网络工程 - 多种错误类型 Cisco 861 路由器 - 吾爱随笔录

多种错误类型 Cisco 861 路由器

网络工程思科路由器故障排除万错误

2021-07-13 02:49:59

我有一个用户抱怨有时真的很慢的连接。我来自 Observium 的 SNMP 图表没有显示带宽被充分使用或高延迟。但是，它们在路由器的 WAN 端口上显示了很多错误。我的其他 WAN 连接均未通过 Observium 在 WAN 端口上显示任何错误。路由器上的 LAN 端口也没有显示任何错误。

近一个月WAN口错误图

以下是连接电缆调制解调器的上行端口的接口统计信息。电缆调制解调器已经换掉了，没有任何改进。我尝试了双工设置的各种配置，但似乎都没有改善这种情况。

  5 minute output rate 198000 bits/sec, 56 packets/sec
 157099395 packets input, 3610517494 bytes
 Received 1 broadcasts, 76 runts, 0 giants, 655 throttles
 338 input errors, 0 CRC, 0 frame, 149 overrun, 189 ignored
 0 watchdog
 0 input packets with dribble condition detected
 274553466 packets output, 1939513782 bytes, 0 underruns
 0 output errors, 0 collisions, 4 interface resets
 0 unknown protocol drops
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out

显示内存状态

  Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   83590CC4   186053436    37257760   148795676   144860192   139092136
      I/O    E700000    26214400     8448092    17766308    17753216    17734940

