Solved

My cisco 3560 switch is putting GI0/48 into "err-disable state after displaying "Loopback error detected"  How do I fix this?

Posted on 2011-02-28
6
1,917 Views
Last Modified: 2012-05-11
My cisco 3560 switch is putting GI0/48 into "err-disable state after displaying "Loopback error detected"  How do I fix this?

GI0/48 is the uplink port to a Juniper SSG-5 firewall.  Simple switchport access, no trunking on the default "Vlan 1"  The device connected to this port is at IP address 172.17.7.254, the default gateway is 172.17.7.1 /24 (which is the IP address of the switch that is throwing these errors and shutting down this port.  Internet access is obtained via MPLS which is routed by this switch as well.



CIS3560SW71A1_A#sh run
Building configuration...

Current configuration : 4617 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname CIS3560SW71A1_A
!
enable secret 5 $1$BISF$2EYqTad.78j843MnI9CR6.
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
system mtu routing 1500
ip subnet-zero
no ip source-route
ip routing
ip domain-name corp.sourcemed.biz
!
!
!
!
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
 description SM71FP01PRD
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
 description SM71DC01PRD
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
 description SM71DC02PRD
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
 description UPLINK_IP_Telephony
 switchport access vlan 77
!
interface GigabitEthernet0/46
 description TELECOM SERVER
 switchport access vlan 77
!
interface GigabitEthernet0/47
 description ROME MPLS UPLINK
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 728
 switchport mode trunk
 switchport nonegotiate
 speed 100
 duplex full
!
interface GigabitEthernet0/48
 description SSG5 eth0/1
 speed 100
 duplex full
!
interface GigabitEthernet0/49
 description Uplink to CIS3560SW71A1_B
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
 description Rome Network
 ip address 172.17.7.1 255.255.255.0
!
interface Vlan77
 description IP_Telephony
 ip address 172.17.77.1 255.255.255.0
!
interface Vlan728
 description MPLS Uplink
 ip address 172.16.50.46 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.50.45
ip route 10.1.0.0 255.255.254.0 172.16.50.45
ip route 172.16.0.0 255.255.0.0 172.16.50.45
ip route 172.16.50.0 255.255.255.0 172.16.50.45
ip route 172.22.22.0 255.255.255.240 172.17.7.254
ip route 172.23.23.0 255.255.255.240 172.17.7.254
ip route 192.168.1.0 255.255.255.0 172.17.7.254
ip route 192.168.168.0 255.255.255.0 172.16.50.45
ip http server
!
logging source-interface Vlan1
logging 172.16.1.205
logging 172.16.1.110
no cdp run
snmp-server community smsnmpro2001 RO
snmp-server community smsnmprw2001 RW
snmp-server location Rome
snmp-server contact Layer_2
!
control-plane
!
banner motd ^C
       ,,,,,
      /'^ ^'\
     ((o)-(o))
--oOOO--(_)--OOOo-------------------------------------------------
 You Are Attempting To Access a Private        |           |
 Network.  Unauthorized Access is Strictly    :|:         :|:
 Forbidden.  Violators Will be Prosecuted!   :|||:       :|||:
                                         ..:|||||||:...:|||||||:..
  .oooO                                  _________________________
  (   )      Oooo.
---\ (-------(   )------------------------------------------------
    \_)       ) /              Source Medical Solutions
             (_/                    CIS3560SW71A1_A


^C
!
line con 0
 exec-timeout 5 0
 password 7 03295E0F155F345E120C5854
 logging synchronous
 login
line vty 0 4
 exec-timeout 10 30
 timeout login response 300
 password 7 062B0A255F1E1C0B5912535A
 logging synchronous
 login
 length 0
line vty 5 15
 login
!
end

