загрузка процессора Cisco 4507, Anton_kst, 14-Июн-19, 20:35 [смотреть все]Доброго времени суток, cisco 4507, ужасно тормозит сеть, при пинге коммутатора отклик 600-800 мс, и совсем нет временами, процессор загружен на 99%,подскажите куда копать?sh proc cp CPU utilization for five seconds: 98%/1%; one minute: 98%; five minutes: 99% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 0 11 0 0.00% 0.00% 0.00% 0 Chunk Manager 26 1660492 163151 10177 0.00% 0.04% 0.00% 0 Per-minute Jobs 27 218414160 446566264 489 7.02% 7.04% 6.88% 0 Cat4k Mgmt HiPri 28 23223016522019252344 1150 45.84% 42.64% 42.74% 0 Cat4k Mgmt LoPri 29 40896 2660877 15 0.00% 0.00% 0.00% 0 Galios Reschedul 30 12 10 1200 0.00% 0.00% 0.00% 0 IOS ACL Helper 44 1860 93891 19 0.00% 0.00% 0.00% 0 DHCP Snooping 45 1864 120993 15 0.00% 0.00% 0.00% 0 Port-Security 46 18335205521403715212 1306 44.64% 43.53% 44.05% 0 IP Input 47 14505948 17716320 818 0.47% 0.24% 0.24% 0 CDP Protocol 48 32 126 253 0.07% 0.04% 0.01% 1 Virtual Exec router#sh plat hea %CPU %CPU RunTimeMax Priority Average %CPU Total Target Actual Target Actual Fg Bg 5Sec Min Hour CPU TagMan-RecreateMtegR 1.00 0.00 10 5 100 500 0 0 0 0:00 K2CpuMan Review 30.00 41.99 30 62 100 500 36 34 34 32076:07 K2AccelPacketMan: Tx 10.00 4.96 20 0 100 500 4 4 4 7057:38 K2AccelPacketMan: Au 0.10 0.00 0 0 100 500 0 0 0 0:00 router#sh run Building configuration... Current configuration : 25643 bytes ! version 12.2 no service pad service timestamps debug datetime msec localtime service timestamps log datetime service password-encryption service compress-config ! hostname router ! logging buffered 100000 debugging enable secret 5 $1$DVgI$7.4bQFg0yIS/MEkN1ZzXs1 enable password 7 03035130031E ! ip subnet-zero ! ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1-25 priority 24576 port-channel load-balance src-dst-mac power redundancy-mode redundant ! redundancy mode rpr ! mac access-list extended mac_SE_Video permit any host 0007.5f50.1781 deny any any ! ! ! ! interface Port-channel9 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface GigabitEthernet2/1 ! interface GigabitEthernet2/2 ! interface FastEthernet3/1 switchport access vlan 6 ! interface FastEthernet3/2 switchport access vlan 9 ! interface FastEthernet3/3 switchport access vlan 9 ! interface FastEthernet3/4 switchport access vlan 10 switchport mode access ! interface FastEthernet3/5 switchport access vlan 9 ! interface FastEthernet3/6 switchport access vlan 9 ! interface FastEthernet3/7 switchport access vlan 9 ! interface FastEthernet3/8 switchport access vlan 27 ! interface FastEthernet3/9 switchport access vlan 30 switchport mode access ! interface FastEthernet3/10 switchport access vlan 30 switchport mode access ! interface FastEthernet3/11 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet3/12 switchport access vlan 10 ! interface FastEthernet3/13 switchport access vlan 10 ! interface FastEthernet3/14 switchport access vlan 10 ! interface FastEthernet3/15 switchport access vlan 10 ! interface FastEthernet3/16 switchport access vlan 10 ! interface FastEthernet3/17 switchport access vlan 10 ! interface FastEthernet3/18 switchport access vlan 10 ! interface FastEthernet3/19 switchport access vlan 10 ! interface FastEthernet3/20 switchport access vlan 10 ! interface FastEthernet3/21 switchport access vlan 10 ! interface FastEthernet3/22 switchport access vlan 6 ! interface FastEthernet3/23 switchport access vlan 10 ! interface FastEthernet3/24 switchport access vlan 10 ! interface FastEthernet3/25 switchport access vlan 6 ! interface FastEthernet3/26 switchport access vlan 10 ! interface FastEthernet3/27 switchport access vlan 10 ! interface FastEthernet3/28 switchport access vlan 10 ! interface FastEthernet3/29 switchport access vlan 10 ! interface FastEthernet3/30 switchport access vlan 10 ! interface FastEthernet3/31 switchport access vlan 10 ! interface FastEthernet3/32 switchport access vlan 10 ! interface FastEthernet3/33 