Jump to content
Калькуляторы

psa79

Пользователи
  • Content Count

    28
  • Joined

  • Last visited

Everything posted by psa79


  1. имеем show platform Chassis type: ASR1004 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 1 ASR1000-SIP40 ok 3d08h 1/0 SPA-1X10GE-L-V2 ok 3d08h 1/1 SPA-1X10GE-L-V2 ok 3d08h 1/2 SPA-1X10GE-L-V2 ok 3d08h 1/3 SPA-1X10GE-L-V2 ok 3d08h R0 ASR1000-RP2 ok, active 3d08h F0 ASR1000-ESP40 ok, active 3d08h P0 ASR1004-PWR-AC ok 3d08h P1 ASR1004-PWR-DC ok 3d08h Slot CPLD Version Firmware Version --------- ------------------- --------------------------------------- 1 00200800 15.3(3r)S R0 10021901 15.3(3r)S F0 1003190E 15.0(1r)S show version Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc2) show platform hardware slot 1 serdes status Slot F0-Link A RX link locked 58-bit scrambler, 20 Gbps 0 Overruns, 0 Underruns 0 Reframe, 0 Disparity 0 Out of band, 0 Illegal control codes Slot F0-Link B RX link locked 58-bit scrambler, 20 Gbps 0 Overruns, 0 Underruns 0 Reframe, 0 Disparity 0 Out of band, 0 Illegal control codes два порта входящих, два исходящих, упирается сумарно в 10G. как будто не sip40, sip10 стоит. кто что может посоветовать?
  2. буду частично убирать netflow. Вопрос, так это не справляется sip40 или esp40? то есть сколько возможно получить реально пропускной способности если еще вставить sip40 и использовать все 8 портов? по очередям разложить трафик получилось, но нагружать еще не пробовал. на данный момент обе кошки справляются (около 10G на каждую), но хочется что б был резерв и на случай аварии и задел на рост.
  3. и ще вопрос, Output трафик тоже нужно по очередям раскидать?
  4. show platform hardware qfp active datapath utilization CPP 0: Subdev 0 5 secs 1 min 5 min 60 min Input: Priority (pps) 4422 4520 4597 6666 (bps) 32472992 32248384 31783456 27652224 Non-Priority (pps) 1584273 1578103 1579840 1516685 (bps) 11378735976 11312441304 11304852360 10981663648 Total (pps) 1588695 1582623 1584437 1523351 (bps) 11411208968 11344689688 11336635816 11009315872 Output: Priority (pps) 335 348 366 369 (bps) 270824 283456 294672 298800 Non-Priority (pps) 1575588 1569339 1571560 1506526 (bps) 11364805816 11296089064 11290376824 10945698840 Total (pps) 1575923 1569687 1571926 1506895 (bps) 11365076640 11296372520 11290671496 10945997640 Processing: Load (pct) 55 55 55 53 есть два одинаковых устройства на одном pppoe на другом ipoe + nat на обоих overrun на входе появляется   это со второго show platform hardware qfp active datapath utilization CPP 0: Subdev 0 5 secs 1 min 5 min 60 min Input: Priority (pps) 1073867 1063384 1063711 1042831 (bps) 10651519448 10498515456 10510440536 10289745032 Non-Priority (pps) 711796 710616 736575 713719 (bps) 2061224808 2081454104 2117802976 2168247384 Total (pps) 1785663 1774000 1800286 1756550 (bps) 12712744256 12579969560 12628243512 12457992416 Output: Priority (pps) 750 806 804 809 (bps) 543920 588944 583896 587632 Non-Priority (pps) 1749977 1737464 1763832 1723037 (bps) 12399016240 12259224976 12306148648 12155871296 Total (pps) 1750727 1738270 1764636 1723846 (bps) 12399560160 12259813920 12306732544 12156458928 Processing: Load (pct) 63 62 63 61
  5. sh platform hardware throughput level % Error: This show command is not available on this device type
  6. пример настройки интерфейса interface GigaEthernet0/2 switchport trunk vlan-allowed 100,590 switchport trunk vlan-untagged 100 switchport mode trunk switchport pvid 100 вланы созданы, но все маки видны в vlan 100. если убрать 100 влан, все маки в 1. тоесть в любом нетегированном BDCOM(tm) GP3600-16 Software, Version 10.3.0C Build 43680 Copyright by Shanghai Baud Data Communication CO. LTD. Compiled: 2017-6-14 16:41:24 by SYS, Image text-base: 0x80008000 может прошивку надо сменить, поделитесь пожалуйста. заранее спасибо
  7. отвечу сам. на этой моделе нужно не switchport mode trunk, а switchport mode dot1q-tunnel-uplink и тогда работает. логика не понятна, но все вланы работают
