2015年9月2日

Cisco switch cpu high



源起

輸入sh process cpu sorted  發現是dhcpd作怪

處理方法

新增一個acl如下

access-list 111 permit udp any any eq bootpc log-input
access-list 111 permit udp any any eq bootps log-input
access-list 111 permit ip any any


然後在有ip helper-address的介面上加上ip accesss-group 111 in

從log查到異常大量dhcp封包來源:

%SEC-6-IPACCESSLOGP: list 111 permitted udp 172.18.24.7(68) (Vlan150 0025.112b.c20c) -> 255.255.255.255(67), 1 packet
%SEC-6-IPACCESSLOGP: list 111 permitted udp 172.18.28.3(68) (Vlan190 382c.4a77.f1b2) -> 255.255.255.255(67), 1 packet
%SEC-6-IPACCESSLOGP: list 111 permitted udp 0.0.0.0(68) (Vlan230 60a4.4ce7.d541) -> 255.255.255.255(67), 38773 packets
%SEC-6-IPACCESSLOGP: list 111 permitted udp 172.18.29.7(68) (Vlan200 14dd.a94f.7122) -> 255.255.255.255(67), 1 packet

追蹤者