switchport access vlan 10 ! interface FastEthernet3/34 switchport access vlan 6 ! interface FastEthernet3/35 switchport access vlan 10 ! interface FastEthernet3/36 switchport access vlan 10 ! interface FastEthernet3/37 switchport access vlan 6 ! interface FastEthernet3/38 switchport access vlan 10 ! interface FastEthernet3/39 switchport access vlan 10 ! interface FastEthernet3/40 switchport access vlan 10 ! interface FastEthernet3/41 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet3/42 switchport access vlan 10 ! interface FastEthernet3/43 switchport access vlan 10 ! interface FastEthernet3/44 switchport access vlan 10 ! interface FastEthernet3/45 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet3/46 switchport access vlan 10 ! interface FastEthernet3/47 switchport access vlan 10 ! interface FastEthernet3/48 switchport access vlan 10 ! interface FastEthernet4/1 switchport access vlan 12 ! interface FastEthernet4/2 switchport access vlan 12 ! interface FastEthernet4/3 switchport access vlan 12 ! interface FastEthernet4/4 switchport access vlan 12 ! interface FastEthernet4/5 switchport access vlan 18 switchport mode access ! interface FastEthernet4/6 switchport access vlan 30 switchport mode access ! interface FastEthernet4/7 switchport access vlan 6 switchport mode access ! interface FastEthernet4/8 switchport access vlan 10 switchport mode access ! interface FastEthernet4/9 switchport access vlan 10 switchport mode access ! interface FastEthernet4/10 switchport access vlan 10 switchport mode access ! interface FastEthernet4/11 switchport access vlan 30 ! interface FastEthernet4/12 switchport access vlan 17 ! interface FastEthernet4/13 description Pelco-Net switchport access vlan 66 switchport mode access ! interface FastEthernet4/14 switchport access vlan 10 ! interface FastEthernet4/15 switchport access vlan 10 ! interface FastEthernet4/16 switchport access vlan 10 ! interface FastEthernet4/17 switchport access vlan 10 ! interface FastEthernet4/18 switchport access vlan 10 ! interface FastEthernet4/19 description Sky-Edge switchport access vlan 6 ip access-group 101 out ! interface FastEthernet4/20 switchport access vlan 10 ! interface FastEthernet4/21 switchport access vlan 10 ! interface FastEthernet4/22 switchport access vlan 10 ! interface FastEthernet4/23 switchport access vlan 10 ! interface FastEthernet4/24 switchport access vlan 10 ! interface FastEthernet4/25 switchport access vlan 10 ! interface FastEthernet4/26 switchport access vlan 10 ! interface FastEthernet4/27 switchport access vlan 10 ! interface FastEthernet4/28 switchport access vlan 10 ! interface FastEthernet4/29 switchport access vlan 10 ! interface FastEthernet4/30 switchport access vlan 10 ! interface FastEthernet4/31 switchport access vlan 10 ! interface FastEthernet4/32 switchport access vlan 10 ! interface FastEthernet4/33 switchport access vlan 10 ! interface FastEthernet4/34 switchport access vlan 10 ! interface FastEthernet4/35 switchport access vlan 10 ! interface FastEthernet4/36 switchport access vlan 10 ! interface FastEthernet4/37 switchport access vlan 10 ! interface FastEthernet4/38 switchport access vlan 10 ! interface FastEthernet4/39 switchport access vlan 10 ! interface FastEthernet4/40 switchport access vlan 9 ! interface FastEthernet4/41 switchport access vlan 30 ! interface FastEthernet4/42 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet4/43 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet4/44 switchport access vlan 8 ! interface FastEthernet4/45 description Video220 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet4/46 switchport access vlan 30 ! interface FastEthernet4/47 description cisco.intelekt.2014 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet4/48 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet5/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode active ! interface GigabitEthernet5/2 ! interface GigabitEthernet5/3 ! interface