CIS3560SW71A1_A#  


CIS3560SW71A1_A#sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     18ef.6331.c680
             Cost        4
             Port        49 (GigabitEthernet0/49)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     9c4e.2001.4a80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 19        128.1    P2p
Gi0/2            Desg FWD 19        128.2    P2p
Gi0/3            Desg FWD 19        128.3    P2p
Gi0/4            Desg FWD 19        128.4    P2p
Gi0/5            Desg FWD 4         128.5    P2p
Gi0/6            Desg FWD 19        128.6    P2p
Gi0/7            Desg FWD 4         128.7    P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Gi0/9            Desg FWD 4         128.9    P2p
Gi0/12           Desg FWD 100       128.12   P2p
Gi0/14           Desg FWD 4         128.14   P2p
Gi0/17           Desg FWD 4         128.17   P2p
Gi0/19           Desg FWD 4         128.19   P2p
Gi0/20           Desg FWD 4         128.20   P2p
Gi0/21           Desg FWD 4         128.21   P2p
Gi0/22           Desg FWD 19        128.22   P2p
Gi0/23           Desg FWD 4         128.23   P2p
Gi0/24           Desg FWD 4         128.24   P2p
Gi0/25           Desg FWD 19        128.25   P2p
Gi0/26           Desg FWD 4         128.26   P2p
Gi0/29           Desg FWD 4         128.29   P2p
Gi0/32           Desg FWD 4         128.32   P2p
Gi0/36           Desg FWD 4         128.36   P2p
Gi0/38           Desg FWD 4         128.38   P2p
Gi0/39           Desg FWD 4         128.39   P2p
Gi0/42           Desg FWD 19        128.42   P2p
Gi0/43           Desg FWD 4         128.43   P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Gi0/44           Desg FWD 4         128.44   P2p
Gi0/48           Desg FWD 19        128.48   P2p
Gi0/49           Root FWD 4         128.49   P2p


VLAN0728
  Spanning tree enabled protocol ieee
  Root ID    Priority    33496
             Address     9c4e.2001.4a80
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33496  (priority 32768 sys-id-ext 728)
             Address     9c4e.2001.4a80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/47           Desg FWD 19        128.47   P2p

CIS3560SW71A1_A#
0
Comment
Question by:smadmin
  • 4
  • 2
6 Comments
 

Author Comment

by:smadmin
ID: 34998436
CIS3560SW71A1_A#sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     18ef.6331.c680
             Cost        4
             Port        49 (GigabitEthernet0/49)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     9c4e.2001.4a80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 19        128.1    P2p
Gi0/2            Desg FWD 19        128.2    P2p
Gi0/3            Desg FWD 19        128.3    P2p
Gi0/4            Desg FWD 19        128.4    P2p
Gi0/5            Desg FWD 4         128.5    P2p
Gi0/6            Desg FWD 19        128.6    P2p
Gi0/7            Desg FWD 4         128.7    P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Gi0/9            Desg FWD 4         128.9    P2p
Gi0/12           Desg FWD 100       128.12   P2p
Gi0/14           Desg FWD 4         128.14   P2p
Gi0/17           Desg FWD 4         128.17   P2p
Gi0/19           Desg FWD 4         128.19   P2p
Gi0/20           Desg FWD 4         128.20   P2p
Gi0/21           Desg FWD 4         128.21   P2p
Gi0/22           Desg FWD 19        128.22   P2p
Gi0/23           Desg FWD 4         128.23   P2p
Gi0/24           Desg FWD 4         128.24   P2p
Gi0/25           Desg FWD 19        128.25   P2p
Gi0/26           Desg FWD 4         128.26   P2p
Gi0/29           Desg FWD 4         128.29   P2p
Gi0/32           Desg FWD 4         128.32   P2p
Gi0/36           Desg FWD 4         128.36   P2p
Gi0/38           Desg FWD 4         128.38   P2p
Gi0/39           Desg FWD 4         128.39   P2p
Gi0/42           Desg FWD 19        128.42   P2p
Gi0/43           Desg FWD 4         128.43   P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Gi0/44           Desg FWD 4         128.44   P2p
Gi0/48           Desg FWD 19        128.48   P2p
Gi0/49           Root FWD 4         128.49   P2p


VLAN0728
  Spanning tree enabled protocol ieee
  Root ID    Priority    33496
             Address     9c4e.2001.4a80
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33496  (priority 32768 sys-id-ext 728)
             Address     9c4e.2001.4a80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/47           Desg FWD 19        128.47   P2p

CIS3560SW71A1_A#
0
 

Author Comment

by:smadmin
ID: 34998460

CIS3560SW71A1_A#sh run
Building configuration...

