学员提问:
2621 静态NAT转换服务器失效,cpu利用率高,到底是什么原因?
单位带宽为电信10M光纤,局域网最多有200台计算机。inside global:125.76.78.X/27,
2621下连接入交换机cisco65XX,起van1接口,工作站地址为10.10.1.1~254/24之间,网关为65XX的vlan1接口地址10.10.1.200/24.接入200左右机器,在上网高峰期会出现网络时通时断现象,登录2621,CPU利用率在90%左右,网内无病毒,arp等,对内部web服务器和FTP服务器做静态NAT转换相应端口不定期失效(外网无法访问服务器,内网可以访问,从新覆盖写入命令 ip nat inside source static tcp 10.10.1.9 80 125.76.78.2 80 extendable,外网访问恢复正常)。
下面为show process cpu和2621配置:
CPU utilization for five seconds: 100%/94%; one minute: 82%; five minutes: 59%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 116 169 686 0.00% 0.00% 0.00% 0 Chunk Manager
2 3420 23055 148 0.00% 0.01% 0.00% 0 Load Meter
4 130195 15224 8551 0.00% 0.13% 0.08% 0 Check heaps
5 1314 169 7775 0.00% 0.00% 0.00% 0 Pool Manager
6 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 124 3847 32 0.00% 0.00% 0.00% 0 Environmental mo
9 97060 73905 1313 0.00% 0.01% 0.00% 0 ARP Input
10 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
11 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
12 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
13 4 2 2000 0.00% 0.00% 0.00% 0 Entity MIB API
14 715 5768 123 0.00% 0.00% 0.00% 0 HC Counter Timer
15 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
16 5581 114746 48 0.00% 0.00% 0.00% 0 GraphIt
17 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
18 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
19 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
20 3689 13981 263 0.00% 0.00% 0.00% 0 Net Background
21 4 9 444 0.00% 0.00% 0.00% 0 Logger
22 4994 114744 43 0.00% 0.00% 0.00% 0 TTY Background
23 10318 114755 89 0.00% 0.00% 0.00% 0 Per-Second Jobs
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
24 0 1 0 0.00% 0.00% 0.00% 0 AggMgr Process
25 0 1 0 0.00% 0.00% 0.00% 0 dev_device_inser
26 0 1 0 0.00% 0.00% 0.00% 0 dev_device_remov
27 0 1 0 0.00% 0.00% 0.00% 0 sal_dpc_process
28 0 1 0 0.00% 0.00% 0.00% 0 ARL Table Manage
29 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM
30 0 2 0 0.00% 0.00% 0.00% 0 SM Monitor
31 4694 22145 211 0.00% 0.00% 0.00% 0 Net Input
32 2342 23057 101 0.00% 0.00% 0.00% 0 Compute load avg
33 77791 1983 39228 0.00% 0.02% 0.00% 0 Per-minute Jobs
34 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol
35 2974 114747 25 0.00% 0.00% 0.00% 0 PI MATM Aging Pr
36 669 11532 58 0.00% 0.00% 0.00% 0 EtherChnl
37 4 2 2000 0.00% 0.00% 0.00% 0 VLAN Manager
38 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
39 0 2 0 0.00% 0.00% 0.00% 0 AAA Server
40 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
41 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
42 10938 444 24635 3.01% 1.11% 0.51% 66 Virtual Exec
43 7405168 2392305 3095 7.06% 4.75% 2.91% 0 IP Input
44 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
45 28 192 145 0.00% 0.00% 0.00% 0 MOP Protocols
46 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
47 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
48 473 15379 30 0.00% 0.00% 0.00% 0 SSS Test Client
49 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
50 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
51 11073 2113 5240 0.00% 0.00% 0.00% 0 IP Background
52 176 1927 91 0.00% 0.00% 0.00% 0 IP RIB Update
53 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
54 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
55 0 1 0 0.00% 0.00% 0.00% 0 Asy FS Helper