GigabitEthernet5/4 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet5/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet5/6 ! interface GigabitEthernet6/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode active ! interface GigabitEthernet6/2 spanning-tree vlan 1 cost 23 spanning-tree vlan 2-25 cost 4 ! interface GigabitEthernet6/3 spanning-tree vlan 1 cost 23 spanning-tree vlan 2-25 cost 4 ! interface GigabitEthernet6/4 ! interface GigabitEthernet6/5 switchport access vlan 6 ip access-group 1 in ip access-group 1 out ! interface GigabitEthernet6/6 ! interface Vlan1 ip address 192.168.62.201 255.255.255.0 no ip route-cache ! interface Vlan2 no ip address ! interface Vlan3 ip address 192.168.52.201 255.255.255.0 ! interface Vlan4 no ip address ! interface Vlan5 ip address 192.168.49.201 255.255.255.0 ! interface Vlan6 ip address 192.168.51.201 255.255.255.0 ! interface Vlan8 no ip address ! interface Vlan10 ip address 192.168.56.201 255.255.255.0 ! interface Vlan11 ip address 192.168.57.62 255.255.255.192 ! interface Vlan12 ip address 192.168.57.196 255.255.255.192 ! interface Vlan13 ip address 192.168.57.126 255.255.255.192 ! interface Vlan14 ip address 192.168.58.201 255.255.255.0 ! interface Vlan15 ip address 192.168.50.201 255.255.255.0 ! interface Vlan16 ip address 192.168.59.201 255.255.255.0 ! interface Vlan17 no ip address ! interface Vlan18 ip address 192.168.64.201 255.255.255.0 ! interface Vlan34 ip address 192.168.70.201 255.255.255.0 ! interface Vlan35 ip address 192.168.66.201 255.255.255.0 ! interface Vlan36 no ip address ! interface Vlan37 no ip address ! interface Vlan66 ip address 192.168.65.201 255.255.255.0 ! interface Vlan308 ip address 10.11.16.1 255.255.255.0 ! ip route 10.0.0.0 255.0.0.0 192.168.62.207 ip route 10.0.0.0 255.255.255.248 192.168.60.200 ip route 10.1.193.0 255.255.255.0 192.168.62.207 ip route 10.2.1.0 255.255.255.0 192.168.62.207 ip route 10.13.12.2 255.255.255.255 192.168.62.207 ip route 10.24.0.0 255.255.0.0 172.16.0.201 ip route 10.58.57.177 255.255.255.255 192.168.62.207 ip route 10.61.16.143 255.255.255.255 192.168.62.207 ip route 10.61.32.0 255.255.255.0 192.168.62.207 ip route 10.61.40.101 255.255.255.255 192.168.62.207 ip route 10.61.43.0 255.255.255.0 192.168.62.207 ip route 10.61.43.190 255.255.255.255 192.168.62.207 ip route 10.61.209.0 255.255.255.0 192.168.62.207 ip route 10.61.253.2 255.255.255.255 192.168.65.207 ip route 10.61.253.2 255.255.255.255 192.168.62.207 ip route 172.16.0.0 255.255.0.0 192.168.60.201 ip route 172.16.116.135 255.255.255.255 192.168.62.207 ip route 172.17.164.0 255.255.255.0 192.168.62.207 ip route 172.17.227.0 255.255.255.0 192.168.62.207 ip route 172.18.0.0 255.255.0.0 192.168.62.207 ip route 172.20.60.0 255.255.255.0 192.168.62.207 ip route 172.20.73.0 255.255.255.0 192.168.62.207 ip route 172.20.79.0 255.255.255.0 192.168.62.207 ip route 172.25.3.0 255.255.255.0 192.168.50.50 ip route 172.26.2.0 255.255.255.0 192.168.62.207 ip route 172.31.0.0 255.255.0.0 192.168.62.207 ip route 192.168.7.230 255.255.255.255 192.168.62.207 ip route 192.168.7.231 255.255.255.255 192.168.62.207 ip route 192.168.7.232 255.255.255.255 192.168.62.207 ip route 192.168.10.0 255.255.255.0 192.168.62.207 ip route 192.168.10.100 255.255.255.255 192.168.62.207 ip route 192.168.21.243 255.255.255.255 192.168.62.207 ip route 192.168.39.0 255.255.255.0 192.168.62.207 ip route 192.168.39.118 255.255.255.255 192.168.62.207 ip route 192.168.39.141 255.255.255.255 192.168.62.207 ip route 192.168.39.144 255.255.255.255 192.168.62.207 ip route 192.168.55.0 255.255.255.0 192.168.62.207 ip route 192.168.60.0 255.255.255.0 192.168.62.207 ip route 192.168.61.0 255.255.255.0 192.168.62.207 ip route 192.168.63.0 255.255.255.0 192.168.62.207 no ip http server ! ! ! access-list 1 permit 192.168.50.122 access-list 1 permit 192.168.51.123 access-list 1 permit 192.168.50.123 access-list 1 permit 192.168.64.9 access-list 1 permit 