...Facepalm.....
For the record, we're on 3.6.8, but I've had internal pressure to goto 16.3.5 based on comments my SE has said.
Known Bugs - Catalyst 3850-12S-E Switch
Console, Telnet/SSH Sessions Hang/Become unavailable at execution of "show run"
Symptom:
Console, Telnet/SSH sessions to the switch hang up and the condition does not clear until a reload is done.
May 4 12:12:27.154: %PARSER-6-WMLRETRY: Write memory lock currently held by pid '485', automatic retry. -Process= "SSH Process", ipl= 0, pid= 487
May 4 12:12:41.205: %PARSER-6-WMLRETRY: Write memory lock currently held by pid '485', automatic retry. -Process= "SSH Process", ipl= 0, pid= 488
May 4 12:12:45.757: %PARSER-6-WMLRETRY: Write memory lock currently held by pid '485', automatic retry. -Process= "Exec", ipl= 0, pid= 486
Conditions:
Vlan configuration change/add/delete events executed at the time ARP hits the CPU ( DHCP snooping/ARP inspection)
Switch freezes, drops end user traffic and also stops executing.
Show run/ Show tech-support command is executed.
Affects 16.6.3, 16.3.5, 16.3.5b, 16.3.6. across all platforms. Code versions earlier to each of the mentioned releases are not impacted
Workaround:
The switch will not be recoverable once the condition is hit. Switch will have to be reloaded.
Run the following steps to avoid running into the issue,
Option 1:
1) Disable IP DHCP snooping
No ip dhcp snooping vlan 2-4094
No ip dhcp snooping
2) Disable IPDT/ SISF policy if applied on the interfaces.
Int <>
no device-tracking attach-policy
3) Make all the desired vlan config changes, restore the cli's remove from step 1) and 2) above.
Option 2 (Intrusive Method, not recommended):
- Enable MAC ACL to temporarily block ARP packets.
- Apply the ACL on all the ports on the switch or modify the respective CoPP policy.
- Make the VLAN changes.
- Remove the MAC ACL from the interface, restore CoPP policy if copp is modified.
Option 3( Intrisive Method):
- Shut down all interfaces
- Make VLAN Changes
- Unshut all the interfaces
No comments:
Post a Comment