Catalyst 9000交换机中的未知协议丢弃故障排除

简介

本文档介绍Catalyst 9000系列交换机中未知协议丢弃的常见原因。

先决条件

要求

Cisco 建议您了解以下主题：

• 动态中继协议 (DTP)
• 链路层发现协议(LLDP)
• Cisco 发现协议 (CDP)
• 封装802.1Q

使用的组件

本文档中的信息基于以下软件和硬件版本：

• Catalyst 9000 系列交换机
• 思科IOS® XE

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

背景信息

当无法识别帧的ethertype时，会发生未知协议丢弃，这意味着交换机接口不支持或未配置封装协议。此外，帧的目的MAC地址必须是组播控制平面地址，此命令中列出了该地址。

Switch#show mac address-table | include CPU
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    0180.c200.0021    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU

注意：广播目标MAC地址时，未知协议丢弃不会增加。

故障排除

步骤1.确保未知协议丢弃增加。

Switch#show interface ten1/0/5 | include protocol
TenGigabitEthernet1/0/5 is up, line protocol is up (connected) 
     85 unknown protocol drops

Switch#show interface ten1/0/5 | include protocol
TenGigabitEthernet1/0/5 is up, line protocol is up (connected) 
     90 unknown protocol drops

步骤2.在受影响的接口中配置数据包捕获并匹配以01开头的目的MAC地址。

Switch#monitor capture port5 interface ten1/0/5 in 
Switch#monitor capture port5 match mac any 0100.0000.0000 00ff.ffff.ffff
Switch#monitor capture port5 buffer size 100 

步骤3.开始数据包捕获并检查unknown-protocol-drops计数器。

Switch#monitor capture port5 start
Started capture point : port5

Switch#show interface ten1/0/5 | include protocol
TenGigabitEthernet1/0/5 is up, line protocol is up (connected) 
     541 unknown protocol drops

步骤4.在几次未知协议丢弃后停止数据包捕获。

Switch#show interface ten1/0/5 | include protocol
TenGigabitEthernet1/0/5 is up, line protocol is up (connected) 
     544 unknown protocol drops

Switch#monitor capture port5 stop
Capture statistics collected at software:
        Capture duration - 68 seconds
        Packets received - 38
        Packets dropped - 0
        Packets oversized - 0

Bytes dropped in asic - 0

Capture buffer will exists till exported or cleared

Stopped capture point : port5

步骤5.导出数据包捕获内容。

Switch#monitor capture port5 export location flash:drops.pcap
Export Started Successfully

Switch#
Export completed for capture point port5

步骤6.将数据包捕获传输到您的计算机。

Switch#copy flash: ftp: vrf Mgmt-vrf
Source filename [drops.pcap]? 
Address or name of remote host []? 10.10.10.254
Destination filename [drops.pcap]? 
Writing drops.pcap !
4024 bytes copied in 0.026 secs (154769 bytes/sec)

步骤7.在Wireshark中打开数据包捕获并使用此过滤器(eth.dst包含0100.0ccc.cc || eth.dst包含0180.c200.00),以关注CPU组播地址。

步骤8.转到Statistics，然后单击Protocol Hierarchy。

步骤9.展开协议树并检验交换机接口是否已针对这些协议进行配置。标记为Data的任何内容都会导致未知协议丢弃，因为ethertype未知。

步骤10.右键单击Data，导航到Apply as Filter，然后单击Selected以过滤未知协议帧。

步骤11.返回Wireshark的主窗口，确定未知协议的源MAC地址和以太网类型。

在这种情况下，源MAC地址CAFE.CAFE.CAFE导致未知协议丢弃，因为ethertype 0x4343不受支持。

常见问题

本部分的示例基于此网络拓扑图。

动态中继协议 (DTP)

如果在禁用DTP的端口上收到DTP消息，则可能导致未知协议丢弃。您可以在接口配置模式下使用命令no switchport nonegotiate启用DTP。

C9500-1#show running-config interface Twe1/0/1        
interface TwentyFiveGigE1/0/1
 description C9300
 switchport mode trunk
end 

C9300#show running-config interface Gi1/0/1
interface GigabitEthernet1/0/1
 description C9500-1
 switchport mode trunk
 switchport nonegotiate
end

C9300#show interface gi1/0/1 | include unknown
     350 unknown protocol drops 

链路层发现协议(LLDP)

如果在禁用LLDP的端口上收到LLDP消息，则这些消息还会导致未知协议丢弃。您可以在全局配置模式下使用lldp run命令启用LLDP。

C9500-1#show lldp
Global LLDP Information:
    Status: ACTIVE
    LLDP advertisements are sent every 30 seconds
    LLDP hold time advertised is 120 seconds
    LLDP interface reinitialisation delay is 2 seconds 

C9300#show lldp
% LLDP is not enabled

C9300#show interface gi1/0/1 | include unknown
     423 unknown protocol drops 

Cisco 发现协议 (CDP)

同样，如果在禁用CDP的端口上收到CDP消息，则未知协议丢弃可能会增加。您可以在全局配置模式下使用cdp run命令启用CDP。

C9500-1#show cdp 
Global CDP information:
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        Sending CDPv2 advertisements is  enabled 

C9300#show cdp
% CDP is not enabled

C9300#show interface gi1/0/1 | include unknown
     434 unknown protocol drops 

802.1Q报头中的全零VLAN标识符

Catalyst 9000系列交换机在接入端口上收到VLAN ID为0的802.1Q帧时，也会丢弃这些帧。但是，这些数据包不会增加未知协议丢弃计数器。在本例中，让我们调查为什么Catalyst 9500交换机不能获得主机192.168.4.22的ARP条目。