sh ip nat trans

Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:32971 10.0.2.104:32971 157.56.17.247:443 157.56.17.247:443
tcp MY IP:33834 10.0.2.104:33834 208.54.46.98:5061 208.54.46.98:5061
tcp MY IP:34931 10.0.2.104:34931 184.51.108.19:443 184.51.108.19:443
tcp MY IP:34932 10.0.2.104:34932 23.203.168.248:443 23.203.168.248:443
tcp MY IP:36366 10.0.2.104:36366 31.13.73.129:443  31.13.73.129:443
tcp MY IP:39199 10.0.2.104:39199 54.217.202.157:5223 54.217.202.157:5223
tcp MY IP:42646 10.0.2.104:42646 69.171.245.49:443 69.171.245.49:443
tcp MY IP:42736 10.0.2.104:42736 50.22.240.164:443 50.22.240.164:443
tcp MY IP:43689 10.0.2.104:43689 63.116.58.175:80  63.116.58.175:80
tcp MY IP:50866 10.0.2.104:50866 184.51.126.41:443 184.51.126.41:443
tcp MY IP:54009 10.0.2.104:54009 31.13.73.113:443  31.13.73.113:443
tcp MY IP:55067 10.0.2.104:55067 74.125.22.188:5228 74.125.22.188:5228
tcp MY IP:55569 10.0.2.104:55569 69.171.235.48:443 69.171.235.48:443
tcp MY IP:59083 10.0.2.104:59083 31.13.73.113:443  31.13.73.113:443
tcp MY IP:34734 10.0.2.105:34734 74.125.226.52:443 74.125.226.52:443
tcp MY IP:34790 10.0.2.105:34790 74.125.226.82:80  74.125.226.82:80
tcp MY IP:35504 10.0.2.105:35504 74.125.226.80:443 74.125.226.80:443
tcp MY IP:35578 10.0.2.105:35578 74.125.29.95:443  74.125.29.95:443
tcp MY IP:36974 10.0.2.105:36974 176.32.100.68:80  176.32.100.68:80
tcp MY IP:38267 10.0.2.105:38267 74.125.226.32:80  74.125.226.32:80
tcp MY IP:38559 10.0.2.105:38559 74.125.29.95:443  74.125.29.95:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:39506 10.0.2.105:39506 74.125.226.64:80  74.125.226.64:80
tcp MY IP:43789 10.0.2.105:43789 74.125.226.67:443 74.125.226.67:443
tcp MY IP:46489 10.0.2.105:46489 74.125.226.67:443 74.125.226.67:443
tcp MY IP:49855 10.0.2.105:49855 74.125.226.82:443 74.125.226.82:443
tcp MY IP:53860 10.0.2.105:53860 54.192.36.122:443 54.192.36.122:443
tcp MY IP:54184 10.0.2.105:54184 74.125.226.40:443 74.125.226.40:443
tcp MY IP:55252 10.0.2.105:55252 64.233.171.188:5228 64.233.171.188:5228
tcp MY IP:55530 10.0.2.105:55530 74.125.29.95:443  74.125.29.95:443
tcp MY IP:55530 10.0.2.105:55530 74.125.226.71:80  74.125.226.71:80
tcp MY IP:55753 10.0.2.105:55753 74.125.226.32:80  74.125.226.32:80
tcp MY IP:55942 10.0.2.105:55942 54.215.210.43:80  54.215.210.43:80
tcp MY IP:57670 10.0.2.105:57670 205.251.243.57:80 205.251.243.57:80
tcp MY IP:57700 10.0.2.105:57700 54.201.136.198:80 54.201.136.198:80
tcp MY IP:59269 10.0.2.105:59269 74.125.228.41:443 74.125.228.41:443
tcp MY IP:53292 10.0.2.108:53292 17.172.233.110:5223 17.172.233.110:5223
tcp MY IP:53293 10.0.2.108:53293 31.13.73.134:443  31.13.73.134:443
tcp MY IP:53294 10.0.2.108:53294 31.13.73.134:443  31.13.73.134:443
tcp MY IP:53305 10.0.2.108:53305 31.13.73.129:443  31.13.73.129:443
tcp MY IP:53306 10.0.2.108:53306 31.13.73.129:443  31.13.73.129:443
tcp MY IP:53307 10.0.2.108:53307 31.13.73.113:443  31.13.73.113:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:53308 10.0.2.108:53308 31.13.73.113:443  31.13.73.113:443
tcp MY IP:53328 10.0.2.108:53328 107.14.41.80:443  107.14.41.80:443
tcp MY IP:53329 10.0.2.108:53329 31.13.73.129:443  31.13.73.129:443
tcp MY IP:53330 10.0.2.108:53330 31.13.73.129:443  31.13.73.129:443
tcp MY IP:1975 10.0.2.113:1975  75.146.212.122:5721 75.146.212.122:5721
tcp MY IP:2225 10.0.2.113:2225  78.108.117.250:443 78.108.117.250:443
tcp MY IP:2226 10.0.2.113:2226  68.64.13.250:443   68.64.13.250:443
tcp MY IP:2227 10.0.2.113:2227  68.64.24.250:443   68.64.24.250:443
tcp MY IP:2228 10.0.2.113:2228  68.64.24.250:443   68.64.24.250:443
tcp MY IP:2229 10.0.2.113:2229  68.64.13.250:443   68.64.13.250:443
tcp MY IP:2230 10.0.2.113:2230  78.108.117.250:443 78.108.117.250:443
tcp MY IP:2231 10.0.2.113:2231  68.64.24.250:443   68.64.24.250:443
tcp MY IP:2232 10.0.2.113:2232  68.64.13.250:443   68.64.13.250:443