  8. Все vlans в сторону головы со свича смотрят тагом, но на голове вот такая картина interface GigaEthernet0/1 switchport trunk vlan-allowed 100 switchport trunk vlan-untagged none switchport mode trunk ! Switch#show mac address-table interface GigaEthernet0/1 Mac Address Table (Total 1) ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0012.43aa.8219 DYNAMIC g0/1 вопрос gpon портов не касается
  9. поделитесь 3.10.1 для rp1 и rp2 пожалуйста
  10. Пришлось переехать с каталиста на каталист разница в них было 6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE 6 Policy Feature Card 3 WS-F6K-PFC3B SAL1050AGT7 2.3 Ok 6 MSFC3 Daughterboard WS-SUP720 SAD090206KJ 2.4 Ok стало 5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE 5 Policy Feature Card 3 WS-F6K-PFC3A SAD08260FNA 2.4 Ok 5 MSFC3 Daughterboard WS-SUP720 SAD08260CFY 2.3 Ok даже иосы одинаковые s72033-ipservices_wan-mz.122-33.SXH3.bin перестал работать полисинг настраиваю так mls qos aggregate-policer test 400000000 200000 200000 conform-action transmit exceed-action drop policy-map test class class-default police aggregate test interface Vlan435 ip address x.x.x.x 255.255.255.248 no ip redirects service-policy output test пробывал так policy-map megabit class any police cir 200000000 bc 100000 be 1000 conform-action transmit exceed-action drop violate-action drop никакого эффекта, неужели sup720 с PFC3A не поддерживает policy? кто что подскажет? да еще на картах появились Distributed Forwarding Card, до этого не было
  11. всем еще раз привет разобрался сам если кому будет интересно суть в "да еще на картах появились Distributed Forwarding Card, до этого не было" из-за двух DFC ограничение срабатывало на в два раза больший объём трафика чем установленно тоесть хочешь получить 200 ставь 100
  12. на предыдущем каталисте все работало и без mls qos vlan-based , но ставить пробовал, не помогает да вот что интересно абонент работает точно через модуль 8, на котором дропов 0, а на 1 модуле есть и растут, влан смотрит только в один порт show policy-map interface vlan 870 Vlan870 Service-policy output: megabit class-map: any (match-all) Match: access-group name all police : 200000000 bps 100000 limit 100000 extended limit Earl in slot 1 : 50023286169 bytes 5 minute offered rate 161465248 bps aggregate-forwarded 49996426283 bytes action: transmit exceeded 26859886 bytes action: drop aggregate-forward 166401776 bps exceed 14464 bps Earl in slot 5 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 8 : 30228188872 bytes 5 minute offered rate 109567976 bps aggregate-forwarded 30228188872 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 105608928 bps exceed 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps
  13. Добрый день! На esr 10008 pre1 терминируем pppoe, в локалке раздаем iptv мультикастом, на днях вдруг на кошке загрузка процессора подскочила до 100% при отключении потока мультикаста все нормализовалось, такое впечатление что поток попал в pppoe сесию и при этом процесс ARP Input подскочил до 90% Как с этим бороться? в кошку мультикаст вообше не должен попадать
  14. вопрос закрыт. не в кошке дело было
  15. Добрый вечер. Используем asr1008 как PPPOE сервер в пике трафик не превышает 800-830 мегабит ( если на всех интерфейсах сложить вход выход 2гигабита) при этом 4к сессий побывал убирать шейпера, скорость остается тойже при этом задержки не возрастают очень еще смущает ARP Input #show pxf cpu context FP context statistics count rate (since last time command was run) --------------------- ------------- ---------- feed_back 719179153997 250600 new_work_from_lc 706889564290 149714 new_work_from_rp 2719830985 518 new_work_from_replay 0 0 null_context 49965762122641 5852750 ---------- 6253582 FP average context/sec 1min 5min 60min --------------------- ---------- ---------- ---------- feed_back 252458 249830 236927 cps new_work_from_lc 147519 146108 140264 cps new_work 652 635 603 cps new_work_from_replay 0 0 0 cps