Форум системных администраторов

IT => Networks => Тема начата: Cool_andy от 10 января 2020, 12:58:46

Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 10 января 2020, 12:58:46
Доброго дня! Извиняюсь, если данная тема уже существует.
Проблема такая:
Пропадает соединение с интернетом. Восстановить его помогает shutdown - no shutdown. При этом, локальная сеть исправно работает. Состояние порта на момент "отваливания" up up.

Сейчас переключился на резервную циску, точно такую же, с тем же конфигом, НО с обновленной прошивкой. Тестирую.

Вот конф. Сразу говорю, оборудование досталось в наследство, поэтому не рубите с плеча Very Happy аддресацию перепил, поэтому могут быть не состыковки.

!
interface Tunnel0
ip address X.X.X.X 255.255.255.252
tunnel source GigabitEthernet0/2
tunnel destination X.X.X.X
!
interface Tunnel4
description tunnel to office
ip address X.X.X.X 255.255.255.252
tunnel source GigabitEthernet0/2
tunnel protection ipsec profile DC-P3
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.X.X 255.255.254.0
ip access-group gi0/0_in in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description vlan2 10g
encapsulation dot1Q 2
ip address 172.16.X.X 255.255.255.0
ip access-group vlan in
ip helper-address 192.168.X.X
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.2
description vlan3 blockhosts
encapsulation dot1Q 3
ip address 192.168.X.X 255.255.255.0
ip access-group blockhost192 in
ip helper-address 192.168.X.X
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description DMZ
ip address 192.168.X.X 255.255.255.0
ip access-group DMZ in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 91.188.X.X 255.255.255.240 secondary
ip address 91.188.X.X 255.255.255.240
ip nat outside
ip inspect INSPECT in
ip virtual-reassembly in
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel protection ipsec profile AES256
!
interface Virtual-Template10
ip unnumbered GigabitEthernet0/2
!
!
router eigrp 1
network X.X.X.X 0.0.0.3
network 192.168.X.X 0.0.1.255
!
ip local pool VP X.X.X.X 10.20.10.254
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!

Так же не совсем понимаю почему настроили статический НАТ, если уже есть РАТ

ip nat inside source list LAN interface GigabitEthernet0/2 overload
ip nat inside source static 192.168.X.X 91.188.X.X extendable
ip nat inside source static tcp 192.168.X.X 15555 91.188.X.X 15555 extendable
ip nat inside source static tcp 192.168.X.X 15556 91.188.X.X 15556 extendable
ip nat inside source static udp 192.168.X.X 18479 91.188.X.X 18479 extendable
ip nat inside source static tcp 192.168.X.X 30000 91.188.X.X 30000 extendable
ip nat inside source static tcp 192.168.X.X 30001 91.188.X.X 30001 extendable
ip nat inside source static tcp 192.168.X.X 30002 91.188.X.X 30002 extendable
ip nat inside source static tcp 192.168.X.X 30003 91.188.X.X 30003 extendable
ip nat inside source static tcp 192.168.X.X 30004 91.188.X.X 30004 extendable
ip nat inside source static tcp 192.168.X.X 30005 91.188.X.X 30005 extendable
ip nat inside source static tcp 192.168.X.X 30006 91.188.X.X 30006 extendable
************ и т.д.

ip route 0.0.0.0 0.0.0.0 91.188.X.X
ip route 172.25.X.X 255.255.255.0 Tunnel4
ip route 192.168.X.X 255.255.255.0 Tunnel4


Бывают моменты, что проц грузится, то скачками, то какое-то длительное время. Но повторюсь, что внутри сети все в норме без тормозов.