56 89172 178502 499 0.07% 0.11% 0.10% 0 CEF process
57 937 1669 561 0.07% 0.00% 0.00% 0 TCP Timer
58 104 36 2888 0.00% 0.00% 0.00% 0 TCP Protocols
59 0 1 0 0.00% 0.00% 0.00% 0 COPS
60 0 1 0 0.00% 0.00% 0.00% 0 SNMP Timers
61 68 2 34000 0.00% 0.00% 0.00% 0 SCTP Main Proces
62 0 1 0 0.00% 0.00% 0.00% 0 IUA Main Process
63 7412 114756 64 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
64 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
65 2561 114752 22 0.00% 0.00% 0.00% 0 bsm_xmt_proc
66 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
67 720 523 1376 0.00% 0.00% 0.00% 0 DHCPD Receive
68 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
69 2497 1925 1297 0.00% 0.00% 0.00% 0 Adj Manager
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
70 4 386 10 0.00% 0.00% 0.00% 0 HTTP CORE
71 82994 1922 43181 0.00% 0.06% 0.05% 0 IP Cache Ager
72 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
73 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
74 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
75 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
76 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
77 276 4618 59 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
78 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
79 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
80 0 2 0 0.00% 0.00% 0.00% 0 LOCAL AAA
82 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
83 6239 190476 32 0.00% 0.00% 0.00% 0 Inline Power
84 4 1 4000 0.00% 0.00% 0.00% 0 PM Callback
85 281 4003 70 0.00% 0.00% 0.00% 0 CEF Scanner
86 0 2 0 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
87 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
88 0 1 0 0.00% 0.00% 0.00% 0 VPDN Scal
89 617726 1939200 318 0.47% 0.20% 0.12% 0 IP NAT Ager
90 43723 1135750 38 0.00% 0.04% 0.02% 0 fastblk backgrou
91 92 962 95 0.00% 0.00% 0.00% 0 DHCPD Timer
92 693 32664 21 0.00% 0.00% 0.00% 0 DHCPD Database
Router#
Router#sho run
Router#sho running-config
Building configuration...
Current configuration : 1578 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 &)@2LJyzUNsmKWicw/Tc6.HWL1
!
clock timezone PCTime 8
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
no ip bootp server
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 125.76.78.4 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no ip redirects
ip nat outside
duplex auto
speed 100
no cdp enable
!
interface FastEthernet0/1
description LAN
ip address 10.10.1.253 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no ip redirects
ip nat inside
duplex auto
speed 100
no cdp enable
!
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 60
ip nat translation max-entries all-vrf 200
ip nat pool isp 125.76.78.5 125.76.78.30 netmask 255.255.255.224
ip nat inside source list 9 pool isp overload
ip nat inside source static tcp 10.10.1.9 80 125.76.78.2 80 extendable (不定期失效)
ip nat inside source static tcp 10.10.1.7 21 125.76.78.3 21 extendable (不定期失效)no ip classless
ip route 0.0.0.0 0.0.0.0 125.76.78.1
no ip http server
!
access-list 9 permit 10.10.0.0 0.0.255.255
access-list 101 deny tcp any any range 6881 6890
access-list 101 deny tcp any range 6881 6890 any
access-list 101 permit ip any any
no cdp run
tftp-server syste
!
line con 0
line aux 0
line vty 0 4
password qazwsx(.)1
login
!
!
!
end
以下为show process cpu sort,show inter summary,show inter switching.