tcp MY IP:2233 10.0.2.113:2233  78.108.117.250:443 78.108.117.250:443
tcp MY IP:2234 10.0.2.113:2234  68.64.24.250:443   68.64.24.250:443
tcp MY IP:2235 10.0.2.113:2235  68.64.13.250:443   68.64.13.250:443
tcp MY IP:2236 10.0.2.113:2236  78.108.117.250:443 78.108.117.250:443
tcp MY IP:2237 10.0.2.113:2237  68.64.24.250:443   68.64.24.250:443
tcp MY IP:2238 10.0.2.113:2238  68.64.13.250:443   68.64.13.250:443
tcp MY IP:2239 10.0.2.113:2239  78.108.117.250:443 78.108.117.250:443
tcp MY IP:59995 10.0.2.114:59995 17.110.224.227:5223 17.110.224.227:5223
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:60290 10.0.2.114:60290 157.56.52.15:40001 157.56.52.15:40001
tcp MY IP:60292 10.0.2.114:60292 91.190.218.57:12350 91.190.218.57:12350
tcp MY IP:60300 10.0.2.114:60300 137.116.40.106:443 137.116.40.106:443
udp MY IP:33645 10.0.2.117:33645 111.221.74.22:40024 111.221.74.22:40024
udp MY IP:33645 10.0.2.117:33645 111.221.77.176:40011 111.221.77.176:40011
udp MY IP:33645 10.0.2.117:33645 157.55.235.150:40024 157.55.235.150:40024
udp MY IP:33645 10.0.2.117:33645 157.55.235.176:40006 157.55.235.176:40006
udp MY IP:33645 10.0.2.117:33645 157.56.52.22:40024 157.56.52.22:40024
udp MY IP:33645 10.0.2.117:33645 213.199.179.145:40004 213.199.179.145:40004
tcp MY IP:51846 10.0.2.117:51846 17.172.233.95:5223 17.172.233.95:5223
tcp MY IP:51847 10.0.2.117:51847 157.55.130.161:80 157.55.130.161:80
tcp MY IP:33190 10.0.2.148:33190 184.51.126.8:443  184.51.126.8:443
tcp MY IP:34585 10.0.2.148:34585 31.13.73.145:443  31.13.73.145:443
tcp MY IP:35229 10.0.2.148:35229 74.125.29.95:443  74.125.29.95:443
tcp MY IP:35895 10.0.2.148:35895 184.28.17.235:443 184.28.17.235:443
tcp MY IP:37401 10.0.2.148:37401 173.252.103.16:443 173.252.103.16:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:37809 10.0.2.148:37809 74.125.29.95:443  74.125.29.95:443
tcp MY IP:41132 10.0.2.148:41132 31.13.71.23:443   31.13.71.23:443
tcp MY IP:41428 10.0.2.148:41428 74.125.29.95:443  74.125.29.95:443
tcp MY IP:41893 10.0.2.148:41893 31.13.73.145:443  31.13.73.145:443
tcp MY IP:42088 10.0.2.148:42088 31.13.73.145:443  31.13.73.145:443
tcp MY IP:43062 10.0.2.148:43062 184.51.126.8:443  184.51.126.8:443
tcp MY IP:45688 10.0.2.148:45688 107.14.41.202:80  107.14.41.202:80
tcp MY IP:45738 10.0.2.148:45738 107.14.41.202:80  107.14.41.202:80
tcp MY IP:46457 10.0.2.148:46457 74.125.29.95:443  74.125.29.95:443
tcp MY IP:46730 10.0.2.148:46730 184.51.126.41:443 184.51.126.41:443
tcp MY IP:47424 10.0.2.148:47424 31.13.71.7:80     31.13.71.7:80
tcp MY IP:47840 10.0.2.148:47840 107.14.41.163:443 107.14.41.163:443
tcp MY IP:48932 10.0.2.148:48932 64.233.171.188:5228 64.233.171.188:5228
tcp MY IP:50549 10.0.2.148:50549 74.125.226.66:443 74.125.226.66:443
tcp MY IP:51863 10.0.2.148:51863 31.13.71.7:443    31.13.71.7:443
tcp MY IP:52322 10.0.2.148:52322 31.13.73.145:443  31.13.73.145:443
tcp MY IP:53313 10.0.2.148:53313 74.125.29.95:443  74.125.29.95:443
tcp MY IP:53419 10.0.2.148:53419 31.13.73.150:443  31.13.73.150:443
tcp MY IP:53451 10.0.2.148:53451 31.13.71.7:443    31.13.71.7:443
tcp MY IP:53583 10.0.2.148:53583 74.125.29.95:443  74.125.29.95:443
tcp MY IP:54490 10.0.2.148:54490 173.252.102.16:443 173.252.102.16:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:55095 10.0.2.148:55095 31.13.71.7:80     31.13.71.7:80
tcp MY IP:57577 10.0.2.148:57577 184.51.126.179:443 184.51.126.179:443
tcp MY IP:57856 10.0.2.148:57856 74.125.29.95:443  74.125.29.95:443
tcp MY IP:50197 10.0.2.149:50197 134.170.0.199:443 134.170.0.199:443
tcp MY IP:50200 10.0.2.149:50200 184.51.126.106:80 184.51.126.106:80
tcp MY IP:50209 10.0.2.149:50209 134.170.0.199:443 134.170.0.199:443
tcp MY IP:50220 10.0.2.149:50220 134.170.0.199:443 134.170.0.199:443
tcp MY IP:3520 10.0.2.154:3520  78.108.119.250:443 78.108.119.250:443
