AAAAARRRRRRGGGGGGGGGHHHHHHHHHH!!!!!!!!!!!!!!!!!!!
OK. After playing around with this 2 hour lab for 4.5 hours and being
stuck here I finally caught it. VLAN 999 is used to bridge the BB1
router across to S2 in a previous step. It needs to be pulled from your
S1 gi0/19 trunk just like VLAN 12 was pulled. That is missed in the DSG.
Once that is done you no longer fall into errdisable state.
I cannot find ANY good documentation for how to troubleshoot or debug
this other than observe the log message. In my case, the message was on
Gi0/19 of S4 so I knew the issue was coming from gi0/19 on S1. What I
finally did was:
do sho run | in interf|tunn
Which allowed me to see which interfaces had any QnQ or L2TP defined to
them. I narrowed it down to the BB1 port and realized it was vlan 999
that was killing me.
Lesson learned. Well played IPExpert.
-Hammer-
"I was a normal American nerd"
-Jack Herer
On 09/28/2011 09:43 AM, -Hammer- wrote:
So this lab is pretty fun. Or so I thought. Until I got to step 5.5. I
understand the mechanics of QnQ as well as basic L2 tunneling and I
know how to recover from the state but for the life of me I can't
figure out how to "troubleshoot" or "debug" the issue. There are debug
options for QnQ as well as L2protocol-tunnel (not used in this
scenario) but there doesn't seem to be a specific debug for
errdisabling beyond the log messages.
When I no shut the relative interfaces I get the infamous errdis messages:
CAT4(config)#
22:02:37: %PM-4-ERR_DISABLE: l2ptguard error detected on Gi0/19,
putting Gi0/19 in err-disable state
22:02:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/19, changed state to down
22:02:39: %LINK-3-UPDOWN: Interface GigabitEthernet0/19, changed state
to down
Per the DSG this is expected behavior because of the Cisco MAC being
passed on VLAN 12 from a previous step. But I've pulled that VLAN as
needed to prevent the propriety MAC issue. I also pulled VLAN 990
(used to encapsulate tunneled traffic) just for the fun of it but
still I'm being shut down.
The main focus is the connection from Cat1 to Cat4 over gi0/19 on each
end. Can anyone offer some insight into why it is failing on tunnel
guard. I'm really perplexed. Or can anyone offer some good debug
commands? I guess my next step is a sniffer but that's really not an
option in the lab. :)
TRAFFIC PATH
Cat1 gi0/19 - gi0/19 Cat4 gi0/22 - gi0/22 Cat2 gi0/19 - gi0/19 Cat3
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
CAT1(config)#do sho run int gi0/19
Building configuration...
Current configuration : 150 bytes
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-11,13-989,991-4094
switchport mode trunk
end
CAT1(config)#
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
CAT4(config)#do sho run int gi0/19
Building configuration...
Current configuration : 179 bytes
!
interface GigabitEthernet0/19
switchport access vlan 990
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
end
CAT4(config)#do sho run int gi0/22
Building configuration...
Current configuration : 133 bytes
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 990
switchport mode trunk
end
CAT4(config)#
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
CAT2(config)#
CAT2(config)#do sho run int gi0/22
Building configuration...
Current configuration : 133 bytes
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 990
switchport mode trunk
end
CAT2(config)#do sho run int gi0/19
Building configuration...
Current configuration : 179 bytes
!
interface GigabitEthernet0/19
switchport access vlan 990
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
end
CAT2(config)#
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
CAT3(config)#do sho run int gi0/19
Building configuration...
Current configuration : 150 bytes
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-11,13-989,991-4094
switchport mode trunk
end
CAT3(config)#
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--
-Hammer-
"I was a normal American nerd"
-Jack Herer
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
