取消
显示结果 
搜索替代 
您的意思是: 
cancel
8122
查看次数
34
有帮助
15
回复

3850作核心,网络每天不定时出现6-10秒的中断,后自动变正常。

fishlonely
Level 1
Level 1
092318odvraqxcv6xvcxz6.png
配置:
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname bangong3F-3850-24T-20.1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$4Pf0$IQa.1YUM59I1QIelab/TA1
!
no aaa new-model
switch 1 provision ws-c3850-24t
!
!
!
!
!
!
!
!
!
ip routing
!
ip dhcp excluded-address 10.1.3.1 10.1.3.30
ip dhcp excluded-address 10.1.4.1 10.1.4.30
ip dhcp excluded-address 10.1.5.1 10.1.5.30
ip dhcp excluded-address 10.1.6.1 10.1.6.30
ip dhcp excluded-address 10.1.7.1 10.1.7.30
ip dhcp excluded-address 10.1.8.1 10.1.8.30
ip dhcp excluded-address 10.1.9.1 10.1.9.30
ip dhcp excluded-address 10.1.10.1 10.1.10.30
ip dhcp excluded-address 10.1.11.1 10.1.11.30
ip dhcp excluded-address 10.1.12.1 10.1.12.50
ip dhcp excluded-address 10.1.13.1 10.1.13.30
ip dhcp excluded-address 10.1.14.1 10.1.14.30
ip dhcp excluded-address 10.1.17.1 10.1.17.30
ip dhcp excluded-address 10.1.19.2
ip dhcp excluded-address 10.1.5.196
ip dhcp excluded-address 10.1.5.65
ip dhcp excluded-address 10.1.4.71
ip dhcp excluded-address 10.1.15.1 10.1.15.30
ip dhcp excluded-address 10.1.2.1 10.1.2.50
!
ip dhcp pool vlan2pool
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan3pool
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan4pool
network 10.1.4.0 255.255.255.0
default-router 10.1.4.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan5pool
network 10.1.5.0 255.255.255.0
default-router 10.1.5.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan6pool
network 10.1.6.0 255.255.255.0
default-router 10.1.6.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan7pool
network 10.1.7.0 255.255.255.0
default-router 10.1.7.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan8pool
network 10.1.8.0 255.255.255.0
default-router 10.1.8.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan9pool
network 10.1.9.0 255.255.255.0
default-router 10.1.9.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan10pool
default-router 10.1.10.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan11pool
default-router 10.1.11.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan12pool
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan13pool
network 10.1.13.0 255.255.255.0
default-router 10.1.13.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan14pool
network 10.1.14.0 255.255.254.0
default-router 10.1.14.1
dns-server 114.114.114.114 202.96.134.133
lease 0 4
!
ip dhcp pool vlan17pool
network 10.1.17.0 255.255.255.0
default-router 10.1.17.1
dns-server 114.114.114.114 202.96.134.133
!
ip dhcp pool vlan
default-router 10.1.3.1
!
ip dhcp pool vlan100pool
network 10.1.19.0 255.255.255.0
default-router 10.1.19.1
!
!
qos queue-softmax-multiplier 100
!
crypto pki trustpoint TP-self-signed-3331295796
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3331295796
revocation-check none
rsakeypair TP-self-signed-3331295796
!
!
crypto pki certificate chain TP-self-signed-3331295796
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333331 32393537 3936301E 170D3138 31323134 30383032
31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33333132
39353739 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AF20 D786DFAE 9AB50913 03EB9C05 B374ED5A C7DE0A48 7139A0BB 1ACB9DB9
FB865186 C468ED3E 0E0DDFBB 69045A01 7EA8E788 D20AFF25 6235769F AFAE8549
4625B82B 1F4920D5 B01F6E4B A5F8D80B 1C88A7E9 34F8025B EF336BDF 58149C53
153EBF94 C4D9C0B5 4CD8E8E9 671BB2F0 6B43B2C7 9D3BEB1F 468932C6 DA7EE234
9E3B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BFA740 EF3A72F0 1B018625 084BA0E3 D51A53DA 2D301D06
03551D0E 04160414 BFA740EF 3A72F01B 01862508 4BA0E3D5 1A53DA2D 300D0609
2A864886 F70D0101 05050003 8181004A 34BED0FB ADFC9CEF 516FB5FA 27F04841
9A2F2925 9681CC14 CCE0F904 6C312B4F 598FDAC5 F06C63CD 3D4EC289 6246510A
D78FC966 8E03C7EE 32085C27 28EA3203 73D947C7 C67C5DCE 204B0E98 496AADEC
129BC831 DECC768E CB203437 CAE32A4F D5B5D818 468CCF23 BF679642 E5FACD1C
58ADD5F7 2AD215C9 90597BCD EEBEAF
quit
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 50
!
interface GigabitEthernet1/0/8
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/9
switchport mode trunk
!
interface GigabitEthernet1/0/10
description AC6605
switchport trunk allowed vlan 14,100
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport mode trunk
!
interface GigabitEthernet1/0/12
description huawei_2700POE
switchport trunk native vlan 100
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/22
description ASA5525
no switchport
ip address 10.1.1.3 255.255.255.0
!
interface GigabitEthernet1/0/23
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport access vlan 50
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address 10.1.20.1 255.255.255.0
!
interface Vlan2
ip address 10.1.2.1 255.255.255.0
!
interface Vlan3
ip address 10.1.3.1 255.255.255.0
!
interface Vlan4
ip address 10.1.4.1 255.255.255.0
!
interface Vlan5
ip address 10.1.5.1 255.255.255.0
!
interface Vlan6
ip address 10.1.6.1 255.255.255.0
!
interface Vlan7
ip address 10.1.7.1 255.255.255.0
!
interface Vlan8
ip address 10.1.8.1 255.255.255.0
!
interface Vlan9
ip address 10.1.9.1 255.255.255.0
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
!
interface Vlan11
ip address 10.1.11.1 255.255.255.0
!
interface Vlan12
ip address 10.1.12.1 255.255.255.0
!
interface Vlan13
ip address 10.1.13.1 255.255.255.0
!
interface Vlan14
ip address 10.1.14.1 255.255.254.0
!
interface Vlan16
ip address 10.1.16.1 255.255.255.0
!
interface Vlan17
ip address 10.1.17.1 255.255.255.0
!
interface Vlan19
no ip address
!
interface Vlan50
ip address 10.1.50.2 255.255.255.0
!
interface Vlan99
no ip address
!
interface Vlan100
ip address 10.1.19.1 255.255.255.0
!
interface Vlan200
no ip address
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
access-list 100 permit ip any any
arp 10.1.5.65 94c6.9120.cc05 ARPA
arp 10.1.4.71 0857.00f9.1471 ARPA
!
!
!
!
line con 0
password 123456aA
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 123456aA
login
line vty 5 15
login
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end
15 条回复15