Router#show proc cpu sorted
CPU utilization for five seconds: 76%/50%; one minute: 68%; five minutes: 40%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
43 13127981 7233736 1814 22.63% 19.46% 9.63% 0 IP Input
89 1215649 5756065 211 1.35% 1.25% 0.64% 0 IP NAT Ager
42 2152 302 7125 0.55% 0.33% 0.23% 66 Virtual Exec
90 79621 5762341 13 0.23% 0.07% 0.02% 0 fastblk backgrou
56 167120 948441 176 0.15% 0.16% 0.10% 0 CEF process
9 274060 286204 957 0.15% 0.12% 0.11% 0 ARP Input
8 220 19316 11 0.00% 0.00% 0.00% 0 Environmental mo
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
10 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
6 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
12 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
13 4 2 2000 0.00% 0.00% 0.00% 0 Entity MIB API
11 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
15 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
16 6593 577966 11 0.00% 0.00% 0.00% 0 GraphIt
14 2078 28969 71 0.00% 0.00% 0.00% 0 HC Counter Timer
18 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
19 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
20 8238 74812 110 0.00% 0.00% 0.00% 0 Net Background
21 4 15 266 0.00% 0.00% 0.00% 0 Logger
4 444560 70814 6277 0.00% 0.10% 0.06% 0 Check heaps
2 5290 115873 45 0.00% 0.00% 0.00% 0 Load Meter
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
17 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
25 0 1 0 0.00% 0.00% 0.00% 0 dev_device_inser
26 0 1 0 0.00% 0.00% 0.00% 0 dev_device_remov
27 0 1 0 0.00% 0.00% 0.00% 0 sal_dpc_process
28 0 1 0 0.00% 0.00% 0.00% 0 ARL Table Manage
5 1330 445 2988 0.00% 0.00% 0.00% 0 Pool Manager
30 0 2 0 0.00% 0.00% 0.00% 0 SM Monitor
31 15146 99259 152 0.00% 0.00% 0.00% 0 Net Input
32 5430 115874 46 0.00% 0.00% 0.00% 0 Compute load avg
33 319465 9798 32605 0.00% 0.04% 0.00% 0 Per-minute Jobs
34 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol
35 4735 577965 8 0.00% 0.00% 0.00% 0 PI MATM Aging Pr
36 592 57932 10 0.00% 0.00% 0.00% 0 EtherChnl
37 4 2 2000 0.00% 0.00% 0.00% 0 VLAN Manager
38 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
39 0 2 0 0.00% 0.00% 0.00% 0 AAA Server
40 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
41 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
22 9323 577962 16 0.00% 0.00% 0.00% 0 TTY Background
23 16987 577982 29 0.00% 0.01% 0.00% 0 Per-Second Jobs
44 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
24 0 1 0 0.00% 0.00% 0.00% 0 AggMgr Process
46 4 3 1333 0.00% 0.00% 0.00% 0 PPP Hooks
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
29 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM
48 853 77247 11 0.00% 0.00% 0.00% 0 SSS Test Client
49 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
50 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
51 44195 11938 3702 0.00% 0.00% 0.00% 0 IP Background
52 622 9662 64 0.00% 0.00% 0.00% 0 IP RIB Update
53 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
54 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
55 0 1 0 0.00% 0.00% 0.00% 0 Asy FS Helper
1 361 661 546 0.00% 0.00% 0.00% 0 Chunk Manager
57 465 2874 161 0.00% 0.00% 0.00% 0 TCP Timer
58 140 63 2222 0.00% 0.00% 0.00% 0 TCP Protocols
59 0 1 0 0.00% 0.00% 0.00% 0 COPS
60 0 1 0 0.00% 0.00% 0.00% 0 SNMP Timers
61 64 2 32000 0.00% 0.00% 0.00% 0 SCTP Main Proces
62 0 1 0 0.00% 0.00% 0.00% 0 IUA Main Process
63 11515 577980 19 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
64 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
65 5176 577971 8 0.00% 0.00% 0.00% 0 bsm_xmt_proc
66 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
67 2165 1857 1165 0.00% 0.00% 0.00% 0 DHCPD Receive
68 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
69 7339 9663 759 0.00% 0.00% 0.00% 0 Adj Manager
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
70 44 1933 22 0.00% 0.00% 0.00% 0 HTTP CORE
71 141710 9654 14678 0.00% 0.05% 0.01% 0 IP Cache Ager
72 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
73 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
74 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
