Comware

Dear All,

 

Infrasructure:

Core Switch (Routing): 4 x A5500 configured in 1 IRF

Distribution Switch: 10 x A5120 configured in 3 IRF (4 nodes IRFA, 4 nodes IRFB, 2 nodes IRFC)

 

Until Friday every A5120 IRF had only 1GB Ethernet connection in every Bridge Aggregation to the core switch, I have upgraded the aggregations adding n.7 1GB connections. (4 connections on IRFA, 4 connection on IRFB, 2 connection on IRFC)

 

Now I have one problem: randomly computers lose the connection and the only way to go online is to change the physical port to one of the 2 other A5120 IRF.

 

I tried to:

1. Change port on same A5120 IRF member: NO CONNECTION
2. Change port on other A5120 IRF member: NO CONNECTION
3. Change port on different A5120 IRF: OK (but if you try turning back on last IRF: NO CONNECTION)
4. During my test I tried to set a static ip on the client and I’ve noticed that I can ping all the host on the same VLAN (on all the 3 IRF) but I can’t ping the default gateway VLAN Interface on the A5500 IRF  and the routing doesn’t work.

Thanks in advance.

On each of the cores, give us a

display link-aggregation verbose

Yesterday evening I have disabled 2 of the 4 ports of IRFA and IRFB but this morning at the opening about 30% of the client were offline, so I have left connected only 1 port and everything works fine, while IRFC at this time seems to work well also with 2 ports connected.

 

So those ports are showing as "U" because in fact they are currently disabled?

When you enable them, do they come up as "S"?

 

What about the port configs - do they all match? eg, speed/duplex, VLAN assignments, etc...?

Do you have any port-security configured on them?

You show the BAG config only for the core. what about tho config on the two stacks that have an issue? Eg, are they set as "static"?

1. yes, at the moment they are currently disable, I have enabled one and its state is changed in Status "S", Flag "ACDEF" 
2. Ports config is the same for all the ports of all bridge Aggregations:
   PVID: 1
   Flow Control: Disabled
   Link Type: Trunk
   MDI: Auto
   Speed: Auto (1000M)
   Duplex: Auto (Full)
   Max MAC Count: No Limit
   Jumbo Frame: Enabled
   Broadcast Suppression: 100%
   Multicast Suppression: 100%
   Unicast Suppression: 100%
   Power Save: Disabled
3. I've check all the ports and VLans tagged and untagged are correct.
4. I've not enabled any port security if the switch does not have one by default.
5. Bridge Aggregations are all "Dynamic".

Ok, so your link-ag appears properly formed. What firmware ver do you have on all 5500 & 5100s?

What I would be looking for is the mac addresses of the devices that can no longer see their default gw - where does the core think they are ?

Firware version are:
A5120 (all): 5.20 Release 2208P01, Bootrom v. 607
A5500: 5.20.99 Release 5101P01, Bootrom 112

 

If it can help, the first time that the problem appeared, I have located and deleted the mac record of one of the impacted pc both on the A5120 and A5500, but it didn't solved.

I try to recreate the problem with the minimum impact on the production environment and I'll send where the MAC is located by the switch.

WHat I was wondering is - for the PC that can't find its default GW, you say it can reach other devices on its subnet - does this include devices on the same switch as well as on different switches?

So the mac-address-table on the "lost" device would be interesting - where does it record the "lost" device's MAC address?

On the L3 switch, ditto - where does the MAC-address-table record the "lost" device's MAC address?

And on the L3 switch, does the ARP table have an entry for it?

Try using static aggregation?

 

You must also make sure that ALL your ports in the bridge aggregation have the same config as the bridge aggregation itself.

 

 

Also make sure to use latest available firmware. 2208P01 is somewhat old by now since 2221P04 being the latest.

 

By the way, since you use IRF - whats your IRF config on each box and is the IRF working perfectly?

Hi All,

 

For Vince-Whirlwind:
PC can reach other devices on its subnet on the same switch and on differents, but it can't ping the gateway and routing doesn't work.

Today I've replicated the problem and:

• On the A5500 IRF (core switch, routing):
  MAC Address of the pc is identified on the right VlanID and the port entry is the right A5120 IRF Bridge Aggregation. In the ARP table right VLanID and right port of the Bridge Aggregation.
• On the A5120 IRF:
   MAC Address is identified on the right VlanID and the port is the GigabitEthernet where it's attached.

For Vetoll
I've not tried to use static, but on a LACP aggregation it's not mandatory to use a Dynamic?
I've checked one by one all the ports and all the BAGG and the configurations matches

I want to specify that I have other bridge aggregations connected with the A5500 IRF: a C7000 Flex-10 aggregation, an A5820 IRF switches aggregation, a Procurve 2915 aggregation and they work without problems.

 

So, now I will try to recreate from scratch one BAGG between one of the A5120 IRF and the A5500 IRF, if it doesn't work I will open a case in HP and I will post the solution.