How to troubleshoot physical port flap or link down issue

How to troubleshoot physical port flap or link down issue

150954
Created On 11/22/19 22:30 PM - Last Modified 05/14/24 18:44 PM


Objective


Troubleshoot physical port flap or link down issues.

Environment


  • All PaloAlto Hardware-based Firewalls.
  • PAN-OS 7.1 and above.
  • Copper or Fiber media types.


Procedure


For Copper ports:

Check for link lights: The status of the link light should be solid green if the link is up. If the link is not up or the LED is not solid green then,

  1. Check for the Physical damage on the cable
  2. Check if the cable used is of is correct type such as cat5,cat6.
  3. Try using a known working cable between the devices.
  4. If using a patch panel, try different patch interfaces, Patch panels may have crossed receive and transmit, especially if jumping multiple patch panel pairs.
  5. Verify the speed/duplex setting on both sides of the link and modify the same if required.
  6. Check if the distance specification of the cable is within the limits for the connection type
  7. If another interface is available, move the existing non-working connection to that port. (try that on both ends) 
  8. looping the port to a known good port (such as port 1 connected to port 2) using a short cable can also be used to confirm if the link issue is due to local port or remote port. Depending on the configuration this needs to be performed during maintenance window to avoid network loop/outage.

 For Fiber ports:

If the connection is Fiber, in addition to the steps described above perform the following:
  1. Ensure fiber connections are clean.
  2. Try another transceiver and cable if fiber(SM or MM).
  3. Check power levels for fiber links to ensure the cable does not have signal loss.
  4. Is it the correct type of transceiver? GBIC, SFP, XFP, SFP+, QSFP, QSFP+, etc.
  5. Check for the transceiver’s transmit light on by using the power meter.
  6. Verify of the optics are supported by Palo Alto. A list of supported optics can be found here.
   


Additional Information


Additionally, the following steps can be performed
  • Check system logs for any errors using 'show log system direction equal backward'  Normally the port flaps are recorded in system logs.
  • brdagent.log provides more details on the port issues. This can be verified using 'less mp-log brdagent.log'
  • For dataplane interface Use show interface ethernet x/y ; for management interface use show interface management and check for any errors incrementing. Run this command multiple times.
  • Use show system state filter sys.s1.* | match crc' to check for CRC errors incrementing.
  • Changing of optics or cable on either side normally fixes the issues. If the issue is not fixed with the above troubleshooting steps then contact paloAlto support.


     


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNcB&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language