为什么 Vwire 对的一个接口显示 "向下电源"?
48957
Created On 04/07/19 13:07 PM - Last Modified 03/26/21 17:35 PM
Question
为什么虚拟线对的一个接口显示断电?
> show interface all
<snip>
ethernet1/5 20 ukn/ukn/down(power-down) 00:1b:17:6b:e0:14
<snip>Environment
系统在虚拟线对中至少有一组接口。
Answer
在 vwire 对接口中,默认情况下启用了链接状态传递。
当一个接口向下时, PAN-OS 由于链接状态传递,向下通电源到 vwire 对的另一个链接。
> show interface all <snip> ethernet1/4 19 ukn/ukn/down(autoneg) 00:1b:17:6b:e0:13 <<< Interface that is down due to physical link down ethernet1/5 20 ukn/ukn/down(power-down) 00:1b:17:6b:e0:14 <<< Interface powered down by PAN-OS <snip>
或者,您可以检查系统日志 网络界面
CLI :
user@firewall> show log system direction equal backward eventid equal link-change Time Severity Subtype Object EventID ID Description =============================================================================== 2019/04/07 05:40:44 info port ethern link-ch 0 Port ethernet1/4: Down 1Gb/s-full duplex
系统日志,只记录物理下降的界面。 欲了解更多信息,请参阅以下文章
:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqMCAS https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzQCAS
的brdagent日志也可以检查:
admin@firewall> less dp0-log brdagent.log 2019-04-07 05:40:44.600 -0700 Port 4: (port_linked) PHY shows down, val 0x7949 2019-04-07 05:40:44.601 -0700 Port 4: Down 1Gb/s-full duplex 2019-04-07 05:40:44.602 -0700 PORT4: board_port_autoneg_enabled -> board_port_autoneg, link: 0, mode: 1 2019-04-07 05:40:44.620 -0700 Port 5: POWERDOWN command received <<< 2019-04-07 05:40:44.621 -0700 PORT5: board_port_autoneg_enabled -> board_port_powerdown, link: 0, mode: 1 2019-04-07 05:40:44.621 -0700 Port 5: Powered down
" POWERDOWN 接收的命令"表示brdagent收到命令从 mprelay 向下接接。
mprelay 日志可以检查显示界面下降的原因。
检测到第一个以太网1/4链接向下,并立即检测到链接状态传递:
admin@firewall> less dp0-log mprelay.log 2019-04-07 05:40:44.608 -0700 Interface ethernnet1/4 link down, changed from cached state: yes 2019-04-07 05:40:44.608 -0700 IFMon: vwire interface ethernet1/4 link down, check link-state-pass-through
然后以太网1/5设置为向下:
2019-04-07 05:40:44.609 -0700 Set vwire interface ethernet1/5 link state to down 2019-04-07 05:40:44.609 -0700 get interface link properties: name ethernet1/5 2019-04-07 05:40:44.617 -0700 Interface ethernet1/5 current state, speed 3 duplex 2 link 1 2019-04-07 05:40:44.617 -0700 set interface link properties: name ethernet1/5 speed auto duplex auto state down disable no 2019-04-07 05:40:44.624 -0700 IFMon: post event interface ethernet1/4 link down 2019-04-07 05:40:44.624 -0700 IFMon: scheduled link-passthrough scan at 15 seconds later 2019-04-07 05:40:44.625 -0700 IFMon: sys.s1.p5.status changed 2019-04-07 05:40:44.625 -0700 Interface ethernnet1/5 link down, changed from cached state: no 2019-04-07 05:40:44.625 -0700 Interface 5 mode changed from 1 to 3 2019-04-07 05:40:44.625 -0700 Interface 5, if_admin_mode_mask=0x30
一旦物理提出界面,通电的接口就会通电。
姆普雷莱日志:
2019-04-07 06:02:56.175 -0700 IFMon: sys.s1.p4.status changed 2019-04-07 06:02:56.176 -0700 Interface ethernnet1/4 link up, changed from cached state: yes 2019-04-07 06:02:56.176 -0700 IFMon: vwire interface ethernet1/4 link up, check link-state-pass-through 2019-04-07 06:02:56.176 -0700 Set vwire interface ethernet1/5 link state to up
布拉德代理日志:
2019-04-07 06:02:56.176 -0700 PORT4: board_port_autoneg -> board_port_autoneg_linked, link: 1, mode: 1 2019-04-07 06:02:56.176 -0700 Port 4: Up 1Gb/s-full duplex 2019-04-07 06:02:56.179 -0700 Port 4: MAC enabled 2019-04-07 06:02:56.179 -0700 PORT4: board_port_autoneg_linked -> board_port_autoneg_enabled, link: 1, mode: 1 2019-04-07 06:02:56.187 -0700 Port 5: AUTONEG command received 2019-04-07 06:02:56.187 -0700 PORT5: board_port_powerdown -> board_port_reset, link: 0, mode: 3 2019-04-07 06:02:56.187 -0700 Port 5: Power up
Additional Information
什么是链接状态传递?
pan-os https://docs.paloaltonetworks.com//7-1/-Web- pan-os 接口帮助/网络/网络虚拟线
如何启用/禁用链接状态通过?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMiCAK