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/44
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/45
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/46
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/47
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/48
speed 100
duplex full
spanning-tree portfast
!
interface GigabitEthernet0/1
shutdown
spanning-tree cost 3019
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 172.16.30.4 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.30.1
ip http server
ip http secure-server

ilay · ‎11-08-2023

有两点疑问；

1.最初的那张图片上看stp的 cost都是3019，你贴的配置里面只有G0/1是设置了cost值的，G0/2接口是空配，是粘贴的时候漏掉了还是原始就没有这个配置，其他的接口cost也是3019这也很可疑 (故障的时候是存在G0/1抢占成为根端口的情况的，这就意味着站在二级交换机的角度上看，G0/1的链路更优，不然stp也不会震荡）

2. 主备交换机上的vlan20,vlan30分别是干什么用的？是无用的接口设置么？还是存在更上一层的设备？

===

可行的操作

1.如果2层交换机已经是最末端的设备了，可以将生成树的优先级调至最低 spanning-tree vlan 1-4094 priority 61440

2.建议将互联的接口手动设置为trunk模式，switchport mode trunk, 三台交换机有关联的接口都要设置，spanning-tree的cost暂时不确定有什么漏的东西，可以暂时不动

3.如果2层环境比图画的更大，建议梳理一下拓扑情况，明确环境内的根桥和次根桥的位置，然后逐级向下，检查生成树端口状态是否正常。

jialingwang4038 · ‎11-08-2023

您好：

1、贴的配置里面G0/1设置cost值我没有配置过，已经把这条删除了

2、已经将所有互联的接口手动设置为trunk模式，switchport mode trunk

3、主备交换机上的vlan20,vlan30是划出的区域给其他业务使用的。主备做冗余

4、2层交换机配置了spanning-tree vlan 1-4094 priority 61440

现在看日志还是不稳定：

ilay · ‎11-12-2023

你这个不对劲啊、你贴图的这一个优先级都设置成61440了，还能将自己识别成根桥。上层设备是不是压根没有生成树优先级的相关设置啊？梳理一下这个网段的二层环境及相关设备吧，然后在核心节点和备用核心节点上，将生成树优先级改小，保证生成树的根和次根在核心的设备上面

另外单独测试一下只接G0/1一条链路时候的情况。

---

N2_C9300# sh spanning-tree vlan 1 //正常情况下 root id的priority显示的是根桥的优先级，但是在你show的结果里面两个priority是一致的，也就是2960将自己作为根桥了

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 8193
Address 30e4.ac91.4140
Cost 5
Port 53 (TenGigabitEthernet1/1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address b8b3.75fe.c180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Tw1/0/25 Desg FWD 4 128.25 P2p Peer(STP)
Tw1/0/26 Desg FWD 4 128.26 P2p Peer(STP)
Tw1/0/27 Desg FWD 4 128.27 P2p Peer(STP)
Te1/1/1 Root FWD 5 128.53 P2p Peer(STP)
Te1/1/2 Altn BLK 5 128.54 P2p Peer(STP)
Ap1/0/1 Desg FWD 4 128.65 P2p

jialingwang4038 · ‎11-13-2023

是的，上级节点和备用节点上没有配置生成树优先级，是否要在上级节点配置优先级小于61440.备用节点优先级小于主节点？

ilay · ‎11-13-2023

没有配置也不对劲啊，交换机默认的优先级是32768，即便没有配置，也应该是上层设备有可能成为根桥啊。

先分别show一下spanning-tree的状态吧。贸然改配置有可能导致上层的链路出现次优

jialingwang4038 · ‎11-13-2023

G0/1断开情况下主交换机：

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 000c.d564.82cd
Cost 6046
Port 17 (FastEthernet0/17)
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 5835.d9dc.0180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/6 Desg FWD 19 128.6 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/12 Desg FWD 19 128.12 P2p
Fa0/14 Desg FWD 19 128.14 Shr
Fa0/15 Desg FWD 19 128.15 P2p
Fa0/16 Desg FWD 19 128.16 P2p
Fa0/17 Root FWD 19 128.17 P2p
Fa0/18 Desg FWD 19 128.18 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/21 Desg FWD 19 128.21 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/25 Desg FWD 19 128.25 P2p
Fa0/29 Desg FWD 19 128.29 P2p
Fa0/31 Desg FWD 19 128.31 P2p
Fa0/33 Desg FWD 19 128.33 P2p
Fa0/39 Desg FWD 19 128.39 P2p
Gi0/1 Desg FWD 4 128.49 P2p
Gi0/2 Desg FWD 4 128.50 P2p

VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 32788
Address 5835.d9dc.0180
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 5835.d9dc.0180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/39 Desg FWD 19 128.39 P2p
Fa0/42 Desg FWD 19 128.42 P2p
Fa0/43 Desg FWD 19 128.43 P2p
Gi0/1 Desg FWD 4 128.49 P2p
Gi0/2 Desg FWD 4 128.50 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32788
Address 5835.d9dc.0180
Cost 23
Port 49 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5835.d9dc.0180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/39 Desg FWD 19 128.39 P2p
Gi0/1 Root FWD 4 128.49 P2p
Gi0/2 Altn BLK 4 128.50 P2p

备机：

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 000c.d564.82cd
Cost 6050
Port 49 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 2037.066e.cf80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/12 Desg FWD 19 128.12 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/21 Desg FWD 19 128.21 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/25 Desg FWD 19 128.25 P2p
Fa0/27 Desg FWD 19 128.27 P2p
Fa0/29 Desg FWD 19 128.29 P2p
Fa0/37 Desg FWD 19 128.37 P2p
Gi0/1 Root FWD 4 128.49 P2p
Gi0/2 Altn BLK 4 128.50 P2p

VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32788
Address 5835.d9dc.0180
Cost 19
Port 43 (FastEthernet0/43)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 2037.066e.cf80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/41 Desg FWD 19 128.41 P2p
Fa0/43 Root FWD 19 128.43 P2p
Gi0/1 Desg FWD 4 128.49 P2p
Gi0/2 Desg FWD 4 128.50 P2p

二级：

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 000c.d564.82cd
Cost 6065
Port 50 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec

Bridge ID Priority 61441 (priority 61440 sys-id-ext 1)
Address 2037.06fc.3400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/37 Desg FWD 19 128.37 P2p Edge
Gi0/2 Root FWD 19 128.50 P2p

jialingwang4038 · ‎11-13-2023

Bridge ID Priority分别为32769，32769， 61441 ，好像没问题~

ilay · ‎11-14-2023

看下主交换机F0/17接的什么？另外vlan1 的cost值也不对劲

备交换机的G0/1，G0/2接口分别接的哪里？其中一个是BLK的状态，应该是跟某一台设备接出环来了

jialingwang4038 · ‎11-14-2023

主交换机F0/17接几个电脑终端，通过小HUB

备交换机的G0/1接主交换机的G0/1，备交换机的G0/2接主交换机的G0/2，光纤级联

ilay · ‎11-15-2023