null_context 5951102 5948734 5950354 cps --------------------- ---------- ---------- ---------- Total 6351732 6345308 6328150 cps FP context utilization 1min 5min 60min --------------------- ---------- ---------- ---------- Actual 6 % 6 % 5 % Theoretical 6 % 6 % 5 % Maximum 99 % 99 % 98 % CPU utilization for five seconds: 35%/12%; one minute: 37%; five minutes: 39% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 26 488284528 616032211 792 12.47% 13.60% 15.35% 0 ARP Input 81 103468936 4598166 22502 2.47% 1.34% 1.29% 0 Compute load avg 267 35133624 6427818 5465 2.15% 1.34% 1.33% 0 VTEMPLATE Backgr 194 184109112 885341942 207 1.91% 1.93% 1.89% 0 C10K Netflow Toa 264 32734548 756492470 43 0.87% 1.02% 1.05% 0 RADIUS 192 58634628 8170999 7175 0.63% 1.07% 1.10% 0 c10k_periodic_st 117 49724724 374015920 132 0.55% 0.40% 0.37% 0 IP Input #show inventory NAME: "Chassis", DESCR: "C10000 Edge Service Router (ESR) Chassis" PID: ESR-CHASSIS , VID: , SN: 00021651183 NAME: "module 1/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAB0438EGFF NAME: "module 2/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAT065008LK NAME: "RP A", DESCR: "Performance Routing Engine" PID: ESR-PRE2 , VID: V02 , SN: CAT07360UAV NAME: "RP A flash card 0", DESCR: "Flash Card" PID: ESR-PRE-MEM-FD128 , VID: , SN: NAME: "module 5/0", DESCR: "1 port Gigabit Ethernet Half-Slot Line Card" PID: ESR-HH-1GE , VID: V01 , SN: CAT114156HJ NAME: "module 6/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAT10465NPF NAME: "power-supply 0", DESCR: "DC POWER ENTRY MODULE FOR ESR10008" PID: ESR-PWR-DC , VID: , SN: NAME: "power-supply 1", DESCR: "DC POWER ENTRY MODULE FOR ESR10008" PID: ESR-PWR-DC , VID: , SN: NAME: "fan-tray", DESCR: "BLOWER ASSEMBLY FOR ESR10008" PID: ESR-BLOWER , VID: , SN: конфиг ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname esr10k ! boot-start-marker boot system flash disk0:c10k2-k91p11u2-mz.122-31.SB16.bin boot system flash disk0:c10k2-k91p11-mz.122-33.SB7.bin boot system flash disk0:c10k2-k91p11u2-mz.122-33.SB7.bin boot-end-marker ! enable secret 5 $1$0U8P$1Q/1wM5/EOfng07bXKEIp1 ! aaa new-model ! ! aaa authentication password-prompt password: aaa authentication username-prompt login: aaa authentication login default local aaa authentication login dialers group radius aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! ! ! ! aaa session-id common clock timezone lugansk 2 clock summer-time lugansk recurring last Sun Mar 2:00 last Sun Oct 2:00 facility-alarm core-temperature major 58 facility-alarm core-temperature minor 50 facility-alarm intake-temperature major 54 facility-alarm intake-temperature minor 45 ! ! card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 card 5/0 1gigethernet-hh-1 card 6/0 1gigethernet-1 ip subnet-zero no ip gratuitous-arps no ip rcmd domain-lookup ip rcmd rcp-enable ip rcmd rsh-enable ip name-server 10.3.3.1 ip name-server 10.3.3.2 ! ! ! ! vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas ! ! ! archive log config logging enable hidekeys ! redundancy mode sso ! ! class-map match-all test match access-group name acl_user class-map match-any ua-ix match access-group name acl_ua-ix_in class-map match-all all_user match access-group name acl_user ! ! policy-map k128 class class-default police 128000 16384 16384 conform-action transmit exceed-action drop violate-action drop policy-map m8 class class-default police 8392000 1048576 1048576 conform-action transmit exceed-action drop violate-action drop policy-map m5 class class-default police 5240000 655360 655360 conform-action transmit exceed-action drop violate-action drop policy-map m4 class class-default police 4192000 524288 524288 conform-action transmit exceed-action drop violate-action drop policy-map k256 class class-default police 264000 32768 32768 conform-action transmit exceed-action drop violate-action drop policy-map m1 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map k512 class class-default