75 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
76 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
77 336 23184 14 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
78 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
79 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
80 0 2 0 0.00% 0.00% 0.00% 0 LOCAL AAA
82 4 2 2000 0.00% 0.00% 0.00% 0 TPLUS
83 10704 962303 11 0.00% 0.00% 0.00% 0 Inline Power
84 0 1 0 0.00% 0.00% 0.00% 0 PM Callback
85 1295 20096 64 0.00% 0.00% 0.00% 0 CEF Scanner
86 0 2 0 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
87 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
88 0 1 0 0.00% 0.00% 0.00% 0 VPDN Scal
45 32 971 32 0.00% 0.00% 0.00% 0 MOP Protocols
47 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
91 160 4830 33 0.00% 0.00% 0.00% 0 DHCPD Timer
92 2676 164108 16 0.00% 0.00% 0.00% 0 DHCPD Database
Router#
Router#show interfaces summary
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* FastEthernet0/0 0 842 0 0 5502000 918 2812000 819 0
* FastEthernet0/1 1 5843 0 0 2819000 825 5501000 919 0
NOTE:No separate counters are maintained for subinterfaces
Hence Details of subinterface are not shown
Router#
Router#show interfaces switching
FastEthernet0/0
Throttle count 0
Drops RP 842 SP 0
SPD Flushes Fast 0 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 125164 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 3364658 752766063 5237047 453862254
Cache misses 11242 - - -
Fast 119668197 4087809267 125791175 4292751657
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 969 74613
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 88865 5331900 1947 116820
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 76463 4893632 57940 3476400
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
FastEthernet0/1 $ES_LAN$
Throttle count 0
Drops RP 5843 SP 0
SPD Flushes Fast 0 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 275187 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 5713025 510692260 3518494 769138505
Cache misses 714187 - - -
Fast 125792851 146151731 119669626 4030120762
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 969 74613
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 275187 16511220 20067 1204020
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 23141 5510702 57939 3476340
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
Router#
单位带宽为电信10M光纤,局域网最多有200台计算机。inside global:125.76.78.X/27,
2621下连接入交换机cisco65XX,起van1接口,工作站地址为10.10.1.1~254/24之间,网关为65XX的vlan1接口地址10.10.1.200/24.接入200左右机器,在上网高峰期会出现网络时通时断现象,登录2621,CPU利用率在90%左右,网内无病毒,arp等,对内部web服务器和FTP服务器做静态NAT转换相应端口不定期失效(外网无法访问服务器,内网可以访问,从新覆盖写入命令 ip nat inside source static tcp 10.10.1.9 80 125.76.78.2 80 extendable,外网访问恢复正常)。
下面为show process cpu和2621配置:
CPU utilization for five seconds: 100%/94%; one minute: 82%; five minutes: 59%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 116 169 686 0.00% 0.00% 0.00% 0 Chunk Manager
2 3420 23055 148 0.00% 0.01% 0.00% 0 Load Meter
4 130195 15224 8551 0.00% 0.13% 0.08% 0 Check heaps
5 1314 169 7775 0.00% 0.00% 0.00% 0 Pool Manager
6 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 124 3847 32 0.00% 0.00% 0.00% 0 Environmental mo
9 97060 73905 1313 0.00% 0.01% 0.00% 0 ARP Input
10 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
11 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
12 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
13 4 2 2000 0.00% 0.00% 0.00% 0 Entity MIB API
14 715 5768 123 0.00% 0.00% 0.00% 0 HC Counter Timer
15 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
16 5581 114746 48 0.00% 0.00% 0.00% 0 GraphIt
17 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
18 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
19 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
20 3689 13981 263 0.00% 0.00% 0.00% 0 Net Background
21 4 9 444 0.00% 0.00% 0.00% 0 Logger
22 4994 114744 43 0.00% 0.00% 0.00% 0 TTY Background
23 10318 114755 89 0.00% 0.00% 0.00% 0 Per-Second Jobs
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
24 0 1 0 0.00% 0.00% 0.00% 0 AggMgr Process
25 0 1 0 0.00% 0.00% 0.00% 0 dev_device_inser