192.168.51.122 access-list 1 permit 192.168.50.120 access-list 1 permit 192.168.63.117 access-list 1 permit 192.168.51.121 access-list 1 permit 192.168.50.121 access-list 1 permit 192.168.51.120 access-list 1 permit 192.168.50.126 access-list 1 permit 192.168.51.127 access-list 1 permit 192.168.50.127 access-list 1 permit 192.168.51.126 access-list 1 permit 192.168.50.124 access-list 1 permit 192.168.51.125 access-list 1 permit 192.168.50.125 access-list 1 permit 192.168.51.124 access-list 1 permit 192.168.50.114 access-list 1 permit 192.168.51.115 access-list 1 permit 192.168.50.115 access-list 1 permit 192.168.51.114 access-list 1 permit 192.168.50.112 access-list 1 permit 192.168.56.122 access-list 1 permit 192.168.51.113 access-list 1 permit 192.168.50.113 access-list 1 permit 192.168.51.112 access-list 1 permit 192.168.50.118 access-list 1 permit 192.168.51.119 access-list 1 permit 192.168.50.119 access-list 1 permit 192.168.51.118 access-list 1 permit 192.168.50.116 access-list 1 permit 192.168.51.117 access-list 1 permit 192.168.50.117 access-list 1 permit 192.168.51.116 access-list 1 permit 192.168.50.106 access-list 1 permit 192.168.51.107 access-list 1 permit 192.168.50.107 access-list 1 permit 192.168.51.106 access-list 1 permit 192.168.50.104 access-list 1 permit 192.168.51.105 access-list 1 permit 192.168.50.105 access-list 1 permit 192.168.51.104 access-list 1 permit 192.168.50.110 access-list 1 permit 192.168.51.111 access-list 1 permit 192.168.50.111 access-list 1 permit 192.168.51.110 access-list 1 permit 192.168.50.108 access-list 1 permit 192.168.51.109 access-list 1 permit 192.168.50.109 access-list 1 permit 192.168.51.108 access-list 1 permit 192.168.50.102 access-list 1 permit 192.168.51.103 access-list 1 permit 192.168.50.103 access-list 1 permit 192.168.51.102 access-list 1 permit 192.168.56.110 access-list 1 permit 192.168.51.101 access-list 1 permit 192.168.50.101 access-list 1 permit 192.168.65.105 access-list 1 permit 192.168.64.104 access-list 1 permit 192.168.65.104 access-list 1 permit 192.168.64.105 access-list 1 permit 192.168.65.107 access-list 2 deny 192.168.60.0 access-list 101 permit ip host 192.168.50.250 any access-list 101 permit ip host 192.168.50.3 any snmp-server community public RO snmp-server community commun RO 1 snmp-server enable traps tty ! ! line con 0 password 7 0459470C1635774B1859 login stopbits 1 line vty 0 exec-timeout 60 0 password 7 0459470C1635774B18 login line vty 1 4 exec-timeout 60 0 password 7 13075B1812183F2F3A login ! end
|
- загрузка процессора Cisco 4507, Pofigist, 10:41 , 15-Июн-19 (1)
- загрузка процессора Cisco 4507, пох., 10:18 , 25-Июн-19 (2)
> Доброго времени суток, cisco 4507, ужасно тормозит сеть, при пинге коммутатора отклик > 600-800 мс, и совсем нет временами, процессор загружен на 99%,подскажите куда > копать?выложите куда-нибудь результат sh tech вам правильно подсказали, что, возможно, вы забыли выключить какой-то debug еще вариант, поскольку свитч достаточно старый, попробуйте явно ip cef - вдруг у вас он выключен. > interface Vlan1 > ip address 192.168.62.201 255.255.255.0 > no ip route-cache и вот это - зачем? Но в любом случае, 40% по ip input не должно быть вызвано ни одной из этих проблем (кроме отключенного cef или совсем уж маловменяемого debug, но это маловероятно) так что, возможно, вас банально кто-то флудит - проверяйте счетчики на интерфейсах.
- загрузка процессора Cisco 4507, fantom, 10:33 , 25-Июн-19 (3)
>[оверквотинг удален] > line vty 0 > exec-timeout 60 0 > password 7 0459470C1635774B18 > login > line vty 1 4 > exec-timeout 60 0 > password 7 13075B1812183F2F3A > login > ! > end Вторая ссылка в поиске... "Hi all, issue has been resolved... it is becase of MAC address learning, disabled proxy-arp (no proxy-arp) in all VLAN interfaces. Suddenly cpu utilization went down from 70% to 16% Thanks to all, who are supported me... regards, AC" https://community.cisco.com/t5/switching/high-cpu-utilizatio...