Буду благодарен за помощь.
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 16:20:11
Допустил ошибку в посте. Процессор у циски сильно грузится. На протяжении дня меньше 50% не наблюдал. А так и под 100% фигачит. Что причина, не понятно....
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 14 января 2020, 16:29:17
show processes cpu
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 16:52:58
cod-gw#sh proc cpu
CPU utilization for five seconds: 99%/22%; one minute: 98%; five minutes: 97%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
   1        1132        1707        663  0.00%  0.00%  0.00%   0 Chunk Manager
   2      143892      362432        397  0.00%  0.00%  0.00%   0 Load Meter 
   3        2284         151      15125  6.65%  0.53%  0.11% 388 SSH Process
   4           0           1          0  0.00%  0.00%  0.00%   0 EDDRI_MAIN 
   5           0           1          0  0.00%  0.00%  0.00%   0 RO Notify Timers
   6     3490616      324784      10747  0.00%  0.12%  0.11%   0 Check heaps
   7        5148       31835        161  0.00%  0.00%  0.00%   0 Pool Manager
   8           0           1          0  0.00%  0.00%  0.00%   0 DiscardQ Backgro
   9           0           2          0  0.00%  0.00%  0.00%   0 Timers     
  10          76        1862         40  0.00%  0.00%  0.00%   0 WATCH_AFS   
  11           0           1          0  0.00%  0.00%  0.00%   0 License Client N
  12           0           1          0  0.00%  0.00%  0.00%   0 Image License br
  13     2977956       30149      98774  0.00%  0.07%  0.09%   0 Licensing Auto U
  14           4          12        333  0.00%  0.00%  0.00%   0 RF Slave Main Th
  15           0           1          0  0.00%  0.00%  0.00%   0 RMI RM Notify Wa
  16     1856052     1788967       1037  0.64%  0.11%  0.06%   0 Environmental mo
  17        1604      361133          4  0.00%  0.00%  0.00%   0 IPC Event Notifi
  18         408       30149         13  0.00%  0.00%  0.00%   0 IPC Dynamic Cach
  19           0           1          0  0.00%  0.00%  0.00%   0 IPC Session Serv
  20           0           1          0  0.00%  0.00%  0.00%   0 IPC Zone Manager
  21        9152     1750396          5  0.00%  0.00%  0.00%   0 IPC Periodic Tim
  22        8640     1750398          4  0.00%  0.00%  0.00%   0 IPC Deferred Por
  23           0           1          0  0.00%  0.00%  0.00%   0 IPC Process leve
  24           0           1          0  0.00%  0.00%  0.00%   0 IPC Seat Manager
  25         404      103484          3  0.00%  0.00%  0.00%   0 IPC Check Queue
  26           0           1          0  0.00%  0.00%  0.00%   0 IPC Seat RX Cont
  27           0           1          0  0.00%  0.00%  0.00%   0 IPC Seat TX Cont
  28        1628      181220          8  0.00%  0.00%  0.00%   0 IPC Keep Alive M
 --More--
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 17:05:05
твет от 8.8.8.8: число байт=32 время=41мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=22мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=27мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=24мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=29мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=151мс TTL=45
Ответ от 8.8.8.8: число байт=32 время=47мс TTL=45

пинги просто лютые как во внешку, так и внутри сети. На железке есть NAT.
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 14 января 2020, 17:20:06
sh proc cpu sorted 5min
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 17:23:11
sh proc cpu sorted 5min

cod-gw#sh proc cpu sorted 5min
CPU utilization for five seconds: 99%/22%; one minute: 93%; five minutes: 95%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 174     8965952    15024774        596 75.29% 69.11% 68.51%   0 IP Input   
 281     6325856     3502039       1806  0.00%  5.39%  5.40%   0 Inspect process
 429     3610960     3718452        971  0.00%  0.82%  1.18%   0 SSLVPN_PROCESS
  60       26120      187793        139  0.00%  0.47%  0.25%   0 Net Background
 418      495120   211798780          2  0.31%  0.20%  0.20%   0 NBAR timer tick
   6     3493576      325093      10746  0.00%  0.19%  0.12%   0 Check heaps
  13     2980280       30179      98753  0.00%  0.15%  0.11%   0 Licensing Auto U
 428     2595840      963894       2693  0.00%  0.06%  0.10%   0 DNS Server Input
 427     2374492     2905981        817  0.00%  0.06%  0.08%   0 DNS Server 
 422      254496    54564447          4  0.15%  0.07%  0.07%   0 PPP manager
 170      151916    53862895          2  0.07%  0.06%  0.07%   0 IPAM Manager
 130      194972    27310536          7  0.07%  0.05%  0.07%   0 VRRS Main thread
  35     1029908     6114410        168  0.00%  0.05%  0.06%   0 ARP Input   
  16     1857724     1790677       1037  0.55%  0.10%  0.06%   0 Environmental mo
 423      158788    54564446          2  0.07%  0.03%  0.05%   0 PPP Events 
 436       93520      651300        143  0.00%  0.06%  0.03%   0 EIGRP-IPv4 
  93      257064     1819619        141  0.07%  0.04%  0.02%   0 Per-Second Jobs
 125      265108     3587408         73  0.07%  0.02%  0.01%   0 BPSM stat Proces
  33        6668        2633       2532  0.07%  0.05%  0.01% 389 SSH Process
 396      189396     3496493         54  0.00%  0.02%  0.01%   0 IP NAT Ager
  21        9172     1752090          5  0.07%  0.00%  0.00%   0 IPC Periodic Tim
 244       49964      336584        148  0.07%  0.01%  0.00%   0 TCP Protocols
 398      639564     1114134        574  0.07%  0.01%  0.00%   0 Syslog     
  90      157352     7070698         22  0.07%  0.00%  0.00%   0 Net Input   
  63      141440     1790675         78  0.07%  0.02%  0.00%   0 TTY Background
 217      201740     1780488        113  0.07%  0.01%  0.00%   0 ADJ background
 437      129696     1814901         71  0.00%  0.01%  0.00%   0 EIGRP-IPv4 Hello
  28        1628      181401          8  0.00%  0.00%  0.00%   0 IPC Keep Alive M
 --More--
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 14 января 2020, 17:31:24
IP Input, коммутация всё выжрала.