26 0 1 0 0.00% 0.00% 0.00% 0 dev_device_remov
27 0 1 0 0.00% 0.00% 0.00% 0 sal_dpc_process
28 0 1 0 0.00% 0.00% 0.00% 0 ARL Table Manage
29 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM
30 0 2 0 0.00% 0.00% 0.00% 0 SM Monitor
31 4694 22145 211 0.00% 0.00% 0.00% 0 Net Input
32 2342 23057 101 0.00% 0.00% 0.00% 0 Compute load avg
33 77791 1983 39228 0.00% 0.02% 0.00% 0 Per-minute Jobs
34 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol
35 2974 114747 25 0.00% 0.00% 0.00% 0 PI MATM Aging Pr
36 669 11532 58 0.00% 0.00% 0.00% 0 EtherChnl
37 4 2 2000 0.00% 0.00% 0.00% 0 VLAN Manager
38 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
39 0 2 0 0.00% 0.00% 0.00% 0 AAA Server
40 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
41 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
42 10938 444 24635 3.01% 1.11% 0.51% 66 Virtual Exec
43 7405168 2392305 3095 7.06% 4.75% 2.91% 0 IP Input
44 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
45 28 192 145 0.00% 0.00% 0.00% 0 MOP Protocols
46 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
47 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
48 473 15379 30 0.00% 0.00% 0.00% 0 SSS Test Client
49 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
50 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
51 11073 2113 5240 0.00% 0.00% 0.00% 0 IP Background
52 176 1927 91 0.00% 0.00% 0.00% 0 IP RIB Update
53 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
54 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
55 0 1 0 0.00% 0.00% 0.00% 0 Asy FS Helper
56 89172 178502 499 0.07% 0.11% 0.10% 0 CEF process
57 937 1669 561 0.07% 0.00% 0.00% 0 TCP Timer
58 104 36 2888 0.00% 0.00% 0.00% 0 TCP Protocols
59 0 1 0 0.00% 0.00% 0.00% 0 COPS
60 0 1 0 0.00% 0.00% 0.00% 0 SNMP Timers
61 68 2 34000 0.00% 0.00% 0.00% 0 SCTP Main Proces
62 0 1 0 0.00% 0.00% 0.00% 0 IUA Main Process
63 7412 114756 64 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
64 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
65 2561 114752 22 0.00% 0.00% 0.00% 0 bsm_xmt_proc
66 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
67 720 523 1376 0.00% 0.00% 0.00% 0 DHCPD Receive
68 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
69 2497 1925 1297 0.00% 0.00% 0.00% 0 Adj Manager
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
70 4 386 10 0.00% 0.00% 0.00% 0 HTTP CORE
71 82994 1922 43181 0.00% 0.06% 0.05% 0 IP Cache Ager
72 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
73 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
74 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
75 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
76 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
77 276 4618 59 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
78 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
79 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
80 0 2 0 0.00% 0.00% 0.00% 0 LOCAL AAA
82 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
83 6239 190476 32 0.00% 0.00% 0.00% 0 Inline Power
84 4 1 4000 0.00% 0.00% 0.00% 0 PM Callback
85 281 4003 70 0.00% 0.00% 0.00% 0 CEF Scanner
86 0 2 0 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
87 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
88 0 1 0 0.00% 0.00% 0.00% 0 VPDN Scal
89 617726 1939200 318 0.47% 0.20% 0.12% 0 IP NAT Ager
90 43723 1135750 38 0.00% 0.04% 0.02% 0 fastblk backgrou
91 92 962 95 0.00% 0.00% 0.00% 0 DHCPD Timer
92 693 32664 21 0.00% 0.00% 0.00% 0 DHCPD Database
Router#
Router#sho run
Router#sho running-config
Building configuration...
Current configuration : 1578 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 &)@2LJyzUNsmKWicw/Tc6.HWL1
!
clock timezone PCTime 8
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
no ip bootp server
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 125.76.78.4 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no ip redirects
ip nat outside
duplex auto
speed 100
no cdp enable
!
interface FastEthernet0/1
description LAN
ip address 10.10.1.253 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no ip redirects
ip nat inside
duplex auto
speed 100
no cdp enable
!