police 528000 65536 65536 conform-action transmit exceed-action drop violate-action drop policy-map m3 class class-default police 3144000 393216 393216 conform-action transmit exceed-action drop violate-action drop policy-map m2 class class-default police 2096000 262144 262144 conform-action transmit exceed-action drop violate-action drop policy-map k64 class class-default police 64000 8216 8216 conform-action transmit exceed-action drop violate-action drop policy-map m15 class class-default police 15360000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map k32 class class-default police 32000 4096 4096 conform-action transmit exceed-action drop violate-action drop policy-map k1024 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map m10 class class-default police 10488000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map m20 class class-default police 20976000 2621440 2621440 conform-action transmit exceed-action drop violate-action drop ! bba-group pppoe global virtual-template 1 sessions max limit 10000 sessions per-mac limit 1 sessions per-vlan limit 4096 sessions auto cleanup ! ! interface Loopback0 ip address 172.16.0.10 255.255.255.255 ! interface FastEthernet0/0/0 no ip address shutdown speed 100 full-duplex ! interface GigabitEthernet1/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet1/0/0.4 encapsulation dot1Q 4 ip address 195.222.127.86 255.255.255.192 ! interface GigabitEthernet1/0/0.21 encapsulation dot1Q 21 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet1/0/0.22 encapsulation dot1Q 22 no ip redirects no ip proxy-arp pppoe enable group global ! ........................................................................ ! interface GigabitEthernet1/0/0.732 encapsulation dot1Q 732 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet2/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet2/0/0.100 encapsulation dot1Q 100 ip address 10.4.1.1 255.255.255.0 no ip redirects no ip proxy-arp shutdown ! interface GigabitEthernet2/0/0.150 encapsulation dot1Q 150 ip address 10.3.3.58 255.255.255.192 ip access-group 101 in no ip redirects no ip proxy-arp ! interface GigabitEthernet2/0/0.156 encapsulation dot1Q 156 ip address 10.200.3.3 255.255.255.224 ! interface GigabitEthernet2/0/0.952 encapsulation dot1Q 952 ip address 10.3.50.58 255.255.255.0 ! interface GigabitEthernet5/0/0 no ip address no negotiation auto ! interface GigabitEthernet6/0/0 description Mirniy no ip address no negotiation auto ! interface GigabitEthernet6/0/0.21 encapsulation dot1Q 21 no ip redirects no ip proxy-arp pppoe enable group global ! .................................................. ! interface GigabitEthernet6/0/0.81 encapsulation dot1Q 81 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet6/0/0.82 encapsulation dot1Q 82 no ip redirects no ip proxy-arp pppoe enable group global interface GigabitEthernet6/0/0.160 encapsulation dot1Q 160 ip address 10.3.4.197 255.255.255.0 no ip redirects no ip proxy-arp pppoe enable group global ! interface Virtual-Template1 mtu 1492 ip unnumbered Loopback0 ip access-group 100 in no ip proxy-arp ip mtu 1492 ip flow ingress ip flow egress ip tcp adjust-mss 1300 ip policy route-map test peer default ip address pool pppoe ppp authentication ms-chap-v2 ms-chap chap pap ! router ospf 3 router-id 10.200.3.3 no log-adjacency-changes area 0 authentication message-digest redistribute connected subnets network 10.200.3.0 0.0.0.31 area 0 ! ip local pool pppoe 172.23.0.0 172.23.255.255 ip classless ip route 0.0.0.0 0.0.0.0 10.200.3.2 ip route 10.0.0.0 255.0.0.0 10.3.3.18 ! ip flow-export version 5 ip flow-export destination 10.3.3.11 9996 ! no ip http server ! ! ip access-list extended acl_user permit ip any any logging facility local5 logging source-interface GigabitEthernet2/0/0.150 logging 10.3.3.11 access-list 1 deny 10.3.3.2 access-list 1 deny 10.3.3.50 access-list 1 permit 10.3.3.0 0.0.0.255 access-list 1 deny any access-list 2 permit 10.3.3.34 access-list 2 