tcp MY IP:3521 10.0.2.154:3521  216.219.116.244:443 216.219.116.244:443
tcp MY IP:3523 10.0.2.154:3523  78.108.119.250:443 78.108.119.250:443
tcp MY IP:3525 10.0.2.154:3525  78.108.119.250:443 78.108.119.250:443
tcp MY IP:3527 10.0.2.154:3527  78.108.119.250:443 78.108.119.250:443
tcp MY IP:3529 10.0.2.154:3529  78.108.119.250:443 78.108.119.250:443
tcp MY IP:41043 10.0.2.158:41043 134.170.25.33:443 134.170.25.33:443
tcp MY IP:54026 10.0.2.179:54026 75.146.212.122:5721 75.146.212.122:5721
tcp MY IP:62736 10.0.2.179:62736 216.219.117.244:443 216.219.117.244:443
tcp MY IP:54265 10.0.2.183:54265 75.146.212.122:5721 75.146.212.122:5721
tcp MY IP:58413 10.0.2.183:58413 202.173.28.250:443 202.173.28.250:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:58414 10.0.2.183:58414 54.249.66.39:443  54.249.66.39:443
tcp MY IP:58415 10.0.2.183:58415 216.219.117.244:443 216.219.117.244:443
tcp MY IP:58416 10.0.2.183:58416 54.249.66.39:443  54.249.66.39:443
tcp MY IP:58417 10.0.2.183:58417 202.173.28.250:443 202.173.28.250:443
tcp MY IP:58418 10.0.2.183:58418 54.249.66.39:443  54.249.66.39:443
tcp MY IP:58419 10.0.2.183:58419 202.173.28.250:443 202.173.28.250:443
tcp MY IP:58420 10.0.2.183:58420 54.249.66.39:443  54.249.66.39:443
tcp MY IP:58421 10.0.2.183:58421 202.173.28.250:443 202.173.28.250:443
tcp MY IP:58422 10.0.2.183:58422 54.249.66.39:443  54.249.66.39:443
tcp MY IP:58423 10.0.2.183:58423 202.173.28.250:443 202.173.28.250:443
tcp MY IP:58424 10.0.2.183:58424 216.219.117.244:443 216.219.117.244:443
tcp MY IP:59037 10.0.2.183:59037 64.94.18.140:443  64.94.18.140:443
tcp MY IP:34308 10.0.2.191:34308 124.170.204.20:33090 124.170.204.20:33090
tcp MY IP:35600 10.0.2.191:35600 89.212.17.133:16881 89.212.17.133:16881
tcp MY IP:37958 10.0.2.191:37958 173.252.102.16:443 173.252.102.16:443
tcp MY IP:41931 10.0.2.191:41931 74.125.22.95:443  74.125.22.95:443
tcp MY IP:43135 10.0.2.191:43135 74.125.226.50:443 74.125.226.50:443
tcp MY IP:45848 10.0.2.191:45848 112.196.138.40:30412 112.196.138.40:30412
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:49857 10.0.2.191:49857 39.54.206.182:41822 39.54.206.182:41822
tcp MY IP:54963 10.0.2.191:54963 74.125.226.40:80  74.125.226.40:80
tcp MY IP:55121 10.0.2.191:55121 98.23.93.16:27697 98.23.93.16:27697
tcp MY IP:59098 10.0.2.191:59098 74.125.22.188:5228 74.125.22.188:5228
tcp MY IP:59654 10.0.2.191:59654 74.125.226.52:443 74.125.226.52:443
tcp MY IP:59712 10.0.2.191:59712 69.245.6.109:37498 69.245.6.109:37498
tcp MY IP:59015 10.0.2.192:59015 216.115.208.199:8200 216.115.208.199:8200
tcp MY IP:49821 10.0.2.201:49821 173.252.102.16:443 173.252.102.16:443
tcp MY IP:55018 10.0.2.202:55018 17.151.226.32:443 17.151.226.32:443
udp MY IP:3150 10.0.2.217:3150  108.168.212.234:5060 108.168.212.234:5060
tcp MY IP:33998 10.0.2.234:33998 69.171.248.65:443 69.171.248.65:443
tcp MY IP:34309 10.0.2.234:34309 74.125.226.46:443 74.125.226.46:443
tcp MY IP:35985 10.0.2.234:35985 216.115.110.118:443 216.115.110.118:443
tcp MY IP:37960 10.0.2.234:37960 74.125.226.50:443 74.125.226.50:443
tcp MY IP:37961 10.0.2.234:37961 74.125.226.50:443 74.125.226.50:443
tcp MY IP:41525 10.0.2.234:41525 64.233.171.188:5228 64.233.171.188:5228
tcp MY IP:45184 10.0.2.234:45184 31.13.73.97:443   31.13.73.97:443
Pro Inside global      Inside local       Outside local      Outside global
tcp MY IP:50237 10.0.2.234:50237 176.32.99.133:443 176.32.99.133:443
tcp MY IP:52159 10.0.2.234:52159 74.125.29.95:443  74.125.29.95:443
tcp MY IP:52171 10.0.2.234:52171 74.125.29.95:443  74.125.29.95:443
tcp MY IP:53343 10.0.2.234:53343 74.125.226.39:443 74.125.226.39:443
tcp MY IP:55318 10.0.2.234:55318 74.125.226.9:443  74.125.226.9:443
tcp MY IP:57411 10.0.2.234:57411 66.196.116.132:8996 66.196.116.132:8996
tcp MY IP:58455 10.0.2.234:58455 31.13.73.129:443  31.13.73.129:443