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 60
ip nat translation max-entries all-vrf 200
ip nat pool isp 125.76.78.5 125.76.78.30 netmask 255.255.255.224
ip nat inside source list 9 pool isp overload
ip nat inside source static tcp 10.10.1.9 80 125.76.78.2 80 extendable (不定期失效)
ip nat inside source static tcp 10.10.1.7 21 125.76.78.3 21 extendable (不定期失效)no ip classless
ip route 0.0.0.0 0.0.0.0 125.76.78.1
no ip http server
!
access-list 9 permit 10.10.0.0 0.0.255.255
access-list 101 deny tcp any any range 6881 6890
access-list 101 deny tcp any range 6881 6890 any
access-list 101 permit ip any any
no cdp run
tftp-server syste
!
line con 0
line aux 0
line vty 0 4
password qazwsx(.)1
login
!
!
!
end
以下为show process cpu sort,show inter summary,show inter switching.
Router#show proc cpu sorted
CPU utilization for five seconds: 76%/50%; one minute: 68%; five minutes: 40%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
43 13127981 7233736 1814 22.63% 19.46% 9.63% 0 IP Input
89 1215649 5756065 211 1.35% 1.25% 0.64% 0 IP NAT Ager
42 2152 302 7125 0.55% 0.33% 0.23% 66 Virtual Exec
90 79621 5762341 13 0.23% 0.07% 0.02% 0 fastblk backgrou
56 167120 948441 176 0.15% 0.16% 0.10% 0 CEF process
9 274060 286204 957 0.15% 0.12% 0.11% 0 ARP Input
8 220 19316 11 0.00% 0.00% 0.00% 0 Environmental mo
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
10 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
6 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
12 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
13 4 2 2000 0.00% 0.00% 0.00% 0 Entity MIB API
11 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
15 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
16 6593 577966 11 0.00% 0.00% 0.00% 0 GraphIt
14 2078 28969 71 0.00% 0.00% 0.00% 0 HC Counter Timer
18 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
19 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
20 8238 74812 110 0.00% 0.00% 0.00% 0 Net Background
21 4 15 266 0.00% 0.00% 0.00% 0 Logger
4 444560 70814 6277 0.00% 0.10% 0.06% 0 Check heaps
2 5290 115873 45 0.00% 0.00% 0.00% 0 Load Meter
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
17 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
25 0 1 0 0.00% 0.00% 0.00% 0 dev_device_inser
26 0 1 0 0.00% 0.00% 0.00% 0 dev_device_remov
27 0 1 0 0.00% 0.00% 0.00% 0 sal_dpc_process
28 0 1 0 0.00% 0.00% 0.00% 0 ARL Table Manage
5 1330 445 2988 0.00% 0.00% 0.00% 0 Pool Manager
30 0 2 0 0.00% 0.00% 0.00% 0 SM Monitor
31 15146 99259 152 0.00% 0.00% 0.00% 0 Net Input
32 5430 115874 46 0.00% 0.00% 0.00% 0 Compute load avg
33 319465 9798 32605 0.00% 0.04% 0.00% 0 Per-minute Jobs
34 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol
35 4735 577965 8 0.00% 0.00% 0.00% 0 PI MATM Aging Pr
36 592 57932 10 0.00% 0.00% 0.00% 0 EtherChnl
37 4 2 2000 0.00% 0.00% 0.00% 0 VLAN Manager
38 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
39 0 2 0 0.00% 0.00% 0.00% 0 AAA Server
40 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
41 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
22 9323 577962 16 0.00% 0.00% 0.00% 0 TTY Background
23 16987 577982 29 0.00% 0.01% 0.00% 0 Per-Second Jobs
44 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
24 0 1 0 0.00% 0.00% 0.00% 0 AggMgr Process
46 4 3 1333 0.00% 0.00% 0.00% 0 PPP Hooks
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
29 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM
48 853 77247 11 0.00% 0.00% 0.00% 0 SSS Test Client
49 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
50 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
51 44195 11938 3702 0.00% 0.00% 0.00% 0 IP Background
52 622 9662 64 0.00% 0.00% 0.00% 0 IP RIB Update
53 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
54 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
55 0 1 0 0.00% 0.00% 0.00% 0 Asy FS Helper
1 361 661 546 0.00% 0.00% 0.00% 0 Chunk Manager
57 465 2874 161 0.00% 0.00% 0.00% 0 TCP Timer