show interfaces switching

show ip interface
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 17:38:22
IP Input, коммутация всё выжрала.

show interfaces switching

show ip interface

cod-gw#sh interfaces switchi
cod-gw#sh interfaces switching
Interface Embedded-Service-Engine0/0 is disabled

GigabitEthernet0/0
          Throttle count          9
                   Drops         RP         17         SP          0
             SPD Flushes       Fast     285829        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs    2262385      Drops          0

    Protocol  IP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process   31270879 2516039837   13428767  228793894
            Cache misses          0          -          -          -
                    Fast 1920594036 1051086982 1654466725 1513244178
               Auton/SSE          0          0          0          0

    Protocol  DEC MOP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0       3010     231770
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  ARP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process    1795825  107749500    1066445   64610128
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  CDP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      30175    6185955      33659   13229428
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process    7222809  433368540     181002   10860120
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
GigabitEthernet0/1 DMZ
          Throttle count          0
                   Drops         RP          0         SP          0
             SPD Flushes       Fast       3965        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs      23219      Drops          0

    Protocol  IP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process    2440269  208715042    1592149  135877631
            Cache misses          0          -          -          -
                    Fast   17727446 4204310422   17570284 1113499249
               Auton/SSE          0          0          0          0

    Protocol  DEC MOP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0       2953     227381
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  ARP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      23219    1393140      23255    1395300
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  CDP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0      33041   13090552
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0     177586   10655160
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
GigabitEthernet0/2
          Throttle count          1
                   Drops         RP          1         SP          0
             SPD Flushes       Fast     236080        SSE          0
             SPD Aggress       Fast          0
            SPD Priority     Inputs    4805434      Drops          0

    Protocol  IP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process   10710292 1037343019   34877060 3886289838
            Cache misses          0          -          -          -
                    Fast  921315055 2051050400 1184356313 2178569559
               Auton/SSE          0          0          0          0

    Protocol  DEC MOP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0       2953     227381
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  ARP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process    4795985  287759100     273801   16428060
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  CDP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process      55659    6233808      59089   23183614
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    Protocol  Other
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process          0          0     177575   10654500
            Cache misses          0          -          -          -
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
NVI0

    All statistics for this interface are zero.
Tunnel0

    Protocol  IP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process     324172   19487203     386275   32551492
            Cache misses          0          -          -          -
                    Fast   26157047 2979877754   43972043 1635166935
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
Tunnel4 tunnel to office

    All statistics for this interface are zero.
Virtual-Access1

    All statistics for this interface are zero.
Virtual-Access2 ***Internally created by SSLVPN context CON1***

    Protocol  IP
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                 Process         14       1036          0          0
            Cache misses          0          -          -          -
                    Fast     700553   39215875          0          0
               Auton/SSE          0          0          0          0

