網路異常
- Category: 電腦相關
- Last Updated: Monday, 17 November 2014 09:25
- Published: Monday, 20 October 2014 16:22
- Written by sam
上班時…什麼都能異常…就是網路不行…
當然還是要來弄一下最直覺的cacti了
想想也真怪好像幾個小時就會來一次…
只好去看一下log了
預設值剛好沒有log能查
先打開看一下,並一併將log等級調低一點…以便能多點記錄
%May 1 20:12:52:194 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is UP. %May 1 20:12:52:610 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is UP. %May 1 20:12:53:801 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is UP. %May 1 20:13:03:353 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is DOWN. %May 1 20:13:03:375 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is DOWN. %May 1 20:13:04:423 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is DOWN. %May 1 20:13:05:214 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is DOWN. %May 1 20:13:07:549 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is DOWN. %May 1 20:13:42:546 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is UP. %May 1 20:13:43:475 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is UP. %May 1 20:13:43:492 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/2 (IfIndex 9437185), Chassis ID is 7446-a01a-a100, Port ID is 48. %May 1 20:13:44:697 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is UP. %May 1 20:13:45:115 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is UP. %May 1 20:13:46:821 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is UP. %May 1 20:14:11:961 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/7 (IfIndex 9437190), Chassis ID is 40a8-f0ec-1580, Port ID is 48. %May 1 20:14:13:995 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/5 (IfIndex 9437188), Chassis ID is 40a8-f0ec-4440, Port ID is 48. %May 1 20:14:14:551 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/3 (IfIndex 9437186), Chassis ID is 7446-a01a-d6c0, Port ID is 48. %May 1 20:14:16:435 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/6 (IfIndex 9437189), Chassis ID is 40a8-f0ec-9640, Port ID is 48. %May 1 20:14:37:321 2000 HP ARP/4/RATELIMIT: The ARP packet rate(294pps) exceeded the rate limit(50pps) on interface GigabitEthernet1/0/7 in the last 60 seconds. %May 2 01:12:51:624 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is DOWN. %May 2 01:12:51:650 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is DOWN. %May 2 01:12:53:210 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is DOWN. %May 2 01:12:53:487 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is DOWN. ---- More ---- %May 2 01:12:55:830 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is DOWN. %May 2 01:13:01:151 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is UP. %May 2 01:13:01:323 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is UP. %May 2 01:13:03:027 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is UP. %May 2 01:13:03:205 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is UP. %May 2 01:13:05:685 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is UP. %May 2 01:13:14:716 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is DOWN. %May 2 01:13:14:740 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is DOWN. %May 2 01:13:16:045 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is DOWN. %May 2 01:13:16:578 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is DOWN. %May 2 01:13:18:915 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is DOWN. %May 2 01:13:54:398 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/7 link status is UP. %May 2 01:13:55:080 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/2 link status is UP. %May 2 01:13:56:032 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/5 link status is UP. %May 2 01:13:56:733 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/3 link status is UP. %May 2 01:13:58:404 2000 HP IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/6 link status is UP. %May 2 01:14:23:533 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/7 (IfIndex 9437190), Chassis ID is 40a8-f0ec-1580, Port ID is 48. %May 2 01:14:24:818 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/2 (IfIndex 9437185), Chassis ID is 7446-a01a-a100, Port ID is 48. %May 2 01:14:25:333 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/5 (IfIndex 9437188), Chassis ID is 40a8-f0ec-4440, Port ID is 48. %May 2 01:14:26:033 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/3 (IfIndex 9437186), Chassis ID is 7446-a01a-d6c0, Port ID is 48. %May 2 01:14:27:943 2000 HP LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/6 (IfIndex 9437189), Chassis ID is 40a8-f0ec-9640, Port ID is 48. %May 2 01:14:41:352 2000 HP ARP/4/RATELIMIT: The ARP packet rate(439pps) exceeded the rate limit(50pps) on interface GigabitEthernet1/0/7 in the last 60 seconds.
