Jump to content
Калькуляторы

7301 банальный acl сильно нагружает cpu 7301 банальный acl сильно нагружает cpu

cisco 7301 в роли pppoe терминатора. при отключеном acl загрузка cpu до 50% при 260/200 in/out mbit на интерфейсе, 34/33 in/out kpps.

При включении dynamic acl вида

Extended IP access list 105
   10 Dynamic test1 permit ip any any
      permit ip host 192.168.110.25 any
      permit ip host 192.168.108.222 any (4305 matches)
      permit ip host 192.168.113.211 any

на virtual-template1 загрузка сразу прыгает в потолок. Наданный момент 5|5kpps, 25/30mbit и загрузка 50-60%.

ios - c7301-is-mz.124-12c.bin

конфиг

aaa new-model
!
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
aaa session-id common
clock timezone MSK 3
ip cef
bba-group pppoe PPPoE
virtual-template 1
sessions per-mac limit 1
sessions per-vlan limit 1000
sessions auto cleanup
!
!
interface Loopback0
description PPPoE users
ip address 192.168.101.1 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group PPPoE
no cdp enable
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip access-group 105 in
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip virtual-reassembly
ip tcp adjust-mss 1412
no peer default ip address
ppp authentication ms-chap-v2 chap

Share this post


Link to post
Share on other sites

interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip access-group 105 in
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip virtual-reassembly
ip tcp adjust-mss 1412
no peer default ip address
ppp authentication ms-chap-v2 chap

зачем тут "ip virtual-reassembly"

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.