    NOTE: all counts are cumulative and reset only after a reload.
Virtual-Template1

    All statistics for this interface are zero.
Virtual-Template10

    All statistics for this interface are zero.
cod-gw#
_____________________________________________________________________

cod-gw#sh ip int
Embedded-Service-Engine0/0 is administratively down, line protocol is down
  Internet protocol processing disabled
GigabitEthernet0/0 is up, line protocol is up
  Internet address is 192.168.X.X/23
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is gi0/0_in
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/0.1 is up, line protocol is up
  Internet address is 172.16.X.X/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is 192.168.X.X
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is vlan
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/0.2 is up, line protocol is up
  Internet address is 192.168.102.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is 192.168.X.X
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is blockhost192
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/1 is up, line protocol is up
  Internet address is 192.168.X.X/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is DMZ
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/2 is up, line protocol is up
  Internet address is 91.188.X.X/28
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Secondary address 91.188.X.X/28
  Outgoing access list is not set
  Inbound  access list is WAN_access_in
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is disabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are None
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
  Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
  Inbound inspection rule is INSPECT
NVI0 is up, line protocol is up
  Interface is unnumbered. Using address of GigabitEthernet0/0 (192.X.X.X)
  Broadcast address is 255.255.255.255
  MTU is 1514 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Post-routing NAT NVI Output, Firewall (NAT), Firewall (inspect)
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
Tunnel0 is up, line protocol is up
  Internet address is 10.X.X.X/30
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1476 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Firewall (NAT), Firewall (inspect)
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
Tunnel4 is up, line protocol is down
  Internet address is 10.X.X.X/30
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1476 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Firewall (NAT), Firewall (inspect)
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
Virtual-Access1 is down, line protocol is down
  Internet protocol processing disabled
Virtual-Access2 is up, line protocol is up
  Interface is unnumbered. Using address of GigabitEthernet0/2 (91.188.X.X)
  Broadcast address is 255.255.255.255
  MTU is 1406 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Firewall (NAT), Firewall (inspect)
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
Virtual-Template1 is up, line protocol is down
  Interface is unnumbered. Using address of GigabitEthernet0/2 (91.188.X.X)
  Broadcast address is 255.255.255.255
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Firewall (NAT), Firewall (inspect)
  Post encapsulation features: IPSEC Post-encap output classification
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
Virtual-Template10 is down, line protocol is down
  Interface is unnumbered. Using address of GigabitEthernet0/2 (91.188.X.X)
  Broadcast address is 255.255.255.255
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Null turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Firewall (NAT), Firewall (inspect)
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
cod-gw#
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 14 января 2020, 17:41:41
И я вот смотрю это весь конфиг, там что вообще acl нет? я уже даже вангую что всё засралось спуфингом или широковещалкой.


Updated: 14 January 2020, 17:51:17

Ну что вижу, fast sw выключен, acl нет, cef нет,
вариант тут один сесть взять мануалы и написать конфиг заново, или по моему исключительно скромному мнению... похоронить этот анахронизм попросив денег на mikrotik, если там тонели не какие то совсем хитрые. да и опять же можно сервисы один за другим перетягивать на микрота.
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 17:54:48
И я вот смотрю это весь конфиг, там что вообще acl нет? я уже даже вангую что всё засралось спуфингом или широковещалкой.

Да вообще есть.
Этот на внешнем проту Gi0/2
Extended IP access list WAN_access_in
    10 deny tcp any any eq 445 (5446 matches)
    20 deny udp any any eq 445 (26 matches)
    30 permit ip any any (871460123 matches)

Этот на внутреннем локальном Gi0/0
Extended IP access list gi0/0_in
    10 deny ip host 192.168.x.x any (967040 matches)
    20 permit ip host 192.168.x.x any log (162153 matches)
    30 permit ip any any (630766345 matches)

И третий порт Gi0/1 на отдельную железку ДМЗ
Extended IP access list DMZ
    10 permit tcp host 192.168.x.x eq 587 any
    20 permit tcp host 192.168.x.x eq 50389 any
    30 permit tcp host 192.168.x.x eq 50636 any (430076 matches)
    40 permit tcp host 192.168.x.x eq 465 any
    50 permit tcp host 192.168.x.x eq 995 any
    60 permit tcp host 192.168.x.x eq 443 any (605059 matches)
    70 permit tcp host 192.168.x.x eq pop3 any
    80 permit tcp host 192.168.x.x eq 993 any
    90 permit ip host 192.168.x.x 10.0.0.0 0.255.255.255 (23500 matches)
    100 permit tcp host 192.168.x.x any eq smtp (1913304 matches)
    110 permit tcp host 192.168.x.x any eq domain (1005 matches)
    120 permit udp host 192.168.x.x any eq domain (941705 matches)
    130 permit tcp host 192.168.x.x eq smtp any (87653 matches)
    140 permit ip host 192.168.x.x 192.168.0.0 0.0.255.255 (2299793 matches)
    150 deny ip any any (2792511 matches)