deny any access-list 3 permit 195.5.124.0 0.0.1.255 access-list 3 permit 195.222.124.0 0.0.3.255 access-list 4 permit 172.23.0.5 access-list 4 permit 172.23.0.4 access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 22 access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 3306 access-list 100 permit ip any host 10.3.3.1 access-list 100 permit ip any host 10.3.3.2 access-list 100 permit ip any host 10.3.3.50 access-list 100 permit ip any host 10.3.3.43 access-list 100 permit ip any host 10.3.3.38 access-list 100 permit ip 195.5.124.0 0.0.1.255 any access-list 100 permit ip 195.222.124.0 0.0.3.255 any access-list 100 deny ip any 10.0.0.0 0.255.255.255 access-list 100 deny ip any 172.16.0.0 0.7.255.255 access-list 100 deny ip any 192.168.0.0 0.0.255.255 access-list 100 permit ip any any access-list 101 deny ip any host 172.16.0.10 access-list 101 permit ip 10.3.3.0 0.0.0.255 host 10.3.3.58 access-list 101 permit ip 10.200.3.0 0.0.0.31 10.200.3.0 0.0.0.31 access-list 101 deny ip any host 10.200.3.3 access-list 101 deny ip any host 10.3.3.58 access-list 101 permit ip any any access-list 116 deny ip any 195.5.124.0 0.0.1.255 access-list 116 deny ip any 10.0.0.0 0.0.0.255 access-list 116 deny ip any 172.16.0.0 0.7.255.255 access-list 116 permit ip 172.22.0.0 0.0.255.255 any access-list 116 permit ip 172.23.0.0 0.0.255.255 any access-list 116 deny ip any any ! route-map test permit 10 match ip address 116 set ip next-hop 10.3.50.28 ! snmp-server community public RO 2 ! radius-server attribute 8 include-in-access-req radius-server attribute 31 mac format unformatted radius-server attribute 31 send nas-port-detail mac-only radius-server host 10.3.3.11 auth-port 1812 acct-port 1813 radius-server key ********* radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! line con 0 transport output all line aux 0 transport input telnet transport output none line vty 0 4 transport input all transport output all ! ntp clock-period 17182646 ntp server 10.3.3.4 end
  16. Добрый день. Просветите, есть cisco ASR1004 RP1 2G памяти в нерабочем состоянии (все порты выключены) состояние память вот такое: RP0: online, statistics updated 3 seconds ago Load Average: healthy 1-Min: 0.09, status: healthy, under 5.00 5-Min: 0.07, status: healthy, under 5.00 15-Min: 0.02, status: healthy, under 5.00 Memory (kb): healthy Total: 1829432 Used: 1585728 (87%) Free: 243704 (13%) Committed: 1457972 (80%), status: healthy, under 90% Per-core Statistics CPU0: CPU Utilization (percentage of time spent) User: 0.69, System: 1.59, Nice: 0.00, Idle: 97.70 IRQ: 0.00, SIRQ: 0.00, IOwait: 0.00 при попытке принять полную таблицу BGP, кошка замирает, что даже невозможно посмотреть что на ней происходит, подозреваю что заканчивается память. Так вот вопрос, для BGP с несколькими полными таблицами надо ставить 4 гига памяти, или что-то нето с конфигом
  17. да но у вас все таки 4 гигабайта и больше двух занято RP0: online, statistics updated 7 seconds ago Load Average: healthy 1-Min: 0.35, status: healthy, under 5.00 5-Min: 0.30, status: healthy, under 5.00 15-Min: 0.21, status: healthy, under 5.00 Memory (kb): healthy Total: 3699644 Used: 2014768 (54%) Free: 1684876 (46%)
  18. а можно посмотреть show platform software status control-processor и кстати притаком количестве префиксов у меня есть сомнение что это полная таблица
  19. Добрый день Есть Cisco C10008 (PRE2-RP) терминирует pppoe, в пиках до 4 тысяч сессий, трафика до 500 егабит независимо от нагрузки и количества сессий, загрузка процессора прыгает до 60-80%, не могу понять почему. при нормальном стоянии процесс IP Input от 0 до 2% вывод show pxf cpu context почти всегда показывает около 2% Cisco C10008 (PRE2-RP) processor (revision ) with 950271K/94208K bytes of memory. Processor board ID TBC06121331 R7000 CPU at 500Mhz, Implementation 0x27, Rev 5.1, 256KB L2, 8192KB L3 Cache Backplane version 1.0, 8 slot Last reset from register reset PXF processor tmc0 is running. PXF processor tmc1 is running. PXF processor tmc2 is running. PXF processor tmc3 is running. 