Jump to content
Калькуляторы

Catalyst 3750 большая загрузка CPU

Вот такое наблюдаю в моменты наименьшей нагрузки.

Когда нагрузка максимальная - до 80-90 % и это при суммарном трафике примерно несколько гигабит. Всего.

 

Spanning Tree не использую.

 

#show proc cpu s

CPU utilization for five seconds: 22%/4%; one minute: 24%; five minutes: 22%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

132 61039810 28442057 2146 11.18% 11.76% 11.27% 0 Spanning Tree

125 2993982 21765827 137 0.63% 0.61% 0.58% 0 IP Input

199 1169 1102 1060 0.47% 0.36% 0.19% 3 Virtual Exec

27 81941 8082 10138 0.31% 0.02% 0.00% 0 Per-minute Jobs

110 661502 571732 1157 0.31% 0.11% 0.10% 0 HRPC qos request

17 1425075 3831900 371 0.15% 0.31% 0.35% 0 ARP Input

 

Как диагностировать проблему ?

 

Share this post


Link to post
Share on other sites
Spanning Tree не использую.
Ну так отключи его нах...

no spanning-tree vlan 1-4094

Share this post


Link to post
Share on other sites

В том то и дело, что отключено...

 

#show run | inc no spann

no spanning-tree optimize bpdu transmission

no spanning-tree vlan 1-4000

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

no logging on

!

no aaa new-model

clock timezone MSK 3

clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 3:00

switch 1 provision ws-c3750-24ts

switch 2 provision ws-c3750g-24ts-1u

switch 3 provision ws-c3750g-12s

ip subnet-zero

ip routing

!

ip domain-list ssss.ru

ip domain-name ssss.ru

ip name-server 123.123.123.123

ip cef load-sharing algorithm universal 6B2BC346

!

 

shutdown vlan 299

 

!

no file verify auto

!

mac access-list extended BLOCK

deny host 0080.482a.0285 any

permit any any

no errdisable detect cause gbic-invalid

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause gbic-invalid

errdisable recovery cause l2ptguard

errdisable recovery cause psecure-violation

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause unicast-flood

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery interval 60

port-channel load-balance dst-mac

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

no spanning-tree vlan 1-4000

!

!

!

vlan internal allocation policy ascending

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,14,43,139,200-205

switchport mode trunk

!

interface Port-channel2

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

!

interface Port-channel3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,47,48,138,200-205

switchport mode trunk

speed nonegotiate

!

interface FastEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

duplex full

speed 100

no mdix auto

!

interface FastEthernet1/0/2

switchport access vlan 139

switchport mode access

speed 100

!

interface FastEthernet1/0/3

switchport access vlan 202

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 11,14,43,200-205

switchport mode access

!

interface FastEthernet1/0/4

switchport access vlan 202

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,200-2005

switchport mode trunk

!

interface FastEthernet1/0/5

switchport access vlan 202

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,200-205

switchport mode trunk

!

interface FastEthernet1/0/6

switchport access vlan 200

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,200-205

switchport mode access

switchport port-security maximum 100

!

interface FastEthernet1/0/7

switchport access vlan 203

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 9,14,200-205

switchport mode trunk

!

interface FastEthernet1/0/8

switchport access vlan 128

switchport trunk encapsulation dot1q

switchport mode access

!

interface FastEthernet1/0/9

switchport access vlan 200

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,200-205

switchport mode access

speed 100

!

interface FastEthernet1/0/10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,200-205

switchport port-security violation protect

duplex full

speed 100

!

interface FastEthernet1/0/11

switchport trunk encapsulation dot1q

switchport mode trunk

no mdix auto

!

interface FastEthernet1/0/12

switchport trunk encapsulation dot1q

switchport mode access

!

interface FastEthernet1/0/13

switchport access vlan 200

switchport trunk encapsulation dot1q

switchport mode access

no mdix auto

!

interface FastEthernet1/0/14

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,200-205

switchport mode trunk

!

interface FastEthernet1/0/15

switchport trunk encapsulation dot1q

switchport mode trunk

no mdix auto

!

interface FastEthernet1/0/16

description newbridge

switchport mode access

no mdix auto

!

interface FastEthernet1/0/17

switchport access vlan 138

switchport trunk encapsulation dot1q

switchport mode access

duplex full

speed 100

!

interface FastEthernet1/0/18

switchport access vlan 105

switchport trunk encapsulation dot1q

switchport mode trunk

no mdix auto

!

interface FastEthernet1/0/19

switchport access vlan 43

switchport trunk encapsulation dot1q

switchport mode access

!

interface FastEthernet1/0/20

description asterisk

switchport mode access

!

interface FastEthernet1/0/21

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet1/0/22

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet1/0/23

switchport access vlan 43

switchport trunk encapsulation dot1q

switchport mode access

no mdix auto

!

interface FastEthernet1/0/24

switchport access vlan 17

switchport mode access

switchport voice vlan 43

spanning-tree portfast

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,14,43,139,200-205

switchport mode trunk

channel-group 1 mode passive

!