58 140 63 2222 0.00% 0.00% 0.00% 0 TCP Protocols
59 0 1 0 0.00% 0.00% 0.00% 0 COPS
60 0 1 0 0.00% 0.00% 0.00% 0 SNMP Timers
61 64 2 32000 0.00% 0.00% 0.00% 0 SCTP Main Proces
62 0 1 0 0.00% 0.00% 0.00% 0 IUA Main Process
63 11515 577980 19 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
64 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
65 5176 577971 8 0.00% 0.00% 0.00% 0 bsm_xmt_proc
66 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
67 2165 1857 1165 0.00% 0.00% 0.00% 0 DHCPD Receive
68 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
69 7339 9663 759 0.00% 0.00% 0.00% 0 Adj Manager
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
70 44 1933 22 0.00% 0.00% 0.00% 0 HTTP CORE
71 141710 9654 14678 0.00% 0.05% 0.01% 0 IP Cache Ager
72 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
73 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
74 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
75 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
76 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
77 336 23184 14 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
78 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
79 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
80 0 2 0 0.00% 0.00% 0.00% 0 LOCAL AAA
82 4 2 2000 0.00% 0.00% 0.00% 0 TPLUS
83 10704 962303 11 0.00% 0.00% 0.00% 0 Inline Power
84 0 1 0 0.00% 0.00% 0.00% 0 PM Callback
85 1295 20096 64 0.00% 0.00% 0.00% 0 CEF Scanner
86 0 2 0 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
87 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
88 0 1 0 0.00% 0.00% 0.00% 0 VPDN Scal
45 32 971 32 0.00% 0.00% 0.00% 0 MOP Protocols
47 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
91 160 4830 33 0.00% 0.00% 0.00% 0 DHCPD Timer
92 2676 164108 16 0.00% 0.00% 0.00% 0 DHCPD Database
Router#
Router#show interfaces summary
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* FastEthernet0/0 0 842 0 0 5502000 918 2812000 819 0
* FastEthernet0/1 1 5843 0 0 2819000 825 5501000 919 0
NOTE:No separate counters are maintained for subinterfaces
Hence Details of subinterface are not shown
Router#
Router#show interfaces switching
FastEthernet0/0
Throttle count 0
Drops RP 842 SP 0
SPD Flushes Fast 0 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 125164 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 3364658 752766063 5237047 453862254
Cache misses 11242 - - -
Fast 119668197 4087809267 125791175 4292751657
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 969 74613
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 88865 5331900 1947 116820
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 76463 4893632 57940 3476400
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
FastEthernet0/1 $ES_LAN$
Throttle count 0
Drops RP 5843 SP 0
SPD Flushes Fast 0 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 275187 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 5713025 510692260 3518494 769138505
Cache misses 714187 - - -
Fast 125792851 146151731 119669626 4030120762
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 969 74613
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 275187 16511220 20067 1204020
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 23141 5510702 57939 3476340
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
Router#
捷盈讲师及学员解答:
1,你在调用access-list 101时,在一个端口的in和out都调用了,并且在f0/0和f0/1都调用,其实你只需要在f0/0的out 和f0/1的in方向调用。
2,2621的硬件支持用户数在cisco官方网上没有说明,根据实战经验200台以上的用户数,至少应该上2811,考虑到可扩展性,上2821都不过分。
3,对于web、ftp服务器,对内外网一般都是可访问的,在上网高峰时。实地的访问用户一般会大约200,升值更高。而这些处理有大部分用户要2621来处理,所以,还是硬件的支持极限问题。
4,问题还是在acl处。改一下acl 9加上deny tcp host 10.10.1.9 80 any ,deny tcp host 10.10.1.7 21 any
2,2621的硬件支持用户数在cisco官方网上没有说明,根据实战经验200台以上的用户数,至少应该上2811,考虑到可扩展性,上2821都不过分。
3,对于web、ftp服务器,对内外网一般都是可访问的,在上网高峰时。实地的访问用户一般会大约200,升值更高。而这些处理有大部分用户要2621来处理,所以,还是硬件的支持极限问题。
4,问题还是在acl处。改一下acl 9加上deny tcp host 10.10.1.9 80 any ,deny tcp host 10.10.1.7 21 any