运行

Current configuration : 8041 bytes
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
no logging on
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3973140985
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3973140985
 revocation-check none
 rsakeypair TP-self-signed-3973140985
!
!
crypto pki certificate chain TP-self-signed-3973140985
 certificate self-signed 01
 XXXXXXXXXXXXXXX
    quit
no ip source-route
!
!
ip dhcp excluded-address 10.0.2.1 10.0.2.100
!
ip dhcp pool ccp-pool
   network 10.0.2.0 255.255.255.0
default-router 10.0.2.13 
   dns-server 10.0.5.44 8.8.8.8 
   lease 8
!
!
ip cef
ip inspect log drop-pkt
no ip bootp server
no ip domain lookup
ip domain name company.com
ip name-server 10.0.5.44
!
!
license udi pid CISCO861-K9 sn FTX151603YG
!
!
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXX
!
!
ip tcp synwait-time 10
!
class-map type inspect match-all icmp
 match access-group name icmp
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol dns
 match protocol ftp
 match protocol rtsp
 match protocol sql-net
 match protocol tftp
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all out_in
 match access-group 115
class-map type inspect match-all icmp_test
 match protocol icmp
class-map type inspect match-all REMOTE_ACCESS
 match access-group name REMOTE_ACCESS
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp
class-map type inspect match-all ccp-protocol-http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
policy-map type inspect icmp
 class type inspect icmp
  inspect 
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class type inspect icmp_test
 inspect 
 class class-default
  drop
policy-map type inspect out_in
 class type inspect out_in
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect REMOTE_ACCESS
  inspect 
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
zone-pair security ccp-zp-out-self source out-zone destination self
zone-pair security ccp-zp-out-in source out-zone destination in-zone
 service-policy type inspect out_in
! 
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key XXXXXXXXXX address VPN END POINT IP
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac 
!
crypto map mymap 10 ipsec-isakmp 
 set peer VPN END POINT IP
 set security-association lifetime seconds 36000
 set transform-set myset 
 match address 102
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ES_WAN$
 ip address MY IP 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex full
 speed 100
 crypto map mymap
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.0.2.13 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list no-nat interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 MY IP
!
ip access-list extended REMOTE_ACCESS
 permit tcp any any eq 22
 permit tcp any any eq 443
 permit tcp any any eq telnet
 permit icmp any any
ip access-list extended icmp
 permit icmp any any
ip access-list extended no-nat
 deny   ip 10.0.2.0 0.0.0.255 10.0.100.0 0.0.0.255
 deny   ip 10.0.2.0 0.0.0.255 10.0.5.0 0.0.0.255
 deny   ip any host MY IP
 deny   ip host MY IP any
 deny   ip any host 10.0.2.13
 deny   ip host 10.0.2.13 any
 deny   ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.255.255
 permit ip any any
!
ip access-list log-update threshold 1
no logging trap
logging 10.0.2.153
access-list 23 permit 10.0.0.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip MY IP 10.0.0.3 any
access-list 101 deny   ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 deny   ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 deny   ip 10.0.2.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 deny   ip 10.0.2.0 0.0.0.255 10.0.5.0 0.0.0.255
access-list 101 deny   ip 10.0.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny   ip 10.0.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 102 permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 102 permit ip 10.0.2.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 115 permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 115 permit ip 10.0.0.0 0.0.255.255 10.0.2.0 0.0.0.255
access-list 199 permit ip host 10.0.2.7 host 10.0.5.120
access-list 199 permit ip host 10.0.5.120 host 10.0.2.7
no cdp run

