LAN some computers can surf the internet and the failure to troubleshoot cases

The computer does not go to the net reason has a lot of, the main still relies on experienced network management to go one by one to sweep, this article for everyone to share a computer not to solve the network case, the process of troubleshooting more twists and turns, using a lot of methods are useless, and finally found the cause of the failure because the switch is set incorrectly and lead to the port short-circuit, to share , hoping to help people who have the same problems.

Failure phenomenon

The size of a local area network is moderate, about 100 ordinary clients are distributed in four floors, each floor of the client system through the Super Five network cable, connected to the H3C S3050 model of the floor switch, Each floor switch is connected with the core switch of the unit LAN through the 1000M fiber cable, the whole LAN is connected with the external network through the hardware firewall, usually all client system can access the external network normally; In order to ensure the operation security of LAN, Network management specially divides the computer in each floor into the same virtual work subnet, each virtual work subnet is inaccessible to each other. I don't know why lately, LAN in a part of the client system is suddenly abnormal, the specific phenomenon of Internet speed is very slow, and often will happen for a while to surf the internet, a moment can not surf the strange fault; After the network Management site survey, found that these online abnormal client systems are located almost on the same floor, And the other floor of the ordinary client system can be normal Internet access.

Troubleshooting Procedures

1. View Physical Connection

Because the phenomenon is limited to the same floor, and the phenomenon is very similar to network contact, network management subconsciously think that the corresponding floor of the switch and LAN core switches, there may be a physical connection between the phenomenon of insecure. As a result, network management immediately unplug the connection between the faulty switch and the core switch, and using a professional cable tester to test the connectivity of the cable, found that there is no problem with the physical cable, then reinsert the network cable at each end to the exchange port, and ensure that the crystal head and the exchange port between the reliable contact. However, when the network management in any one client system, try to use the ping command to test the LAN gateway address, found that the test results are still unstable, while the data packet loss is also more serious, apparently physical connection is not the cause of the failure.

2. View ARP virus

Considering the IP address used by the client system and the IP address used by the floor switch, in the same work network segment, coupled with the recent ARP virus is very popular, this network management began to suspect that the corresponding floor work subnet presence of ARP virus; Because the working subnet on which the failed computer resides contains dozens of internet hosts, How to quickly judge the location of the ARP poison source, and isolate the poisonous client system from the virtual work subnet, ensure the security of other client systems and stabilize the Internet, it becomes the immediate urgency of the network management.

Although there is no ARP virus monitoring tools on hand, network management after viewing the LAN topology data, found that each floor switch support network administration, they have enabled the log memory function, this feature will be the switch under the ARP virus caused by the address of the conflict phenomenon to track records. Based on this, network management ready to log into the fault switch back-Office system, check the system log records to see if there is any relevant address conflict information; Think of it, network management immediately through the console control port, login to the fault switch background management system, the system in the global configuration mode to execute " Display Logbuf "command, from the pop-up results interface, network management did not find the ARP virus caused by the address conflict record, which means that the corresponding virtual work subnet does not have ARP virus.

3. View Broadcast Storm

Since there is no ARP virus in the fault working subnet, and the physical connection between the floor switch and the core switch is normal, then there may be a broadcast storm in the LAN, which causes the network channel to jam, so that the client system in the fault working subnet is accessed on the Internet, There will be a slow internet speed or a little time to surf the internet, a moment can not surf the strange fault. In order to confirm whether there is a broadcast storm in the corresponding virtual work subnet, the network administrator enters the core switch back-end system of the LAN, uses the interface command to enter the cascade port of the fault floor switch and the core switch, executes the "Display interface XXX" command, To view the working status of the specified cascading port; it turns out that the Cascade Port's working state is sometimes "up" and sometimes "down"; what's more strange is that the Cascade Port's input packet and output packet size are significantly abnormal and the data flow is 10 times larger than usual, Why does the data traffic in the failed working subnet suddenly become so large? Is there a malicious bt download phenomenon in the corresponding virtual work subnet? However, when the network administrator repeatedly executes the "Display interface XXX" command, found that the port's broadcast packet traffic is constantly increasing, It is clear that there is a broadcast storm in the virtual working subnet below the port.

4. View the port loop

After figuring out the broadcast storm phenomenon in the fault virtual work subnet, the next task is to find the specific "culprit" causing the broadcast storm phenomenon. Considering that there are many factors causing the broadcast storm phenomenon, such as network equipment damage, network connection formation loop, network virus and so on, However, the most common factors are often the user's careless operation, inadvertently formed in the virtual work Subnet network loop.

Considering that the switch in the LAN has enabled the network Loop test function, in order to eliminate the network loop factor, the NMS immediately enters the failure floor switch background system, executes the "Display Logbuf" command in the system command line state, and views the switch log record, The discovery log record clearly indicates that there is a network loop phenomenon on the 8th interchange port. Rushed to the fault switch site, network management found that the 8th switch port signal light is in a shiny state, this means that the port is working, and when trying to unplug the network cable that is connected to the switch port, the NMS is very surprised to see that the switching port is still shiny when disconnected from the network. Is there hardware damage to the swap port?

Fault resolution

Since the switching port has a network loop, the NMS decides to turn the switch off first to see if the working subnet status of the corresponding switch is back to normal. To do so, network management immediately login into the fault switch back-Office system, the implementation of the "interface E0/8" command, into the E0/8 switch port view mode state, in which state continue to execute the string command "shutdown", the E0/8 switch port working state off.

After the network management attempt in the fault client system, the implementation of ping command, testing the corresponding virtual work Subnet gateway address, the results found ping command test operation is normal, is the failure of the client system can now normal Internet? Then the Internet test, network management to see the previous occurrence of the internet speed is slow, a while to the Internet, The strange trouble of not being able to surf the internet for a while has disappeared, apparently the network fault has been solved successfully.

Fault Reflection

Although the above fault phenomenon has disappeared, but let network management is very puzzled is why the E0/8 switch port, in the absence of network connectivity, it can still be in a lit state, and the port also exists network loop phenomenon? After careful analysis, Network management thinks that there may be a short circuit inside the switching port, this phenomenon directly causes the target switching port to be in a light state when there is no network connection, and when the switching port of the switch is shorted, the network loop is formed in the corresponding virtual working subnet, which causes the broadcast storm phenomenon, Eventually led to the failure of the switch performance degradation, the phenomenon is that the network speed is slow, while the Internet connection is also unstable.

Of course, this type of network failure occurs on a switch with loop testing capability, as long as the network management from the switch backstage system log records, can quickly find a specific loop location; However, if the failure occurs on a switch that does not support loop testing, then it is more cumbersome to troubleshoot. At this point, we can try to disconnect all network connections of the switch, restart the switch back-end system, and carefully observe the signal state of each switch port, if you find that a switch port in the absence of any connection, the port Semaphore state still flashing, Then we can be sure that the switching port has a short-circuit phenomenon.