 Не знаю на сколько тут все имеет место быть. Подарок достался в наследство  :(
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 14 января 2020, 18:50:32
команда sh ip cef показывает:

Prefix Next Hop Interface
0.0.0.0/0 91.x.x.x GigabitEthernet0/2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.0.x.x/30 attached Tunnel0
10.0.x.x/32 receive Tunnel0
10.0.x.x/32 receive Tunnel0
10.0.x.x/32 receive Tunnel0
46.21.252.41/32 91.x.x.x GigabitEthernet0/2
91.188.x.x/28 attached GigabitEthernet0/2
91.188.x.x/32 receive GigabitEthernet0/2
91.188.x.x/32 attached GigabitEthernet0/2
91.188.x.x/32 receive GigabitEthernet0/2
91.188.x.x/32 receive GigabitEthernet0/2
91.188.x.x/28 attached GigabitEthernet0/2
91.188.x.x/32 receive GigabitEthernet0/2
91.188.x.x/32 attached GigabitEthernet0/2

и т.д. Как понимаю cef включен.
Так же вычитал про кэширование, даже попытался включить его, но результат команды выдает пустоту:

sh ip cache
IP routing cache 0 entries, 0 bytes
0 adds, 0 invalidates, 0 refcounts
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last second, 0 in last 3 seconds

Prefix/Length Age Interface Next Hop
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 14 января 2020, 18:55:02
show cef interface для каждого активного посмотри.


Updated: 14 January 2020, 18:56:50

sh ip int

И посмотри на состояние IP CEF switching


Updated: 14 January 2020, 18:58:52

Ну и да интерыейс передергивать надо.
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 15 января 2020, 13:53:04
show cef interface для каждого активного посмотри.


Updated: 14 January 2020, 18:56:50

sh ip int

И посмотри на состояние IP CEF switching


Updated: 14 January 2020, 18:58:52

Ну и да интерыейс передергивать надо.

cod-gw#sh cef interface gi0/0
GigabitEthernet0/0 is up (if_number 3)
  Corresponding hwidb fast_if_number 3
  Corresponding hwidb firstsw->if_number 3
  Internet address is 192.168.100.1/23
  ICMP redirects are always sent
  Per packet load-sharing is disabled
  IP unicast RPF check is disabled
  Input features: Common Flow Table, Stateful Inspection, Ingress-NetFlow, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption
  Output features: Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), Post-Ingress-NetFlow, Egress-Netflow
  IP policy routing is disabled
  BGP based policy accounting on input is disabled
  BGP based policy accounting on output is disabled
  Hardware idb is GigabitEthernet0/0
  Fast switching type 1, interface type 27
  IP CEF switching enabled
  IP CEF switching turbo vector
  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
  Input fast flags 0x400060, Output fast flags 0x10100
  ifindex 3(3)
  Slot  Slot unit 0 VC -1
  IP MTU 1500
_________________________________________

cod-gw#sh ip int gi0/0
GigabitEthernet0/0 is up, line protocol is up
  Internet address is 192.168.100.1/23
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is gi0/0_in
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Ingress-NetFlow, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
  Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy, Post-Ingress-NetFlow, Egress-Netflow
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled
_____________________________________________

IP CEF switching везде вроде как enable
Название: Отваливается интернет CISCO 2911
Отправлено: Cool_andy от 16 января 2020, 12:19:34
Воспользовался sh top talkers. В пик загрузки один из хостов почти 4 гига через сеть тянет. Это у меня монтажник с схд видео материал себе качает. Получается циска плохо справляется?

А что по инету, пока решаю вопрос с провайдерами. Заметил, что инет почти в одно и то же время падает.
Название: Отваливается интернет CISCO 2911
Отправлено: Triangle от 16 января 2020, 13:29:43
ЕМНИП в маршрутизации она 35 Mbps, дальше ей становится грустно, откуда куда он его тащит? За NAT?