ā03-04-2020 08:59 AM
we are using x440g2 switches connected to a vsp8600 and nac to assing dynamic vlans with isid to connected clients. this works most of the time except for our deployment net which is used to install new clients.
the deployment vlan switches from active to pending in āshow fabric attach assignmentsā. the uplink-port on the x440g2 is still tagged with the vlan but the uplink-port on the vsp loses its vlan assignment. this happens only with the deployment vlan, every other vlan works as expected.
to repair the problem temporarily i execute āconf deployment add nsi 13621ā on the x440g2 and the vlan gets active again. this only helps for a short time though.
what could be the reason for this? is there a way to debug the assignment problem any further? i donāt see anything about that vlan in the logs unfortunately. maybe this is only a timeout issue?
ā03-05-2020 03:04 PM
thanks for the further information. the binding on the vsp is not there. āshow fa assignmentā on the vsp doesnāt show the vlan id on the corresponding ports, which btw. is part of an smlt.
this is the output of āshow lldp ports 51 neighbors detail:
LLDP Port 51 detected 1 neighbor
Neighbor: B4:2D:56:9D:30:00/3/14, age 11 seconds
- Chassis ID type: MAC address (4)
Chassis ID : B4:2D:56:9D:30:00
- Port ID type: ifName (5)
Port ID : "3/14"
- Time To Live: 120 seconds
- System Name: "karo"
- System Description: "VSP-8608 (6.3.3.0)"
- System Capabilities : "Bridge, Router"
Enabled Capabilities: "Bridge, Router"
- Management Address Subtype: IPv4 (1)
Management Address : 172.28.12.5
Interface Number Subtype : Unknown (1)
Interface Number : 0
Object ID String : "null"
- Port Description: "Extreme Networks Virtual Services Platform 8608 Mod\
ule 8624XS - 10GbSR Port 3/14"
- Avaya/Extreme Fabric Attach element
Element Type : 4
State : 8
Management Vlan: 0
SystemId : 00:00:00:00:00:12
Link Info : 30-32-00-32- Extreme Fabric Attach NSI(I-SID)/VLAN map
Status VlanID NSI(I-SID)
------ ------ --------
2 5 10005
2 416 10416
2 811 10811
2 1416 11416
2 2416 12416
2 3620 13620
2 3621 13621
the vlan 3621 is there. iāll try it again when the vlan drops to see if this changed. is there a way to check the lldp tlv on the vsp for this port (3/14)?
ā03-05-2020 02:49 PM
There is bug there somewhere. So maybe you should open a ticket with our GTAC.
When it happens check āshow fa assignments
ā on the VSP side. If the binding is seen there, then it means the XOS switch is indeed sending FA signalling to the VSP; note the state of the binding on the VSP side. In this case it might indicate a problem on the VSP side, depending on the status of binding.
If the VSP has no binding, than this means that the XOS switch is no longer sending the FA assignment TLV in its LLDP messages. So this is then an XOS problem.
You can see the FA TLV decode on the XOS side with show lldp ports <port> neighbors detailed
Unfortunately the decode is not shown on the VSP side with lldp show commands. You would have to mirror the port to Wireshark and capture the LLDP packets.
We do now support static bindings on VSP FA ports, since 8.1.1.0:
8.1.1.0 SW Fabric Attach and Flex UNI Enhancements: FA and Flex UNI are now supported on the same port/MLT/LAG; dynamic FA bindings and Switched-UNI end-points are now supported on the same interface
Ah, but that is VOSS VSPs, not on the VSP8600...for nowā¦
Anyway this would only be useful if it was a problem on the VSPs side.
ā03-05-2020 10:47 AM
while true; do
sleep 5;
date;
if [ $(ssh sw420 sh fabric attach assignment | grep deployment | tr -s " " | cut -f 6 -d " ") == "Pending" ]; then
echo "pending: fixing";
ssh sw420 "conf deployment add nsi 13621";
sleep 20;
else
echo active;
fi;
done
My workaround š
is there maybe a way to use fa on the uplink port of the vsp but still assigning vlans manually? as far as i know i canāt assign vlans to a port that is fa enabled.
ā03-04-2020 03:48 PM
we are using version 30.5.1.15. The problem was the same with version 30.4.1.2.
i can only imagine that the switch unassigns the vlan because no port in that vlan is active. i tried to give the vlan an ip on the switch itself, so that one interface is always active, but that didnāt help either. how can i check the lldp packages? is there a special command to check the contents of the lldp packages or do i need to sniff them via port mirror and wireshark?