Wired

 View Only
last person joined: yesterday 

Expand all | Collapse all

Physical status of interface is "blocked"

This thread has been viewed 12 times
  • 1.  Physical status of interface is "blocked"

    Posted Dec 16, 2021 12:09 AM
    We have been running ArubaOS-CX for about a year.  An issue that continuously comes up are interfaces that have a physical status of "blocked".  This has been caused by and interface that is in a up up state but no mac address on the interface.  Port access is seeing this as an issue and puts the interface in a blocked state.  The only way to resolve this issue is to either bounce the port or reboot the end device.  I have seen these on interfaces that connect to different scada style devices.  Below is an example of what we are see.  Any help with this would be greatly appreciated.

    # show int physical | inc block
    1/5/17 5G-SmartRate blocked up 100M-FDx auto -- off 0.00 100M/1G/2.5G/5G --

    interface 1/5/17
    no shutdown
    qos trust dscp
    no routing
    vlan access 501
    spanning-tree bpdu-guard
    spanning-tree loop-guard
    spanning-tree port-type admin-edge
    aaa authentication port-access client-limit 5
    aaa authentication port-access critical-role INITIAL-ROLE
    aaa authentication port-access mac-auth
    enable
    power-over-ethernet pre-std-detect
    exit

    show mac-address-table port 1/5/17
    No MAC entries found.

    Interface 1/5/17 is up
    Admin state is up
    Link state: up for 10 hours (since Wed Dec 15 01:48:10 MST 2021)
    Link transitions: 9
    Description:
    Hardware: Ethernet, MAC Address: 88:3a:30:f9:f9:87
    MTU 1500
    Type 5G-SmartRate
    Full-duplex
    qos trust dscp
    Speed 100 Mb/s
    Auto-negotiation is on
    Flow-control: off
    Error-control: off
    MDI mode: MDI
    VLAN Mode: access
    Access VLAN: 501
    Rate collection interval: 300 seconds

    Rate RX TX Total (RX+TX)
    ---------------- -------------------- -------------------- --------------------
    Mbits / sec 0.00 0.00 0.00
    KPkts / sec 0.00 0.00 0.00
    Unicast 0.00 0.00 0.00
    Multicast 0.00 0.00 0.00
    Broadcast 0.00 0.00 0.00
    Utilization 0.00 0.00 0.00

    Statistic RX TX Total
    ---------------- -------------------- -------------------- --------------------
    Packets 0 0 0
    Unicast 0 0 0
    Multicast 0 0 0
    Broadcast 0 0 0
    Bytes 0 0 0
    Jumbos 0 0 0
    Dropped 0 0 0
    Pause Frames 0 0 0
    Errors 0 0 0
    CRC/FCS 0 n/a 0
    Collision n/a 0 0
    Runts 0 n/a 0
    Giants 0 n/a 0


    ------------------------------
    Travis Wager
    ------------------------------


  • 2.  RE: Physical status of interface is "blocked"

    EMPLOYEE
    Posted Dec 16, 2021 08:49 AM
    Looks like a silent device. Could you try adding to the user role "client-inactivity timeout". 

    example role:

    -----------
    port-access role scada_silent
        description special role for silent scada devices
        auth-mode client-mode
        client-inactivity timeout none
        vlan access name scada
    ----------