cancelar
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
1107
Apresentações
1
Útil
23
Respostas

Switch de acesso com tempo de resposta elevado

Luizhen
Level 1
Level 1

O nosso switch está com o tempo de resposta muito alto, creio que seja por causa da inundação de DHCP, ele fica gerando log diversos logs em pouquíssimos segundos, como este abaixo:

iaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0ee4.3cb5.5fdd
Aug 1 14:34:51: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0ee4.3cb5.5fdd
Aug 1 14:34:51: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (60)
Aug 1 14:34:51: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:51: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/10
Aug 1 14:34:51: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:51: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/10)
Aug 1 14:34:51: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/10, MAC da: ffff.ffff.ffff, MAC sa: 0ee4.3cb5.5fdd, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0ee4.3cb5.5fdd
Aug 1 14:34:51: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0ee4.3cb5.5fdd
Aug 1 14:34:51: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (60)
Aug 1 14:34:54: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:54: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/10
Aug 1 14:34:54: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:54: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/10)
Aug 1 14:34:54: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/10, MAC da: ffff.ffff.ffff, MAC sa: d08e.79e0.18bd, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d08e.79e0.18bd
Aug 1 14:34:54: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d08e.79e0.18bd
Aug 1 14:34:54: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (10)
Aug 1 14:34:55: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:55: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/10
Aug 1 14:34:55: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/10 for pak. Was not set
Aug 1 14:34:55: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/10)
Aug 1 14:34:55: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/10, MAC da: ffff.ffff.ffff, MAC sa: d08e.79e0.18bd, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d08e.79e0.18bd
Aug 1 14:34:55: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d08e.79e0.18bd
Aug 1 14:34:55: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (10)

O que podemos fazer?

23 RESPOSTAS 23

SamuelGLN
Spotlight
Spotlight

Olá @Luizhen!

Caso a interface Gi0/10 esteja em trunk, ela está com ip dhcp snooping trust configurado? Portas de upstream para os servidores DHCP devem conter essa configuração.

Se não for esse o caso, poderia compartilhar em qual versão está o SW?

Best regards
******* If This Helps, Please Rate *******

Samuel, boa tarde!

Sim, é uma porta trunk e o switch é o: Modelo: WS-C2960CX-8PC-L Versão: 15.2(7)E7  Imagem: C2960CX-UNIVERSALK9-M

Segue configuração da porta:

interface GigabitEthernet0/10
description ## UL-35 ##
switchport trunk allowed vlan 5,6,10,44,50,52-54,60,70,90,110,120,130,301,1000
switchport trunk allowed vlan add 1010
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
spanning-tree link-type point-to-point
ip dhcp snooping trust

Olá @Luizhen 

 Como está o uso de CPU e memória do switch?

show  proc cpu

 

Flávio, boa tarde!

Segue o uso completo em txt., o resumo abaixo:

SW_CTJL_38#show proc cpu
CPU utilization for five seconds: 18%/0%; one minute: 18%; five minutes: 19%

no ip dhcp snooping information option

this need only 

MHM

 

 

 

I did this, but the logs keep appearing.

You add it in Which SW?

I think you have one Access SW abd other core SW 

Ypu need to add it in access SW

When you config dhcp snooping 

MHM

I add it to the "Conf t" of switch 38 (which is the switch where the logs are being generated).

SW_CTJL_38#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_CTJL_38(config)#
SW_CTJL_38(config)#no ip dhcp snooping information option

Host connect to this SW or other SW?

You need to add it to SW host connect to and config with dhcp snooping 

MHM

The switch 38 is connected to switch 35, with the DHCP SNOOPING configuration on both.

no ip dhcp snooping information option <<- need to add to SW35 if host connect to this SW

Yes, i make this, but not resolved:

SW_CTJL_35#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_CTJL_35(config)#no ip dhcp snooping information option
SW_CTJL_35(config)#
SW_CTJL_35#

SW_CTJL_38# conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_CTJL_38(config)#no ip dhcp snooping information option
SW_CTJL_38(config)#exi

The link interconnect both SW is config as trust or non trust?

MHM

Trust:

SW_CTJL_38#sh run int g0/10
Building configuration...

Current configuration : 339 bytes
!
interface GigabitEthernet0/10
description ## UL-35 ##
switchport trunk allowed vlan 5,6,10,44,50,52-54,60,70,90,110,120,130,301,1000
switchport trunk allowed vlan add 1010
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
spanning-tree link-type point-to-point
ip dhcp snooping trust

SW_CTJL_35#sh run int g1/0/24
Building configuration...

Current configuration : 279 bytes
!
interface GigabitEthernet1/0/24
description ## DL-38 ##
switchport trunk allowed vlan 5,6,10,60,110,120,130,1010
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
spanning-tree link-type point-to-point
ip dhcp snooping trust