C9500-1#ping 192.168.4.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.22, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

C9500-1#show ip arp vlan 4
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.4.1             -   ecc0.18a4.b1bf  ARPA   Vlan4
C9500-1#

C9500-1#show running-config interface Twe1/0/5
interface TwentyFiveGigE1/0/5
 switchport access vlan 4
 switchport mode access
 load-interval 30
end

步骤1.在连接到终端设备的接口中开始数据包捕获。

C9500-1#show monitor capture TAC parameter
   monitor capture TAC interface TwentyFiveGigE1/0/5 both
   monitor capture TAC match any
   monitor capture TAC buffer size 100 circular
   monitor capture TAC limit pps 1000

C9500-1#monitor capture TAC start
Started capture point : TAC

步骤2.尝试ping终端设备以生成一些ARP流量。

C9500-1#ping 192.168.4.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.22, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

步骤3.停止数据包捕获。

C9500-1#monitor capture TAC stop
Capture statistics collected at software:
        Capture duration - 35 seconds
        Packets received - 28
        Packets dropped - 0
        Packets oversized - 0

Bytes dropped in asic - 0

Capture buffer will exists till exported or cleared

Stopped capture point : TAC

步骤4.注意终端设备正在发送ARP应答，在本例中是帧17。

C9500-1#show monitor capture TAC buff brief | include ARP
   15  19.402191 ec:c0:18:a4:b1:bf b^F^R ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.4.22? Tell 192.168.4.1
   17  21.347022 fe:af:ea:fe:af:ea b^F^R ec:c0:18:a4:b1:bf ARP 60 192.168.4.22 is at fe:af:ea:fe:af:ea

步骤5.注意ARP应答使用VLAN ID 0封装在802.1Q报头中。

C9500-1#show monitor capture TAC buff detailed | begin Frame 17
Frame 17: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
<output omitted>
Ethernet II, Src: fe:af:ea:fe:af:ea (fe:af:ea:fe:af:ea), Dst: ec:c0:18:a4:b1:bf (ec:c0:18:a4:b1:bf)
    Destination: ec:c0:18:a4:b1:bf (ec:c0:18:a4:b1:bf)
        Address: ec:c0:18:a4:b1:bf (ec:c0:18:a4:b1:bf)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: fe:af:ea:fe:af:ea (fe:af:ea:fe:af:ea)
        Address: fe:af:ea:fe:af:ea (fe:af:ea:fe:af:ea)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 0
    000. .... .... .... = Priority: Best Effort (default) (0)
    ...0 .... .... .... = DEI: Ineligible
    .... 0000 0000 0000 = ID: 0
    Type: ARP (0x0806)
    Padding: 0000000000000000000000000000
Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: fe:af:ea:fe:af:ea (fe:af:ea:fe:af:ea)
    Sender IP address: 192.168.4.22
    Target MAC address: ec:c0:18:a4:b1:bf (ec:c0:18:a4:b1:bf)
    Target IP address: 192.168.4.1

步骤6.导出数据包捕获内容。

C9500-1#monitor capture TAC export location flash:ARP.pcap
Export Started Successfully

步骤7.使用Packet Tracer工具确定交换机对Packet 17执行的操作。

C9500-1#show platform hardware fed active forward interface Twe1/0/5 pcap flash:ARP.pcap number 17 data
Show forward is running in the background. After completion, syslog will be generated.

C9500-1#
*Sep 29 17:45:29.091: %SHFWD-6-PACKET_TRACE_DONE: R0/0: fed: Packet Trace Complete:  Execute (show platform hardware fed switch <> forward last summary|detail)
*Sep 29 17:45:29.091: %SHFWD-6-PACKET_TRACE_FLOW_ID: R0/0: fed: Packet Trace Flow id is 6881284

步骤8.显示Packet Tracer结果。

C9500-1#show platform hardware fed active forward last summary 
Input Packet Details:
###[ Ethernet ]###
  dst       = ec:c0:18:a4:b1:bf
  src=fe:af:ea:fe:af:ea
  type      = 0x8100
###[ 802.1Q ]###
     prio      = 0
     id        = 0
     vlan      = 0
     type      = 0x806
###[ ARP ]###
        hwtype    = 0x1
        ptype     = 0x800
        hwlen     = 6
        plen      = 4
        op        = is-at
        hwsrc=fe:af:ea:fe:af:ea
        psrc=192.168.4.22
        hwdst     = ec:c0:18:a4:b1:bf
        pdst      = 192.168.4.1
###[ Padding ]###
           load      = '00 00 00 00 00 00 00 00 00 00 00 00 00 00'
<output omitted>
Packet DROPPED
 Catch-all for phf.finalFdPresent==1.

注意：数据包被丢弃，因为它包含VLAN ID 0。

有两种方法可以防止此类丢弃。

选项 1：使用命令switchport voice vlan dot1p。这样，通过vlan 0接收的帧将分配给接入vlan。

interface TwentyFiveGigE1/0/5
 switchport access vlan 4
 switchport mode access
 switchport voice vlan dot1p
 load-interval 30

选项 2：将接口配置为中继端口。这样，通过vlan 0接收的帧将分配给本征vlan。

interface TwentyFiveGigE1/0/5
 switchport trunk native vlan 4
 switchport mode trunk
 load-interval 30
end

注意：这在Profinet设备上很常见。

相关问题

• 有关详细信息，请参阅Cisco Bug ID CSCwe8812。
  
  

相关资料

• VLAN 0优先级标记支持