cisco network Trouble Shooting-ksitigarbha
FIREWALLNo.1
Challenge
NGFW-unit1# sh cluster info
Clustering is not enabled
NGFW-unit1(cfg-cluster)# enable noconfirm
NGFW-unit1(cfg-cluster)# Local Unit is about to join into cluster, all current management connections to the unit will be torn down.
将asa做了cluster,可是cluster
Solution
将asa with firepower 做了cluster,但是cluster control没有按照最佳时间port channel连接到交换机上,而是asa间互联,这样其中之一的asa重启了,那么portchannel无法维持,cluster control down了直接自己把自己踢出出去了
按照最佳实践接到可靠的堆叠交换机,保证任何时候cluster control都在。。。
More Information
No.2
Challenge
为firepower引导流量,配置如下,未果。。。
access-list sfr_redirect extended permit ip any any
class-map sfr_redirect
match access-list sfr_redirect
policy-map global_policy
class sfr_redirect
sfr fail-open monitor-only
Solution
More Information
NEXUS switch
No.1
Challenge
*Apr 14 03:12:14.990: %SW_VLAN-4-VTP_USER_NOTIFICATION: VTP protocol user notification: MD5 digest checksum mismatch on receipt of equal revision summary on trunk: Gi1/0/24
*** MD5 digest checksum mismatch on trunk: Gi1/0/23 ***
*** MD5 digest checksum mismatch on trunk: Gi1/0/24 ***
*** MD5 digest checksum mismatch on trunk: Po9 ***
Solution
一堆nexus7010配置了vpc peerswitch 通过vpc下联接入交换机 vtp version 2 结果进入交换机没有获得nexus传来的vlan 还报错如上,经查nexus VTP配置修订版本号 为全网最低 1 所以型号接入交换机空配置,要是有vlan可能会把nexus的直接覆盖了
修正nexus的VTP配置修订版本号无法使用命令行,添加或删除vlan会自动变更VTP配置修订版本号
More Information
VTP配置修订版本号问题
http://easycisco.blog.163.com/blog/static/176312238201011132504989/
VLAN Trunk协议(VTP)故障排除
http://www.cisco.com/c/zh_cn/support/docs/lan-switching/vtp/98155-tshoot-vlan.html#topic9
Error: MD5 digest checksum mismatch on trunk:
https://learningnetwork.cisco.com/thread/21771
页:
[1]