還真是規律,每五個小時就會port down 再起
目前推測原因…應該是arp太多了
先試著提高arp limit試一下…
竟然也是不行…真不知道標準在哪…
只好又全關掉
再確認一次
先試下將ARP Anti-Attack的功能打開
果然一次就掛光了
所有的lldp接口都停了
先dis lldp neighbor-information list
看一下 brief
所以目前最大的問題就是…
目前的switch全都是vlan1…
全都建在l3 switch 當 core switch 用 trunk 也都建在上面
再將所有的 0.0.0.0 都直接丟到 下一層 由 fw 作路由
這臺l3的 route就一條 any
dis ip routing-table protocol static
<HP-A5500-EI>dis ip routing-table protocol static Public Routing Table : Static Summary Count : 1 Static Routing Table Status : <Active> Summary Count : 1 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 Static 60 0 192.168.11.1 Vlan1
dis ip routing-table
<HP-A5500-EI>dis ip routing-table
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 192.168.11.1 Vlan1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.254 Vlan2
192.168.1.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 Direct 0 0 192.168.10.254 Vlan10
192.168.10.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.11.0/24 Direct 0 0 192.168.11.254 Vlan1
192.168.11.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.20.0/24 Direct 0 0 192.168.20.254 Vlan20
192.168.20.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.30.0/24 Direct 0 0 192.168.30.254 Vlan30
192.168.30.254/32 Direct 0 0 127.0.0.1 InLoop0
再來就是建置時的wifi ap
好像是不同的人施工的
有的切 255 有的切到 128
192.168.0.1 to 192.168.127.254 所以也切太大了一點點
順便也重設一下 vlan-int的30 一樣放大到 mask/23
<HP-A5500-EI>dis current-configuration interface Vlan-interface 30 # interface Vlan-interface30 ip address 192.168.30.254 255.255.254.0 undo dhcp select server global-pool # return
再來是dhcp發放的部份…
新分成兩條
除了5小時會port down restart 之外…ftp速度是還能接受…如果再作上四線的LACP或是單純的LA應該就更棒了
再來是修改一下nat的設定
[root@opennms ~]#
login as: root
Access denied
This email address is being protected from spambots. You need JavaScript enabled to view it..*.**'s password:
Last login: Tue Oct 21 21:04:03 2014 from 192.168.20.13
這樣就不會所有的連線都從router ip轉上去了
在看log時,也不會全部都是來自nat的ip了
再來是設定相關dhcp relay 相關
作這個的目的是因為這臺switch沒有配發ip
直接將相關的需求作relay給後端的dhcp server
下面的指令是查看目前的運作狀態
dis dhcp relay statistics
由圖中可見到收到 617 然後 relay 617
<HP-A5500-EI>dis dhcp relay statistics
Bad packets received: 0
DHCP packets received from clients: 8776
DHCPDISCOVER packets received: 3730
DHCPREQUEST packets received: 4313
DHCPINFORM packets received: 733
DHCPRELEASE packets received: 0
DHCPDECLINE packets received: 0
BOOTPREQUEST packets received: 0
DHCP packets received from servers: 617
DHCPOFFER packets received: 0
DHCPACK packets received: 0
DHCPNAK packets received: 617
BOOTPREPLY packets received: 0
DHCP packets relayed to servers: 8776
DHCPDISCOVER packets relayed: 3730
DHCPREQUEST packets relayed: 4313
DHCPINFORM packets relayed: 733
DHCPRELEASE packets relayed: 0
DHCPDECLINE packets relayed: 0
BOOTPREQUEST packets relayed: 0
DHCP packets relayed to clients: 617
DHCPOFFER packets relayed: 0
DHCPACK packets relayed: 0
DHCPNAK packets relayed: 617
BOOTPREPLY packets relayed: 0
DHCP packets sent to servers: 0
DHCPDISCOVER packets sent: 0
DHCPREQUEST packets sent: 0
DHCPINFORM packets sent: 0
DHCPRELEASE packets sent: 0
DHCPDECLINE packets sent: 0
BOOTPREQUEST packets sent: 0
DHCP packets sent to clients: 0
DHCPOFFER packets sent: 0
DHCPACK packets sent: 0
DHCPNAK packets sent: 0
BOOTPREPLY packets sent: 0
再來這個是秀出relay到哪個群組的設定
dis dhcp relay all
<HP-A5500-EI>dis dhcp relay all
Interface name Server-group
Vlan-interface1 0
Vlan-interface2 0
Vlan-interface10 0
Vlan-interface20 0
Vlan-interface30 0
再來是要作 dhcp-snooping trust
dis dhcp-snooping trust
這邊可見到只有作一個trust Port 目的是這個port是接到dhcp server
這樣的話,理論上可避免員工私接的設備誤開了dhcp功能 (人性本善,都嘛是不小心接上的,又不小心發了ip)員工就是這麼的無辜
因為在switch的部份會濾掉這個dhcp的封包
只有這個port 24會回應
<HP-A5500-EI>dis dhcp-snooping trust DHCP Snooping is enabled. DHCP Snooping trust becomes active. Interface Trusted ========================= ============ GigabitEthernet1/0/24 Trusted
所以再來整個架構應該就是要大改了…也就是說等於重建…
所以這個要改…那個也要改
就改天了!!!