Header Only - DO NOT REMOVE - Extreme Networks

Port Admin Status displays as "D-Down"


Userlevel 3
Article ID: 11392

Products
SecureStack C3, firmware 1.02.01.0004 and higher
SecureStack C2, firmware 5.02.01.0006 and higher
SecureStack B3, firmware 1.02.01.0004 and higher
SecureStack B2, firmware 4.02.01.0006 and higher
G-Series, firmware 1.02.00.0043 and higher

Changes
Enabled and configured the DHCP Snooping feature ('
code:
set dhcpsnooping...
').

Symptoms
Port link is down.
Port is not passing traffic.
The output of a '
code:
show port status
' command displays the port's
code:
Admin Status
as "
code:
D-Down
".

For example:
B3(su)->show port status ge.1.1
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.1 Down D-Down N/A N/A BaseT RJ45/PoE[/code]
The
code:
ifAdminStatus
mib returns value of "
code:
testing
": Object ifAdminStatus
OID 1.3.6.1.2.1.2.2.1.7
Type INTEGER
Permission read-write
Status current
Values

1 : up
2 : down
3 : testing

Description "The desired state of the interface. The testing(3) state
indicates that no operational packets can be passed. When a
managed system initializes, all interfaces start with
ifAdminStatus in the down(2) state. As a result of either
explicit management action or per configuration information
retained by the managed system, ifAdminStatus is then
changed to either the up(1) or testing(3) states (or remains
in the down(2) state)."[/code]
Cause
DHCP Snooping's Rate Limiting behavior examines each untrusted port for received DHCP packets exceeding a configurable rate per burst interval (by default, 15 packets per second). If the receive rate exceeds the limit, DHCP Snooping brings down the port, and its
code:
Admin Status
is then described as "
code:
D-Down
" to indicate why the port is in an administratively "down" state, and the
code:
ifAdminStatus
mib reflects the fact that packets are not flowing.

Solution/Workaround
Examine your DHCP Snooping setup to determine whether or not the action that has been taken is valid, then take any corrective action that is warranted.

If this port is giving network access to a valid DHCP server, designate it as a trusted port ('set dhcpsnooping trust port <port_string> enable').
If this port is giving network access to a rogue DHCP server, remove/disable the server.
To re-enable the port as desired, use the command 'set port enable <port_string>'.

For more about the DHCP Snooping feature, please refer to the Configuration Guide or CLI Reference Guide for your product and firmware version.

See also: 12008.

0 replies

Be the first to reply!

Reply