Ранее писал о сложностях редактирования портов, включенных в etherchannel. Столкнулся с аналогичными проблемами при добавлении команды ip arp inspection trust
Чтобы не рисковать, необходимо провести эксперимент на другом коммутаторе.
Получается, что DAI так же неудачно редактируется, но чуть лучше чем список vlan-ов на транках в etherchannel. Простой будет в любом случае, но в зависимости от последовательности редактирования результат будет немного отличаться.
Хорошо еще при включении ip dhcp snooping trust подобного не случается.
16:54:05.542: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:interface GigabitEthernet2/0/1Таким образом, связи не было с 16:54:21 до 16:55:23, то есть практически минуту. Я опасался, что она вообще не появится. Между тем, в логический интерфейс автоматически добавилась нужная команда:
16:54:09.149: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:ip dhcp snooping trust
16:54:10.172: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down
16:54:13.545: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:ip arp inspection trust
16:54:13.552: %EC-5-CANNOT_BUNDLE2: Gi2/0/1 is not compatible with Gi1/0/4 and will be suspended (DAI state of Gi2/0/1 is Trusted, Gi1/0/4 is Untrusted) (ST-3-1-2)
16:54:17.991: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:interface GigabitEthernet1/0/4
16:54:20.205: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:ip arp inspection trust
16:54:21.178: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to down
16:54:21.187: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
16:54:20.255: %EC-5-COMPATIBLE: Gi2/0/1 is compatible with port-channel members (ST-3-1-2)
16:54:22.202: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
16:55:21.292: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to up
16:55:22.265: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
16:55:23.121: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to up
16:55:23.272: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
switch#sh run int Po1
Building configuration...
Current configuration : 117 bytes
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
ip arp inspection trust
end
Чтобы не рисковать, необходимо провести эксперимент на другом коммутаторе.
switch#sh run int po1Один из портов заблокирован. Есть идея залить нужную конфигурацию по tftp. Создается файл dai и выкладывается на tftp-сервер:
Building configuration...
Current configuration : 92 bytes
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
end
switch#sh run int Gig 1/0/1
Building configuration...
Current configuration : 147 bytes
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
end
switch#sh run int Gig 3/0/1
Building configuration...
Current configuration : 128 bytes
!
interface GigabitEthernet3/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
end
switch#sh etherchannel summ
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi1/0/1(P) Gi3/0/1(P)
switch#ter mon
switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#interface GigabitEthernet3/0/1
switch(config-if)#
Feb 26 10:56:23: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:interface GigabitEthernet3/0/1 ip arp insp tr
switch(config-if)#
Feb 26 10:56:38: %PARSER-5-CFGLOG_LOGGEDCMD: User:vit logged command:ip arp inspection trust
Feb 26 10:56:38: %EC-5-CANNOT_BUNDLE2: Gi3/0/1 is not compatible with Gi1/0/1 and will be suspended (DAI state of Gi3/0/1 is Trusted, Gi1/0/1 is Untrusted) (switch-3)
Feb 26 10:56:38: %EC-5-CANNOT_BUNDLE2: Gi3/0/1 is not compatible with Gi1/0/1 and will be suspended (DAI state of Gi3/0/1 is Trusted, Gi1/0/1 is Untrusted) (switch-3)
Feb 26 10:56:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/1, changed state to down
switch(config-if)#^Z
switch#sh etherchannel summ
Feb 26 10:56:53: %SYS-5-CONFIG_I: Configured from console by vit on vty0
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi1/0/1(P) Gi3/0/1(s)
switch#
interface Port-channel1Далее заливаем и наблюдаем.
ip arp inspection trust
interface GigabitEthernet1/0/1
ip arp inspection trust
interface GigabitEthernet3/0/1
ip arp inspection trust
switch#copy tftp://10.0.0.100/dai running-configПростой все равно случился и он составил 11:05:40 - 11:05:48 восемь секунд.
Destination filename [running-config]?
Accessing tftp://10.0.0.100/dai...
Loading dai from 10.0.0.100 (via Vlan1): !
[OK - 164 bytes]
164 bytes copied in 0.184 secs (891 bytes/sec)
switch#
11:05:39: %PARSER-4-BADCFG: Unexpected end of configuration file.
11:05:39: %SYS-5-CONFIG_I: Configured from tftp://10.0.0.100/dai by vit on vty0
11:05:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
11:05:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
11:05:39: %EC-5-COMPATIBLE: Gi3/0/1 is compatible with port-channel members (switch-3)
11:05:41: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
11:05:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/1, changed state to up
11:05:47: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
11:05:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
11:06:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
Получается, что DAI так же неудачно редактируется, но чуть лучше чем список vlan-ов на транках в etherchannel. Простой будет в любом случае, но в зависимости от последовательности редактирования результат будет немного отличаться.
Хорошо еще при включении ip dhcp snooping trust подобного не случается.