switch summit-x670 shutdown when I removed 3 ports from the default vlan tag 1

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
switch summit-x670 shutdown when I removed 3 ports from the default vlan tag 1. I had to do a hard reset to bring it back online. Does anyone know what could have happened?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Hello Akin,

Were you connected via console or telnet? Is there anything in the logs around the time you lost connectivity?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Hi Patrick. Thank you for your time. I was connected via ssh. 
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
I found many of this error in the log: <Erro:STP.InBPDU.Drop> Port=2: No associated STP port for STP Domain tag 0 (Rate-limited)
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
When you lost connectivity, did you try to console into it before rebooting? Our switches don't shut down unless the power is pulled. Were there indicator lights on the switch when you went to reset it?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Could you go into a little bit more detail about the "shutdown" state....
could it be that the ssh connection was running via that port and you only lost the mgmt link ?
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
This is a good theory. Rebooting the switch would of reverted it back to the state where the ports were still added into the default VLAN, therefore restoring connectivity.
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
the ports i removed from the Default vlan, say 1,2,3 are masters in different lacp sharing group. I did not just lose connection via ssh... all servers connected to the switch, including the distribution switch it is uplinked to also did because those ports are tagged in different vlan. What I mean by "shutdown" is that connections were lost to the entire switch as soon as i effected this change << "configure vlan "Default" delete ports 1,2,3 >> 
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
And yes, I did reboot with the last saved config and everything is back to normal. However, these ports are also back in the "Default" vlan. I was going to console in first but realized the servers connected to it have to be up 24/7. Rebooting was the fastest approach at the time.
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Is this a full extreme network? if so can you provide us with the following:

"show edp ports all"
"show sharing"
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
No, the network is not a full extreme network. But the switch is uplinked to an extreme switch, which is the distribution switch. I see no output with the "show edp ports all" command". Here is the out put from "show sharing". So in this case, for example, i removed port 1 from the "Default" vlan.
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Is port 1 the path traffic would take to get to this switch?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
No. traffic would take port 3 to get to the switch. ports 3 (master) and 4 are in one lacp group as well. So i did move port 3 from the "Default" vlan as I did port 1. Thank you for your time.
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Can you provide us with a "show vlan"? and a "show port 3 info detail"?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Unfortunately I cannot post those information for security reasons. What would you like to know about port 3?
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,404 Points 2k badge 2x thumb
You could probably fade or cut private information, because you want us to help you find bugs in your config. Or ele you should reach the guy who wrote the original config
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Akin,

Not sure if I understood correctly, but let's say you have the following:

LACP 1 - Ports 1, 5
LACP 2 - Ports 2, 6
LACP 3 - Ports 3, 4

And you have ports 1, 2 and 3 added to vlan "default".

If you do "configure vlan default delete ports 1,2,3", then all 6 ports will be removed from vlan "default". Also if those ports are used as uplinks to reach this switch, you will "isolate" the switch.

When you add/remove a LAG master port to/from a vlan, that action will happen to all ports in the LAG.
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Hi Henrique, you are right with the scenario and I agree all six ports would be removed from the Default vlan. However, I do not understand why this change would affect traffic from other vlans on those links. I was connected to, say vlan 599 via ssh before I was shut out. Also, different servers in various vlans were disconnected as well. What is weird to me is that I have had to remove ports from Default vlan before with no issues, even LAG ports. 
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
The Default vlan (tag 1) only has ports 1,2,3 added untagged.
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
The IP address you are using to gain access through SSH. What VLAN is that on?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
I was connected to, say vlan 599 via ssh before I was shut out. Also, different servers in various vlans were disconnected as well. The Default vlan (tag 1) only has ports 1,2,3 added untagged. What is weird to me is that I have had to remove ports from Default vlan before with no issues, even LAG ports. 
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
I believe there is something we are missing here. Without seeing the configuration and VLAN information it may be hard to come to a conclusion. I would recommend reaching out to GTAC where your issue can be investigated privately. If you do open a ticket please make sure you attach a "show tech" to it so it can be evaluated.
Photo of EtherMAN

EtherMAN, Embassador

  • 6,456 Points 5k badge 2x thumb
Akin if you can't share complete configs even a show vlan default would give this group more insight as to if anything was configured on the default vlan that would have caused this problem.  Also another great command to use after a problem where the gear locks up is show debug system-dump which will display a error log file if indeed a software/hardware problem caused the system to lock up 
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Here is the "show vlan default" output 

and the "show debug system-dump gave this "No core dump information found on Switch". Thank you for your time.
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
I agree with Patrick, this issue needs further investigation and a GTAC case would be the best option here.
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hello Akin, did you have a chance to open a GTAC case? 
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Hi Henrique, yes I did. The agent I spoke with confirmed the command I used, and mentioned it shouldn't have cause any problem given the configs on the switch. He was going to look into it further but he had to close the case because he realized my company's support had expired a month ago. I will have to wait for support to be renewed before I can open the case again. Thank you for asking for updates on this.

However, I do have a question: Is it bad that I removed those ports from Default vlan while they were actively passing traffic? This baffles me because I have had to always to this with no issues.
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Akin, you can remove any port from any vlan when passing traffic. You should not experience any issue (traffic will stop for the vlan you removed the port, of course).
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Hello Akin,

Anyway you can provide the case#?
Photo of Akin

Akin

  • 182 Points 100 badge 2x thumb
Hi Patrick, here is the case number: 01245063. I spoke with Ash Curtis.
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,404 Points 2k badge 2x thumb
Maybe, you should try to remove vlan from one port at a time, not all 3 at once?
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,484 Points 10k badge 2x thumb
Hello Akin,

Can you reply all to the case e-mail with a "show tech" so it can be reviewed? I think it would be good to get a second pair of eyes.