nmyp007
Level 7
Level 7
各个交换机改为vtp mode transparent,或3850 vtp mode server 其他接入改为 vtp mode client 试下

Mansur
Spotlight
Spotlight
监控下看看设备性能吧,故障时间内CPU,内存有没有异常。不像是配置的问题。
估计是bug,可能重启下,或者换个IOS版本就会好。
之前我司的行为管理设备有bug,也是类似这的现象,经过行为管理的流量会终端10秒左右。后来找厂商打了个补丁才好

fishlonely
Level 1
Level 1
maguanghua2013 发表于 2018-12-20 11:25
监控下看看设备性能吧,故障时间内CPU,内存有没有异常。不像是配置的问题。
估计是bug,可能重启下,或者 ...

他这个是瞬间出现故障 后自动变好,出现时间点太短。

L3511604172
Level 1
Level 1
为什么没有看见你vlan的创建,而且交换机二层之间连接肯定要有STP和VTP配置的,另外你可以在trunk下再加一下vlan限制,较少广播风暴等,建议你在优化一下配置观察下

Mansur
Spotlight
Spotlight
fishlonely 发表于 2018-12-20 14:40
他这个是瞬间出现故障 后自动变好,出现时间点太短。

做下监控吧,看看有异常的流量或者性能

fishlonely
Level 1
Level 1
maguanghua2013 发表于 2018-12-20 14:54
做下监控吧,看看有异常的流量或者性能

请问下:如何做监控

zhengwei272
Spotlight
Spotlight
个人建议改一下mac地址的老化时间试试

fishlonely
Level 1
Level 1
zhengwei272 发表于 2018-12-20 15:17
个人建议改一下mac地址的老化时间试试

内网全部是这样,也不会出现老化的时间都一样

Mansur
Spotlight
Spotlight
fishlonely 发表于 2018-12-20 14:57
请问下:如何做监控

cisco PI可以监控。
solarwinds也有商业的监控工具。
免费开源的有zabbix,openfalcon,cacti,nagios

wupeifeng
Level 1
Level 1
你3850是作为核心设备,但是没有看到有设置根桥,接入层交换机有可能变成根桥,根桥有变化会影响整个二层网络,建议你把3850设置成根桥,

fishlonely
Level 1
Level 1
maguanghua2013 发表于 2018-12-20 18:42
cisco PI可以监控。
solarwinds也有商业的监控工具。
免费开源的有zabbix,openfalcon,cacti,nagios

谢谢,我找下

Terence.Jh
Spotlight
Spotlight
maguanghua2013 发表于 2018-12-20 18:42
cisco PI可以监控。
solarwinds也有商业的监控工具。
免费开源的有zabbix,openfalcon,cacti,nagios

PI就算了hhhhhh

Mansur
Spotlight
Spotlight
terence 发表于 2018-12-25 11:16
PI就算了hhhhhh

没用PI……听说是可以。公司不愿意花钱,就只能自己研究开源的了

Terence.Jh
Spotlight
Spotlight
maguanghua2013 发表于 2018-12-25 11:17
没用PI……听说是可以。公司不愿意花钱,就只能自己研究开源的了

Try a test license, follow-up demo, and always sign up for the demo license
I think it is a chicken rib product
快捷链接