27
−
To display the global QoS policy configuration, execute the
display qos policy global
command.
b.
Verify that packets are not filtered out by automatically created ACLs.
−
The IP source guard feature creates ACLs automatically.
Execute the
display this
command in Ethernet interface view to verify that the
ip
source guard
command is configured on the port. To display source guard binding
entries, execute the
display ip source binding
or
display ipv6 source binding
command. If the
ip source binding
command or
ip verify source
command is
configured but the packets match no entry, further troubleshoot the issue based on the
way the binding entries are created.
−
The EAD assistant feature creates ACLs automatically.
The EAD assistant feature discards packets for a user that fails authentication when the
user accesses an IP address not in the free IP segment.
Execute the
display dot1x
command to verify that the EAD assistant feature is enabled.
If the EAD assistant feature is enabled, identify whether the user fails the authentication
and accesses an IP address not in the free IP segment.
3.
Verify that the port is not blocked:
{
Execute the
display stp brief
command to verify that STP does not set the state of the port
to
discarding
. When the port is in
discarding
state, it cannot forward traffic. H3C
recommends that you disable STP on the port, or configure the port as an edge port if the
port is connected to a terminal device.
{
If the port belongs to an aggregation group, execute the
display link-aggregation verbose
command to identify the port status. When the port is an Unselected port, it cannot forward
traffic. Locate the reasons why the port is in Unselected state. For example, the attribute
configurations of the port are different from the configurations of the reference port.
{
If the port belongs to a smart link group, execute the
display smart-link group
command to
verify the port status. The port cannot forward packets if its state is standby or down. If the
port is standby, configure the port as a primary port. If the port is down, verify the causes and
resolve the issue as required. A port might go down if the uplink device is configured with the
monitor link function, the port is shut down, or the link fails.
4.
Examine the following configurations that might cause packet loss:
{
VLAN configuration
—Execute the
display this
command in Ethernet interface view to
verify that the port is in the VLAN of the packets. If it is not, add the port to the VLAN.
{
Blackhole MAC address entries
—Execute the
display mac-address blackhole
command to display blackhole MAC address entries. If the packets are discarded because
they match a blackhole MAC address entry, delete the entry. To delete the blackhole MAC
address entry, execute the
undo mac-address blackhole mac
-
address
vlan
vlan
-
id
command.
{
Rate limit
—Execute the
display qos lr interface
command to display the rate limit
configuration on the port. If rate limit is configured on the port, make sure the committed
information rate (CIR) and the committed burst size (CBS) are appropriate. To adjust the
CIR and CBS values, execute the
qos lr
{
inbound
|
outbound
}
cir
committed-information-rate
[
cbs
committed-burst-size
] command.
{
Storm suppression
—Execute the
display this
command in Ethernet interface view to
display the configuration of storm suppression. Storm suppression includes broadcast
suppression, multicast suppression, and unknown unicast suppression. To adjust the
suppression thresholds, execute the
broadcast-suppression
,
multicast-suppression
,
and
unicast-suppression
commands, respectively.
5.
Verify that no congestion occurs by using the
display qos queue interface
command.
If congestion occurs, locate and resolve the issue by referencing related congestion
management documents.
6.
If the issue persists, contact H3C Support.