1 FastEthernet interface 2 Gigabit Ethernet interfaces 2045K bytes of non-volatile configuration memory. cat10k#show processes cpu sorted CPU utilization for five seconds: 56%/25%; one minute: 57%; five minutes: 56% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 134 101604376 372723009 272 23.34% 23.13% 22.97% 0 IP Input 51 40593400 5043685 8048 2.15% 1.10% 1.06% 0 Per-Second Jobs 216 49659596 253409252 195 1.19% 0.89% 0.83% 0 C10K Netflow Toa 214 25212336 5191002 4856 1.03% 0.98% 0.96% 0 c10k_periodic_st 142 3283424 1438125 2283 0.55% 0.76% 0.77% 0 PPP IP Route 215 5241080 506562 10346 0.47% 0.22% 0.20% 0 STATS DMA Daemon 299 3149292 177204130 17 0.39% 0.20% 0.16% 0 RADIUS 288 8642688 174180878 49 0.39% 0.34% 0.32% 0 PPP Events 143 5211048 11900759 437 0.31% 0.35% 0.25% 0 SSS Manager cat10k#show pxf cpu context FP context statistics count rate (since last time command was run) --------------------- ------------- ---------- feed_back 225006832892 98322 new_work_from_lc 217734102820 95064 new_work_from_rp 1846170348 1845 new_work_from_replay 0 0 null_context 30124304277747 6099128 ---------- 6294360 FP average context/sec 1min 5min 60min --------------------- ---------- ---------- ---------- feed_back 103368 100068 85338 cps new_work_from_lc 99661 96709 82011 cps new_work 1818 1853 1953 cps new_work_from_replay 0 0 0 cps null_context 6192894 6150031 6173045 cps --------------------- ---------- ---------- ---------- Total 6397742 6348662 6342347 cps FP context utilization 1min 5min 60min --------------------- ---------- ---------- ---------- Actual 3 % 3 % 2 % Theoretical 3 % 3 % 2 % Maximum 99 % 99 % 99 %
  20. спасибо сделал, посмотрю как будет работать. а вот ms-chap убирать нельзя, много роутеров его используют (побывал, было слишком много жалоб)
  21. сразу скажу от ospf никакого роутинга не получаю, он только чтоб бордер знал какие абоненты подключены ! aaa new-model ! ! aaa authentication password-prompt password: aaa authentication username-prompt login: aaa authentication login default local aaa authentication login dialers group radius aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update periodic 10 aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! ! ! ! aaa session-id common facility-alarm core-temperature major 58 facility-alarm core-temperature minor 50 facility-alarm intake-temperature major 54 facility-alarm intake-temperature minor 45 ! ! card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 ip subnet-zero no ip gratuitous-arps no ip rcmd domain-lookup ip name-server 10.3.3.1 ip name-server 10.3.3.2 ! ! ! ! vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas ! ! ! archive log config logging enable hidekeys ! redundancy mode sso ! ! class-map match-all test match access-group name acl_user class-map match-any ua-ix match access-group name acl_ua-ix_in class-map match-all all_user match access-group name acl_user ! ! policy-map k128 class class-default police 128000 16384 16384 conform-action transmit exceed-action drop violate-action drop policy-map m8 class class-default police 8392000 1048576 1048576 conform-action transmit exceed-action drop violate-action drop policy-map m5 class class-default police 5240000 655360 655360 conform-action transmit exceed-action drop violate-action drop policy-map m4 class class-default police 4192000 524288 524288 conform-action transmit exceed-action drop violate-action drop policy-map k256 class class-default police 264000 32768 32768 conform-action transmit exceed-action drop violate-action drop policy-map m1 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map k512 class class-default police 528000 65536 65536 conform-action transmit exceed-action drop violate-action drop policy-map m3 class class-default police 3144000 393216 393216 conform-action transmit exceed-action drop violate-action drop policy-map m2 class class-default police 