Now the Council is doing a class networks, which are based on the transformation of the original network 6506 internal and external networks (the Internet, the Bureau of internal and external networks) separated the two 3750 6506 The following is a stacking.
Now the question is : 1-2 hours at the time of the 3750 population -- will frantically blinking continuously. 65 observed in the frequency of the external address some of the ICMP packet is thrown to 6,506, the largest in the 110,000 packets and the remaining 6 million in the 20,000 range.
Monitoring using sniffer know, 99.999. . % Were ICMP packets, and the continued rise
65 shock yesterday night to the White indiscriminate dropping everywhere, but lines will be connected to the notebook, the notebook card will be obliterated.
Vibration and shock and is suspected to involve all Fengdiao port, the situation still exists.
As we take on the bottom two layers 3750 exchange, and the internal network and external networks of the same network, all routing is not possible, even go the whole route, as well as the symptoms, not the root cause.
Diplomatic initiatives approaching, please help enlighten more heroes! Help then months go up in smoke.
I am afraid nothing either way, and acl+vlan. Can ospf? Regional division stub possible. Will be broadcast to the smallest area, it would be best to identify the source of radio ICMP包 has been tracking the source of investigation, we have taken the internal VLAN. Dynamic running so unrealistic. Bereft of. . .
Sources have been thoroughly investigated, it does not talk directly to the source of letters! Which made the closure which ip ip Deny icmp Depends on the structure of any network loop ICMP is not the way to solve the problem against nature
Stp good planning can be used to solve the loop! Set priorities, artificial root elected, would have been better ICMP is not in the ministries of the Council ban, but not a source of the IP can only catch is exported from the router. Just said I have done, or not ah
If the ICMP traffic is broadcast traffic, use "storm-control" in 3750 to control the broadcast traffic. If the ICMP traffic is Unicast, use policy-map in 3750 to control the rate of ICMP traffic.
Go top I look at the
You do worry, no way It is the first section is specific ip filter (if you are running BGP), and if it is running or other routing protocol, then removes the old method acl specific ip 吧~ so good to run at least 90% more than the cpu. ICMP port from the recent use of ICMP rate-limit speed control in a comparatively low rates Teru done in accordance with the method, the results were not significantly ah. . . : ( I put my line in 6506 : guidance on the allocation of some adhesive.
Version 12.1
Killing uptime service timestamps
Service timestamps log uptime
No service password-encryption
!
Hostname 6506
!
Boot system flash sup-bootflash:c6sup22-js-mz.121-22.E.bin
Enable password ******
!
Complete diagnostic level
Ip subnet-zero
!
!
!
Ip multicast-routing
Ip cef accounting non-recursive
Ip cef load-sharing original algorithm
Mls ratifiable ip input-acl
Mls flow ip destination
Mls flow ipx destination
Mls qos
!
Spanning-tree mode pvst
Spanning-tree vlan 2 priority 8192
Hw-module slot three full memory test
!
Redundancy
Mode rpr-plus
Main-cpu
Auto-sync running-config
Auto-sync standard
!
!
!
Interface Loopback0
No ip address
Shutdown
!
Interface GigabitEthernet1/1
No ip address
Shutdown
!
Interface GigabitEthernet1/2
No ip address
Shutdown
!
Interface GigabitEthernet2/1
No ip address
Shutdown
!
Interface GigabitEthernet2/2
No ip address
Shutdown
!
Interface FastEthernet3/1
Ip address 172.16.5.25 255.255.255.252
!
Interface FastEthernet3/2
Description Link_to_****
Switchport
Switchport access vlan 2
Switchport mode access
!
Interface FastEthernet3/3
Description Link_to_****
Switchport
Switchport access vlan 2
Switchport mode access
!
Interface FastEthernet3/4
Description Link_to_****
Ip address 172.16.5.13 255.255.255.252
Ip 100 in access-group
!
Interface FastEthernet3/5
No ip address
!
.
.
.
!
Interface FastEthernet3/45
No ip address
!
Interface FastEthernet3/46
Switchport
Switchport access vlan 2
Switchport trunk encapsulation dot1q
Switchport mode access
!
Interface FastEthernet3/47
Switchport
Switchport mode access
!
Interface FastEthernet3/48
Description Link_to_cisco3745_f0/0
No ip address
Ip 100 in access-group
!
Interface GigabitEthernet4/1
Description Link_to_****
Ip address 172.16.5.17 255.255.255.252
Ip 100 in access-group
Ip pim dense-mode
!
