Кусто Posted September 9, 2014 · Report post Добрый день коллеги, есть такая железка: VRP ® software, Version 5.50 (S9300 V100R002C00SPC200) Service pack Version:V100R002SPH013 Аномально большое количество unknown-multicast. Код: <Switch-Center>dis cpu-defend statistics all CPCAR on slot 1 ------------------------------------------------------------------------------- Packet Type Pass(Bytes) Drop(Bytes) Pass(Packets) Drop(Packets) arp-request 2641604 1531732 38852 22527 arp-reply 183636 0 2699 0 stp 0 0 0 0 smart-link 0 0 0 0 ldt 0 0 0 0 lacp 0 0 0 0 lldp 0 0 0 0 dldp 0 0 0 0 vrrp 0 0 0 0 isis 0 0 0 0 dhcp-client 0 0 0 0 dhcp-server 0 0 0 0 igmp 0 0 0 0 pim 0 0 0 0 rip 0 0 0 0 ospf 93864 0 750 0 bgp 0 0 0 0 bfd 0 0 0 0 ttl-expired 1763 0 17 0 icmp 382 0 4 0 eoam-3ah 0 0 0 0 eoam-1ag 0 0 0 0 ntp 0 0 0 0 8021x 0 0 0 0 http 0 0 0 0 ripng 0 0 0 0 ospfv3 0 0 0 0 bgp4plus 0 0 0 0 pimv6 0 0 0 0 hotlimit 0 0 0 0 vrrp6 0 0 0 0 dhcpv6-request 0 0 0 0 dhcpv6-reply 0 0 0 0 mld 739086 0 7177 0 icmpv6 0 0 0 0 hvrp 0 0 0 0 telnet 25155 0 393 0 ssh 0 0 0 0 ftp 0 0 0 0 snmp 5928 0 30 0 radius 0 0 0 0 hw-tacacs 0 0 0 0 tcp 282 0 4 0 fib-hit 494 0 6 0 arp-miss 130 0 2 0 unknown-packet 0 0 0 0 unknown-multicast 29886247 0 221226 0 hopbyhop 0 0 0 0 pppoe 0 0 0 0 bpdu-tunnel 0 0 0 0 ------------------------------------------------------------------------------- CPCAR on slot 2 ------------------------------------------------------------------------------- Packet Type Pass(Bytes) Drop(Bytes) Pass(Packets) Drop(Packets) arp-request 606572 0 9245 0 arp-reply 75744 0 1130 0 stp 0 0 0 0 smart-link 0 0 0 0 ldt 0 0 0 0 lacp 0 0 0 0 lldp 0 0 0 0 dldp 0 0 0 0 vrrp 0 0 0 0 mpls-oam 0 0 0 0 isis 0 0 0 0 dhcp-client 0 0 0 0 dhcp-server 0 0 0 0 igmp 0 0 0 0 pim 0 0 0 0 rip 0 0 0 0 ospf 0 0 0 0 bgp 0 0 0 0 bfd 0 0 0 0 mpls-rsvp 0 0 0 0 mpls-ldp 0 0 0 0 ttl-expired 0 0 0 0 icmp 0 0 0 0 eoam-3ah 0 0 0 0 eoam-1ag 0 0 0 0 mpls-ping 0 0 0 0 mpls-ttl-expired 0 0 0 0 ntp 0 0 0 0 8021x 0 0 0 0 http 0 0 0 0 ripng 0 0 0 0 ospfv3 0 0 0 0 bgp4plus 0 0 0 0 pimv6 0 0 0 0 hotlimit 0 0 0 0 vrrp6 0 0 0 0 dhcpv6-request 0 0 0 0 dhcpv6-reply 0 0 0 0 mld 908 0 10 0 icmpv6 0 0 0 0 hvrp 0 0 0 0 telnet 0 0 0 0 ssh 0 0 0 0 ftp 0 0 0 0 snmp 0 0 0 0 radius 0 0 0 0 hw-tacacs 0 0 0 0 tcp 0 0 0 0 mpls-fib-hit 0 0 0 0 fib-hit 0 0 0 0 arp-miss 0 0 0 0 unknown-packet 0 0 0 0 unknown-multicast 13496677169 0 9911926 0 hopbyhop 0 0 0 0 pppoe 0 0 0 0 bpdu-tunnel 0 0 0 0 ------------------------------------------------------------------------------- Вот так: cpu-defend policy 1 deny packet-type unknown-multicast # cpu-defend-policy 1 global не работает. Пробовал применять на слоты, снова не работает. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
s.lobanov Posted September 9, 2014 · Report post Drop unknown-multicast во всех кастомерских вланах пропишите Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Кусто Posted September 9, 2014 · Report post Drop unknown-multicast во всех кастомерских вланах пропишите Так на интерфейсах полный транк. Вланы не приземлены на нем. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