- загрузка процессора Cisco 4507, Anton_kst, 19:29 , 03-Июл-19 (4)
Спасибо всем, немного отлучился в отпуск по семейным. Вобщем сделал monitor session 1 source cpu rx monitor session 1 destination interface Fa4/5 и посмотрел wireshark что твориться, очень много постоянных запросов на непонятные адреса, так как сеть большая, много подключено отделов расбросанных по городу, к которым у меня доступа нет, и у них все завирусовано как я понял и с их компов все эти запросы. Я создал access-list3 на их порты и добавляю адреса которые смотрю wireshark. Реально sh proce cpu упало до 25-35 %, но постоянно приходиться смотреть и периодически добавлять новые адреса, тупо сети заблокировать не могу, так как многие компы должны ходить везде. что можно еще сделать? interface Port-channel9 switchport switchport trunk encapsulation dot1q switchport mode trunk ip access-group 3 in ip access-group 3 out ! interface GigabitEthernet5/4 switchport trunk encapsulation dot1q switchport mode trunk ip access-group 3 in ip access-group 3 out ! interface GigabitEthernet5/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet5/6 ! interface GigabitEthernet6/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode active ! interface GigabitEthernet6/2 ip access-group 3 in ip access-group 3 out spanning-tree vlan 1 cost 23 spanning-tree vlan 2-25 cost 4 ! interface GigabitEthernet6/3 ip access-group 3 in ip access-group 3 out spanning-tree vlan 1 cost 23 spanning-tree vlan 2-25 cost 4 access-list 3 deny 192.168.65.43 access-list 3 deny 192.168.60.87 access-list 3 deny 192.168.58.86 access-list 3 deny 192.168.65.44 access-list 3 deny 10.24.20.14 access-list 3 deny 192.168.60.92 access-list 3 deny 10.24.12.16 access-list 3 deny 192.168.60.91 access-list 3 deny 192.168.60.68 access-list 3 deny 10.24.12.14 access-list 3 deny 192.168.61.68 access-list 3 deny 10.24.16.19 access-list 3 deny 10.24.176.179 access-list 3 deny 192.168.59.66 access-list 3 deny 10.24.8.8 access-list 3 deny 10.24.32.32 access-list 3 deny 10.24.200.200 access-list 3 deny 192.168.59.64 access-list 3 deny 192.168.60.64 access-list 3 deny 10.24.4.2 access-list 3 deny 10.25.4.3 access-list 3 deny 10.24.4.3 access-list 3 deny 192.164.57.75 access-list 3 deny 192.168.58.68 access-list 3 deny 10.24.8.2 access-list 3 deny 10.24.12.6 access-list 3 deny 192.168.57.75 access-list 3 deny 10.24.16.24 access-list 3 deny 10.24.16.31 access-list 3 deny 10.25.12.2 access-list 3 deny 192.168.60.75 access-list 3 deny 10.24.120.117 access-list 3 deny 192.164.59.64 access-list 3 deny 192.168.60.119 access-list 3 deny 10.24.32.17 access-list 3 deny 10.24.12.58 access-list 3 deny 10.24.8.63 access-list 3 deny 172.18.159.7 access-list 3 deny 172.18.159.9 access-list 3 deny 10.24.28.38 access-list 3 deny 172.18.159.8 access-list 3 deny 10.24.8.51 access-list 3 deny 172.18.159.11 access-list 3 deny 172.18.159.10 access-list 3 deny 10.24.176.137 access-list 3 deny 10.24.8.49 access-list 3 deny 10.24.32.25 access-list 3 deny 172.18.159.13 access-list 3 deny 10.24.176.142 access-list 3 deny 172.18.159.12 access-list 3 deny 192.168.58.127 access-list 3 deny 192.168.59.125 access-list 3 deny 192.168.57.97 access-list 3 deny 192.168.58.98 access-list 3 deny 192.168.60.102 access-list 3 deny 10.24.176.145 access-list 3 deny 10.24.32.4 access-list 3 deny 192.168.61.111 access-list 3 deny 10.24.4.45 access-list 3 deny 10.24.60.18 access-list 3 deny 10.24.72.102 access-list 3 deny 192.168.57.108 access-list 3 deny 192.168.57.111 access-list 3 permit any
|