Interface GigabitEthernet4/2
No ip address
!
Interface GigabitEthernet4/3
No ip address
!
Interface GigabitEthernet4/4
No ip address
!
Interface GigabitEthernet4/5
No ip address
!
Interface GigabitEthernet4/6
No ip address
!
Interface GigabitEthernet4/7
Description Link_to_****
No ip address
!
Interface GigabitEthernet4/8
Switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk
!
Interface Vlan1
No ip address
!
Interface Vlan2
Description Link_to_Lan
255.255.255.0 ip address 21.15.18.190
!
Interface Vlan3
Description Link_to_****
Ip address 172.16.7.62 255.255.255.224
Ip pim dense-mode
!
Interface Vlan4
Description Link_to_****
Ip address 172.16.7.30 255.255.255.224
!
Ip classless
Ip route 0.0.0.0 0.0.0.0 172.16.5.26
**** **** Route ip 255.255.0.0
Ip route 172.16.0.0 255.255.255.0 172.16.5.2
Ip route 172.16.3.0 255.255.255.0 172.16.5.2
Ip route 172.16.4.0 255.255.255.0 172.16.5.2
Ip route 255.255.255.224 172.16.5.18 172.16.7.64
No ip http server
!
Logging 21.15.18.95
Access-list 1 deny 172.16.134.98 log
Access-list 1 deny log 172.16.26.25
Access-list 1 permit any log
Access-list 100 deny icmp any any log
Access-list 100 deny log tcp any any eq 135
Access-list 100 deny log tcp any any eq 139
Access-list 100 deny log tcp any any eq 445
Access-list 100 deny log tcp any any eq 1025
Access-list 100 deny log tcp any any eq 1068
Access-list 100 deny log tcp any any eq 5554
Access-list 100 deny log tcp any any eq 4444
Access-list 100 deny log tcp any any eq 9996
Access-list 100 deny log tcp any any eq 69
Access-list 100 deny udp any any eq 135 log
Access-list 100 deny udp any any eq netbios-ss log
Access-list 100 deny udp any any eq 445 log
Access-list 100 deny udp any any eq 1025 log
Access-list 100 deny udp any any eq 1068 log
Access-list 100 deny udp any any eq 5554 log
Access-list 100 deny udp any any eq 4444 log
Access-list 100 deny udp any any eq 9996 log
Access-list 100 deny udp any any eq tftp log
100 permit tcp any any access-list
Access-list 100 permit any any udp
100 permit ip any any access-list
!
!
Line con 0
Line vty 0 4
Creating password
Login
Transport input lat PADE mop Telnet rlogin udptn nasi
!
!
Monitor session 1 source interface Gi4/7
Monitor session 1 destination interface Fa3/47
!
End
Why are there so many icmp包? As the only radio? What is the external network of local network Issues remain unresolved Also requests the experts for help.
Initially issued by the flaring Teru done in accordance with the method, the results were not significantly ah. . . : (
I put my line in 6506 : guidance on the allocation of some adhesive.
Version 12.1
Killing uptime service timestamps
Service timestamps log uptime
No service password-encryption
!
Hostname 6506
!
Boot system flash sup-bootflash:c6sup22-js-mz.121-22.E.bin
Enable password ******
!
Complete diagnostic level
Ip subnet-zero
!
!
!
Ip multicast-routing
Ip cef accounting non-recursive
Ip cef load-sharing original algorithm
Mls ratifiable ip input-acl
Mls flow ip destination
Mls flow ipx destination
Mls qos
!
Spanning-tree mode pvst
Spanning-tree vlan 2 priority 8192
Hw-module slot three full memory test
!
Redundancy
Mode rpr-plus
Main-cpu
Auto-sync running-config
Auto-sync standard
!
!
!
Interface Loopback0
No ip address
Shutdown
!
Interface GigabitEthernet1/1
No ip address
Shutdown
!
Interface GigabitEthernet1/2
No ip address
Shutdown
!
Interface GigabitEthernet2/1
No ip address
Shutdown
!
Interface GigabitEthernet2/2
No ip address
Shutdown
!
Interface FastEthernet3/1
Ip address 172.16.5.25 255.255.255.252
!
Interface FastEthernet3/2
Description Link_to_****
Switchport
Switchport access vlan 2
Switchport mode access
!