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,14,43,139,200-205

switchport mode trunk

channel-group 1 mode passive

!

interface GigabitEthernet2/0/1

switchport mode access

duplex full

speed 1000

!

interface GigabitEthernet2/0/2

switchport trunk encapsulation dot1q

switchport mode access

!

interface GigabitEthernet2/0/3

switchport access vlan 14

switchport trunk encapsulation dot1q

switchport mode access

!

interface GigabitEthernet2/0/4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-207

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet2/0/5

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-205

switchport mode access

!

interface GigabitEthernet2/0/6

switchport mode access

duplex full

speed 1000

!

interface GigabitEthernet2/0/7

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,14,200-205

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet2/0/8

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-207

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet2/0/9

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-207

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet2/0/10

switchport mode access

!

interface GigabitEthernet2/0/11

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,11,14,15,19,43,103,115,126,135,200-207

switchport mode trunk

!

interface GigabitEthernet2/0/12

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-207

switchport mode trunk

!

interface GigabitEthernet2/0/13

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-205

switchport mode trunk

!

interface GigabitEthernet2/0/14

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-207

switchport mode trunk

!

interface GigabitEthernet2/0/15

switchport mode access

!

interface GigabitEthernet2/0/16

switchport access vlan 14

switchport mode access

!

interface GigabitEthernet2/0/17

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,43,132,200-205

switchport mode trunk

duplex full

speed 1000

!

interface GigabitEthernet2/0/18

 

!

interface GigabitEthernet2/0/19

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/0/20

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/0/21

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,14,17,43,124,200-205

switchport mode trunk

!

interface GigabitEthernet2/0/22

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/0/23

no switchport

ip address 195.2.238.114 255.255.255.252

!

interface GigabitEthernet2/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet2/0/25

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,47,48,138,200-205

switchport mode trunk

speed nonegotiate

channel-group 3 mode passive

!

interface GigabitEthernet2/0/26

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,47,48,138,200-205

switchport mode trunk

speed nonegotiate

channel-group 3 mode passive

!

interface GigabitEthernet2/0/27

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

!

interface GigabitEthernet2/0/28

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,47,48,138,200-205

switchport mode trunk

!

interface GigabitEthernet3/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

channel-group 2 mode desirable

!

interface GigabitEthernet3/0/2

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

channel-group 2 mode desirable

!

interface GigabitEthernet3/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

channel-group 2 mode desirable

!

interface GigabitEthernet3/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet3/0/5

!

interface GigabitEthernet3/0/6

!

interface GigabitEthernet3/0/7

!

interface GigabitEthernet3/0/8

!

interface GigabitEthernet3/0/9

!

interface GigabitEthernet3/0/10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,200-205

switchport mode trunk

!

interface GigabitEthernet3/0/11

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,200-205

switchport mode trunk

!

interface GigabitEthernet3/0/12

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 14,200-205

switchport mode trunk

!

interface Vlan1

...

...

...

interface Vlan299

ip address 192.168.1.2 255.255.255.0

shutdown

!

router rip

version 2

timers basic 30 60 60 120

redistribute connected

redistribute static

passive-interface default

network 123.123.123.123

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 123.123.123.3123

ip route 10.0.0.0 255.0.0.0 Null0 100

ip route 10.111.111.0 255.255.255.0 195.2.238.10

...

...

...

no ip http server

!

!

!

!

access-list 10 permit 10.0.10.6

access-list 10 permit 10.0.0.2

access-list 10 permit 10.130.0.26

...

...

...

access-list 199 remark anti-0080.482a.0285

arp 10.130.0.2 0080.4819.9fcd ARPA

arp 10.0.130.6 0001.a801.b25f ARPA

arp 10.1.3.153 0000.0000.0000 ARPA

arp 10.130.0.54 0000.0000.0000 ARPA

!

control-plane

!

!

line con 0

access-class 10 in

login local

line vty 0 4

session-timeout 60

access-class 10 in

login local

line vty 5 14

access-class 10 in

login local

line vty 15

password nhfqntr

login

!

!

monitor session 1 source interface Fa1/0/12

monitor session 1 source interface Gi2/0/2 , Gi2/0/23

monitor session 1 destination interface Gi2/0/18

monitor session 2 source interface Gi2/0/23

monitor session 2 destination interface Gi2/0/13

ntp clock-period 36029175

ntp server 123.123.123.123

end

Edited by Ivan Rostovikov

Share this post


Link to post
Share on other sites

sh ver

sh sdm prefer

 

многа раз потыкать:

sh controllers cpu-interface | inc stp

посмотреть, быстро ли счётчики увеличиваются.

Share this post


Link to post
Share on other sites

Недавно было точно такое, и точно на 3750-м, ищите в сети проблемы, скорее всего в каком-то сегменте срет тупой свич.

Share this post


Link to post
Share on other sites

шо приплыли? теперь и циски из за срущих тупых свичей сума сходят?

Share this post


Link to post
Share on other sites

Сходят от большого количества броадкастов, которые плодят срущие свичи.

Share this post


Link to post
Share on other sites

Так ограничить броадкасты/мультикасты, чтобы не сходили.

storm-control broadcast level 1.0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this