Current configuration : 4617 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname CIS3560SW71A1_A
!
enable secret 5 $1$BISF$2EYqTad.78j843MnI9CR6.
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
system mtu routing 1500
ip subnet-zero
no ip source-route
ip routing
ip domain-name corp.sourcemed.biz
!
!
!
!
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
 description SM71FP01PRD
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
 description SM71DC01PRD
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
 description SM71DC02PRD
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
 description UPLINK_IP_Telephony
 switchport access vlan 77
!
interface GigabitEthernet0/46
 description TELECOM SERVER
 switchport access vlan 77
!
interface GigabitEthernet0/47
 description ROME MPLS UPLINK
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 728
 switchport mode trunk
 switchport nonegotiate
 speed 100
 duplex full
!
interface GigabitEthernet0/48
 description SSG5 eth0/1
 speed 100
 duplex full
!
interface GigabitEthernet0/49
 description Uplink to CIS3560SW71A1_B
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
 description Rome Network
 ip address 172.17.7.1 255.255.255.0
!
interface Vlan77
 description IP_Telephony
 ip address 172.17.77.1 255.255.255.0
!
interface Vlan728
 description MPLS Uplink
 ip address 172.16.50.46 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.50.45
ip route 10.1.0.0 255.255.254.0 172.16.50.45
ip route 172.16.0.0 255.255.0.0 172.16.50.45
ip route 172.16.50.0 255.255.255.0 172.16.50.45
ip route 172.22.22.0 255.255.255.240 172.17.7.254
ip route 172.23.23.0 255.255.255.240 172.17.7.254
ip route 192.168.1.0 255.255.255.0 172.17.7.254
ip route 192.168.168.0 255.255.255.0 172.16.50.45
ip http server
!
logging source-interface Vlan1
logging 172.16.1.205
logging 172.16.1.110
no cdp run
snmp-server community smsnmpro2001 RO
snmp-server community smsnmprw2001 RW
snmp-server location Rome
snmp-server contact Layer_2
!
control-plane
!
banner motd ^C
       ,,,,,
      /'^ ^'\
     ((o)-(o))
--oOOO--(_)--OOOo-------------------------------------------------
 You Are Attempting To Access a Private        |           |
 Network.  Unauthorized Access is Strictly    :|:         :|:
 Forbidden.  Violators Will be Prosecuted!   :|||:       :|||:
                                         ..:|||||||:...:|||||||:..
  .oooO                                  _________________________
  (   )      Oooo.
---\ (-------(   )------------------------------------------------
    \_)       ) /              Source Medical Solutions
             (_/                    CIS3560SW71A1_A


^C
!
line con 0
 exec-timeout 5 0
 password 7 03295E0F155F345E120C5854
 logging synchronous
 login
line vty 0 4
 exec-timeout 10 30
 timeout login response 300
 password 7 062B0A255F1E1C0B5912535A
 logging synchronous
 login
 length 0
line vty 5 15
 login
!
end

CIS3560SW71A1_A#  
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 34998635
The switch has detected a loop that wasn't blocked by STP.

Do you have more than 1 connection to the LAN from the Juniper box?  If so, are those interfaces bridged?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:smadmin
ID: 34998766
I have the uplink I mentioned in the question sitting on eth0/1 and then there is a server on the network that has two interfaces.  The interface plugged into the switch directly is 172.17.7.5 and the other interface plugs into the SSG-5 for internet printing.  It's IP address is 172.17.7.54.  Should I place this second interface on a different network?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 34998868
Have you bridged the NICs on the server?  That would explain why the port to the Juniper is disabled.

The switch is putting Gi0/48 into err-disabled state because it has received a keepalive through the same port from which it originally was sent (which made me think the Juniper has 2 interfaces connected).
0
 

Author Closing Comment

by:smadmin
ID: 34999053
no
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now