2096000 262144 262144 conform-action transmit exceed-action drop violate-action drop policy-map k64 class class-default police 64000 8216 8216 conform-action transmit exceed-action drop violate-action drop policy-map m15 class class-default police 15360000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map k32 class class-default police 32000 4096 4096 conform-action transmit exceed-action drop violate-action drop policy-map k1024 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map m10 class class-default police 10488000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map m20 class class-default police 20976000 2621440 2621440 conform-action transmit exceed-action drop violate-action drop ! bba-group pppoe global virtual-template 1 sessions max limit 10000 sessions per-mac limit 1 sessions per-vlan limit 4096 sessions auto cleanup ! ! interface Loopback0 ip address 172.16.0.10 255.255.255.255 ! interface FastEthernet0/0/0 no ip address shutdown speed 100 full-duplex ! interface GigabitEthernet1/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet1/0/0.21 encapsulation dot1Q 21 no ip redirects no ip proxy-arp pppoe enable group global ! ...........................(около 200 vlan интерфейсов настроенных одинаково) ! ! interface GigabitEthernet1/0/0.732 encapsulation dot1Q 732 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet2/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet2/0/0.100 encapsulation dot1Q 100 ip address 10.4.1.1 255.255.255.0 no ip redirects no ip proxy-arp shutdown ! interface GigabitEthernet2/0/0.150 encapsulation dot1Q 150 ip address 10.3.3.58 255.255.255.192 ip access-group 101 in no ip redirects no ip proxy-arp ! interface GigabitEthernet2/0/0.156 encapsulation dot1Q 156 ip address 10.200.3.3 255.255.255.224 ip flow ingress ip flow egress ! interface Virtual-Template1 mtu 1492 ip unnumbered Loopback0 ip access-group 100 in no ip proxy-arp ip mtu 1492 ip tcp header-compression ip tcp adjust-mss 1300 no peer default ip address ppp authentication ms-chap-v2 ms-chap chap pap ! router ospf 3 router-id 10.200.3.3 no log-adjacency-changes area 0 authentication message-digest redistribute connected subnets network 10.200.3.0 0.0.0.31 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.200.3.2 ! ip flow-export version 5 ip flow-export destination 10.3.3.11 9996 ! no ip http server ! ! ip access-list extended acl_user permit ip any any logging facility local5 logging source-interface GigabitEthernet2/0/0.150 logging 10.3.3.11 access-list 1 deny 10.3.3.2 access-list 1 deny 10.3.3.50 access-list 1 permit 10.3.3.0 0.0.0.255 access-list 1 deny any access-list 2 permit 10.3.3.34 access-list 2 deny any access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 22 access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 3306 access-list 100 permit ip any host 10.3.3.1 access-list 100 permit ip any host 10.3.3.2 access-list 100 permit ip any host 10.3.3.50 access-list 100 permit ip any host 10.3.3.43 access-list 100 permit ip any host 10.3.3.38 access-list 100 permit ip 195.5.124.0 0.0.1.255 any access-list 100 permit ip 195.222.124.0 0.0.3.255 any access-list 100 deny ip any 10.0.0.0 0.255.255.255 access-list 100 deny ip any 172.16.0.0 0.7.255.255 access-list 100 deny ip any 192.168.0.0 0.0.255.255 access-list 100 permit ip any any access-list 101 deny ip any host 172.16.0.10 access-list 101 permit ip 10.3.3.0 0.0.0.255 host 10.3.3.58 access-list 101 permit ip 10.200.3.0 0.0.0.31 10.200.3.0 0.0.0.31 access-list 101 deny ip any host 10.200.3.3 access-list 101 deny ip any host 10.3.3.58 access-list 101 permit ip any any ! snmp-server community public RO 2 ! radius-server attribute 8 include-in-access-req radius-server attribute 31 mac format unformatted radius-server attribute 31 send nas-port-detail mac-only radius-server host x.x.x.x auth-port 1812 acct-port 1813 radius-server key xxxx radius-server vsa send accounting radius-server vsa send authentication !