How to guard against switch failures

Generally, the failure of a vswitch is caused by the time used. As the Working Hours extend and network applications change, the chance of a problem increases greatly.

A switch is an important device in a network. If a problem occurs, it will affect the entire network system. Therefore, we have analyzed the troubleshooting methods for common switch faults. Computers in the LAN are often connected to switch devices and exchange and process data through these devices, the working status of a vswitch has a direct impact on the overall performance of the LAN.

Generally, the performance of new switches is relatively stable and rarely suffers from faults. However, with the extension of work time and the constant change of network applications, the probability of switch failures is also increasing.

In order to improve the efficiency of solving switch faults and ensure that LAN networks can always run efficiently, this article will begin from a practical perspective to explain three common switch failures, hope you can get some inspiration!

1. Handle switch faults caused by cache Overflow

A lan has two common switches, each of which is connected to a CISCO router device through a Mbit/s twisted pair cable and accesses the Internet through the device. At ordinary times, each vswitch is connected to approximately 10 computers, and each computer can access the Internet smoothly through the vswitch. Recently, some computers in the LAN can access the Internet normally, some computers cannot access the Internet.

At first, the network administrator thought it was the computer's own factor. However, after checking the computer system's Internet access settings and network viruses, it was found that there were no problems, it is normal to use the ping command to test the local IP address, but it is abnormal when you ping the gateway address of the LAN. It seems that there is a problem with the line between the faulty computer and the switch. Is there a problem with the connectivity of physical lines? With this in mind, the network administrator immediately used the network tester to test the connectivity between the twisted pair wires connected to the computer and the switch, and found that their connectivity was normal.

After the network line and computer factors are excluded, the network administrator wants to check whether the switch is working normally. When he arrives at the switch equipment site, he found that all the port signals of one of the switches are in the light but not blinking state;

Logically, if the switch can process data normally, the data signal of the corresponding switch port should also be in the flashing status. Obviously, the switch port is on but not flashing, this indicates that the switch is not working properly. On the other hand, the network administrator finds that the switch ports of another vswitch can basically flash as long as they are switched. This indicates that the switch can exchange data normally.

After further checks, the network administrator can see that computers that cannot access the Internet are basically connected to the abnormal switch, it seems that some computers in the LAN cannot access the Internet. The switch fault is caused by the switch. So what causes abnormal display of the port signal of the faulty switch?

Generally, there are two main reasons for abnormal display of the port Signal Status: on the one hand, there are problems with the switch system, such as being attacked by a network virus, the system cache overflow error may occur after a long working period. On the other hand, the switch equipment has hardware problems. For example, after a long service period of the switch, its internal performance components are prone to aging, and these aging components may also cause abnormal switch operation.

Generally, the vswitch settings do not change, and some "soft" faults can be solved by restarting. follow these steps, the Network Administrator immediately restarted the faulty switch system. It was not long before the Network Administrator observed that the faulty switch port was working properly; when a failed computer system tries to access the Internet again, the switch failure that previously failed to access the Internet disappears immediately. This indicates that the faulty switch does have a "soft" fault similar to cache overflow, such a fault causes the switch to be abnormal.

If the switch encounters the same fault after a restart for a period of time, the problem may be caused by a network virus in the LAN, because some Network Viruses may be affected for a certain period of time, the memory or other system resources of the switch system will be constantly occupied, and eventually all the resources of the switch system will be exhausted, which will lead to the failure of the switch where computers in the LAN cannot access the Internet;

To avoid the impact of Network viruses on the switch system, we should carefully select devices with high quality, stable performance, and large cache before establishing the network, at the same time, pay attention to regular virus cleanup operations on LAN networks.

2. ARP virus faults

One day, I received a request for a fault, saying that the computer in room 618 was suddenly unable to access the Internet, and there was a Red Cross sign on the network connection icon in the system tray area; at first, I thought it was definitely because the network cable was loose. I asked the user to unplug the network cable and re-plug it to ensure that the connection between the network cable and the Internet Plug-in on the wall and interfaces of the network card were secure, however, after the user re-plugged the network cable as required by the author, the same switch failure still occurred.

I am not at ease. I immediately logged on to the switch system used in room 618, checked the working status of the corresponding switch port, and found that the target port is in the "up" status, this indicates that the switching port is working normally. Later, I suspect that the IP address used by the computer in room 618 may conflict with the IP address of another computer, so I suggest the Internet user change the IP address, the computer in room 618 is connected again. Then, it didn't take long for the computer in the room next to 618 to ask the author for help and say that their computer could not access the Internet normally;

After reading the archives, I found that all the faulty computers are in the same virtual working subnet. It seems that this switch failure is not simply caused by a conflict caused by manual IP address modification, it is likely that the ARP virus appears in the corresponding virtual working subnet.

As we know, the ARP virus is so crazy that computers in the LAN are prone to be infected with the virus, which often deceives all computers and network devices in the LAN, and force the target computer to access the Internet through a specific virus host. After many computers are infected with the ARP virus, the reason why they cannot access the Internet or the speed of accessing the network will decrease is that the IP addresses of the network adapters of the target computer are one-to-one in normal conditions, after the NIC device of the target computer requests an IP address from the DHCP server, the IP address will be temporarily "Bundled" with the physical address of the NIC device, it will also be automatically stored in the Local System's ARP ing table;

When a computer in the LAN is accidentally infected with the ARP virus, the ARP virus forcibly maps the physical address of the computer's Nic to the switch or router device of the LAN, in addition, a large amount of ARP broadcast information is automatically sent to the network. After receiving the broadcast information, other computers in the LAN often mistakenly think that the virus computer is the gateway address of the LAN, in this way, other computers will automatically forward Internet access requests to virus computers, but virus computers are not actually the gateway address, so other computers naturally cannot access the Internet normally, even if you can access the Internet, it will not be very fast.

To find out which computer is infected with the ARP virus, I immediately log on to the target switch system as a system administrator, enter the global configuration status of the system, and use the "displaydia" command, check the working status of each switch port of the target switch. It is found that the computer with the physical address of the network adapter 0016-173d-43eb conflicts with the gateway address of the corresponding virtual working subnet; in order to find out the room in which the computer with the physical address of the network adapter is located, the author immediately runs the string command "displaymac" in the global configuration command line of the switch ", from the result page that appears later, I can see that the computer with the physical address of the NIC is 0016-173d-43eb and uses the 43 switching port.

In order to prevent ARP viruses from affecting the working status of the LAN, I run the "interfacee0/43" string command on the backend management interface of the switch to enter the view configuration status of Port 43, in this status, execute the string command "shutdown" and temporarily disable port 43. As a result, the virus computer cannot send ARP virus information to the LAN network through this port, at this time, other computers in the same virtual working subnet as the virus computer can access the Internet immediately.

After temporarily disabling the working status of the switch port 43, I immediately checked the complete file records during the networking and found that the switch port 43 was allocated to room 563 for Internet access, I immediately contacted the online user in room 563 by phone and told him that his computer had been infected with the ARP virus, and he had been forcibly disconnected from the network, in addition, this user must use the latest anti-virus software to scan and kill the computer he or she uses;

After scanning and killing the virus, I executed the "undoshutdown" string command in the view configuration of the corresponding switch port to re-activate the working status of the 43 switch port, then run the "displaydia" command again to find that there is no address conflict in the LAN, which indicates that the switch fault in the LAN has been successfully solved.