Interface FastEthernet3/3
Description Link_to_****
Switchport
Switchport access vlan 2
Switchport mode access
!
Interface FastEthernet3/4
Description Link_to_****
Ip address 172.16.5.13 255.255.255.252
Ip 100 in access-group
!
Interface FastEthernet3/5
No ip address
!
.
.
.
!
Interface FastEthernet3/45
No ip address
!
Interface FastEthernet3/46
Switchport
Switchport access vlan 2
Switchport trunk encapsulation dot1q
Switchport mode access
!
Interface FastEthernet3/47
Switchport
Switchport mode access
!
Interface FastEthernet3/48
Description Link_to_cisco3745_f0/0
No ip address
Ip 100 in access-group
!
Interface GigabitEthernet4/1
Description Link_to_****
Ip address 172.16.5.17 255.255.255.252
Ip 100 in access-group
Ip pim dense-mode
!
Interface GigabitEthernet4/2
No ip address
!
Interface GigabitEthernet4/3
No ip address
!
Interface GigabitEthernet4/4
No ip address
!
Interface GigabitEthernet4/5
No ip address
!
Interface GigabitEthernet4/6
No ip address
!
Interface GigabitEthernet4/7
Description Link_to_****
No ip address
!
Interface GigabitEthernet4/8
Switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk
!
Interface Vlan1
No ip address
!
Interface Vlan2
Description Link_to_Lan
255.255.255.0 ip address 21.15.18.190
!
Interface Vlan3
Description Link_to_****
Ip address 172.16.7.62 255.255.255.224
Ip pim dense-mode
!
Interface Vlan4
Description Link_to_****
Ip address 172.16.7.30 255.255.255.224
!
Ip classless
Ip route 0.0.0.0 0.0.0.0 172.16.5.26
**** **** Route ip 255.255.0.0
Ip route 172.16.0.0 255.255.255.0 172.16.5.2
Ip route 172.16.3.0 255.255.255.0 172.16.5.2
Ip route 172.16.4.0 255.255.255.0 172.16.5.2
Ip route 255.255.255.224 172.16.5.18 172.16.7.64
No ip http server
!
Logging 21.15.18.95
Access-list 1 deny 172.16.134.98 log
Access-list 1 deny log 172.16.26.25
Access-list 1 permit any log
Access-list 100 deny icmp any any log
Access-list 100 deny log tcp any any eq 135
Access-list 100 deny log tcp any any eq 139
Access-list 100 deny log tcp any any eq 445
Access-list 100 deny log tcp any any eq 1025
Access-list 100 deny log tcp any any eq 1068
Access-list 100 deny log tcp any any eq 5554
Access-list 100 deny log tcp any any eq 4444
Access-list 100 deny log tcp any any eq 9996
Access-list 100 deny log tcp any any eq 69
Access-list 100 deny udp any any eq 135 log
Access-list 100 deny udp any any eq netbios-ss log
Access-list 100 deny udp any any eq 445 log
Access-list 100 deny udp any any eq 1025 log
Access-list 100 deny udp any any eq 1068 log
Access-list 100 deny udp any any eq 5554 log
Access-list 100 deny udp any any eq 4444 log
Access-list 100 deny udp any any eq 9996 log
Access-list 100 deny udp any any eq tftp log
100 permit tcp any any access-list
Access-list 100 permit any any udp
100 permit ip any any access-list
!
!
Line con 0
Line vty 0 4
Creating password
Login
Transport input lat PADE mop Telnet rlogin udptn nasi
!
!
Monitor session 1 source interface Gi4/7
Monitor session 1 destination interface Fa3/47
!
End
If your problem is caused by icmp, I told the method can work. You should have done something wrong.
I think the problem did not take place in 6506, but 3,705 in 3705 to do ACL/OUT put ICMP removed, it will look at such things do not happen Agree with the view upstairs. Except the table outside the office of his visit to the ICMP IP functions deny see also okay. Stop this interesting, I hope you tell me about the future of the settlement. Thank you. I mail xiaoweimoon@126.com Even faint ~~~~~~~~~ Solve the problem, is a combination of hardware +CISCO virus.
Since the attack a long time interval, beginning in 6506 failed to notice being given, TX, RX Card Millennium Great ERROR--->6148 transmitted by the hardware problem.
Plus some super occasionally over the package, but which SASSER, and the many BLASTER, the collapse. . .
Enduring a three overnight. . . Ah sleep -_- sleep. . _
[ Closed window ]