s.lobanov Posted September 9, 2014 · Report post но вланы-то созданы всё равно покажите disp cur | i vlan dis cur | i batch Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Кусто Posted September 9, 2014 · Report post но вланы-то созданы всё равно покажите disp cur | i vlan dis cur | i batch [switch-Center]disp cur | i vlan vlan batch 2 to 4094 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk pvid vlan 298 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 3 11 to 12 19 22 to 23 55 85 100 297 to 300 500 784 to 785 port trunk allow-pass vlan 900 2100 2139 2200 2300 2400 2500 2600 2700 2800 port trunk allow-pass vlan 2900 3000 3100 3200 3300 3400 3429 3500 3961 port trunk allow-pass vlan 2 to 25 27 to 4094 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk pvid vlan 298 port trunk allow-pass vlan 12 23 298 to 299 port trunk allow-pass vlan 23 350 2501 to 4094 port trunk allow-pass vlan 15 20 23 26 89 150 201 to 250 297 301 to 2499 port trunk allow-pass vlan 901 port hybrid tagged vlan 1023 port trunk allow-pass vlan 2 to 4094 port default vlan 785 port default vlan 342 port default vlan 299 port default vlan 299 port trunk allow-pass vlan 55 299 341 350 to 351 3799 3961 port default vlan 23 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 299 port default vlan 299 description AD 23 vlan port 2 port default vlan 23 port trunk allow-pass vlan 299 501 to 599 port default vlan 299 port default vlan 784 port default vlan 299 port default vlan 23 port default vlan 299 port trunk allow-pass vlan 2 23 299 to 300 2700 3961 to 3962 port default vlan 25 port default vlan 200 port default vlan 299 port trunk allow-pass vlan 2 to 25 27 to 4094 port default vlan 299 port trunk allow-pass vlan 2 to 25 27 to 4094 port default vlan 2 port default vlan 23 port default vlan 299 port trunk allow-pass vlan 2 to 25 27 to 4094 port default vlan 26 port trunk allow-pass vlan 2 to 25 27 to 4094 port default vlan 23 port default vlan 296 port default vlan 299 port default vlan 23 port default vlan 299 port default vlan 23 port default vlan 299 port trunk allow-pass vlan 400 2700 3961 port default vlan 299 port default vlan 299 port default vlan 341 port default vlan 23 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 2 to 25 27 to 4094 port default vlan 299 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 2 to 25 27 to 4094 port trunk allow-pass vlan 2 to 23 55 299 341 350 port trunk allow-pass vlan 55 335 342 3799 [switch-Center]dis cur | i batch vlan batch 2 to 4094 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
s.lobanov Posted September 9, 2014 · Report post делайте: Drop unknown-multicast во всех кастомерских вланах пропишите отсутствие терминации ещё вовсе не означает, что тот или иной мультикаст не пойдёт на CPU. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
dIMbI4 Posted September 10, 2014 · Report post -Оно мешает? -Вроде нет. -Ну и х..й с ним) Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...