snmp-server community public RO
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

2个回答

@PHLiGHT，你好！

您的 cisco 861，恕我直言，因入口流量而过载。让我们看看您的 cisco iface 计数器：

 5 minute output rate 198000 bits/sec, 56 packets/sec
 157099395 packets input, 3610517494 bytes
 Received 1 broadcasts, 76 runts, 0 giants, 655 throttles
 338 input errors, 0 CRC, 0 frame, 149 overrun, 189 ignored

你有 655 个油门，所以有两个主要原因：cpu 过载，缓冲区过载。

并且您有 338 个错误（“149 次溢出” + “189 次忽略”），我想这（也）是由路由器过载引起的。详细信息：溢出、忽略和用户完整的 cisco pdf 关于掉线故障排除

看到输出这些命令对我来说非常有趣：

 sh interfaces fa4  | i que  
 sh interfaces fa4 switching
 sh proc cpu sort

ps很奇怪的是看到76个矮子，通常是由冲突引起的（只能在单工模式下），但在配置中我们有“双工全”。恕我直言，清理计数器，不要改变双工模式，等待一段时间，矮子不应该增加。

pps 我猜，这种情况不会造成严重的问题，因为每个 ~500000 个数据包“只有”一个错误，在大多数情况下还不错，真的;-)

正如 Pyatka 所说，您的界面似乎被过度使用了。这就是为什么你会超支和节流。开始监控接口流量，而不仅仅是错误。您的界面认为它被过度使用了？监控来证明。也开始监控 CPU 使用率。您的界面可能会因为 CPU 被过度使用而表现得像过载一样。开始记录一切！“记录缓冲 7”，然后“记录缓冲 <~50% 的可用空间在 'dir' 命令中确定>”就是我要做的。

检查“显示进程 cpu 历史记录”并查看是否出现峰值，查看是否可以将 CPU 使用模式与错误模式相匹配。（请注意，历史图表以图表左侧的 MOST-RECENT 开头，而不是右侧。这可能非常令人困惑！）

如果你能从这一切中辨别出一种模式……当它发生时登录！！显示过程，显示整数，显示日志，检查一切。没有什么比“在野外”看到这个问题更像的了。

至于速度/双工，我们发现在两端硬设置速度和双工是最好的选择；由于您已经声明您已经完成了自动和硬设置，因此双工可能不是您的问题。无论如何，我没有看到您真正期望双工不匹配的模式中的错误，尽管它始终是一种选择。您可能会为笑声打开 CDP 并为笑声执行“sh cdp 邻居详细信息”以查看另一端向 CDP 宣传自己的内容。我不认为他们是你的问题。

祝你好运！

其它你可能感兴趣的问题

上一篇RTT 公式中的初始估计往返时间下一篇Cisco 877 - 仅在 PPP 启动时通告 OSPF 默认路由