aborov писал(а):
Добрый день, какой месяц уже пытаюсь понять как DGS3627G ведет себя при обнаружении петли (или не петли совсем), или как эту петлю отловить.
в логах пишет:
Код:
351 2012-07-31 14:42:30 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
350 2012-07-31 14:41:53 Port 7 VID 815 LBD recovered. Loop detection restarted
349 2012-07-31 14:41:53 Port 6 VID 815 LBD recovered. Loop detection restarted
348 2012-07-31 14:41:53 Port 5 VID 815 LBD recovered. Loop detection restarted
347 2012-07-31 14:41:53 Port 4 VID 815 LBD recovered. Loop detection restarted
346 2012-07-31 14:41:53 Port 3 VID 815 LBD recovered. Loop detection restarted
345 2012-07-31 14:41:53 Port 2 VID 815 LBD recovered. Loop detection restarted
344 2012-07-31 14:41:53 Port 1 VID 815 LBD recovered. Loop detection restarted
343 2012-07-31 14:41:38 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
342 2012-07-31 14:40:53 Port 7 VID 815 LBD loop occurred. Packet discard begun
341 2012-07-31 14:40:53 Port 6 VID 815 LBD loop occurred. Packet discard begun
340 2012-07-31 14:40:53 Port 5 VID 815 LBD loop occurred. Packet discard begun
339 2012-07-31 14:40:53 Port 4 VID 815 LBD loop occurred. Packet discard begun
338 2012-07-31 14:40:53 Port 3 VID 815 LBD loop occurred. Packet discard begun
337 2012-07-31 14:40:53 Port 2 VID 815 LBD loop occurred. Packet discard begun
336 2012-07-31 14:40:53 Port 1 VID 815 LBD loop occurred. Packet discard begun
335 2012-07-31 14:40:53 Port 7 VID 815 LBD recovered. Loop detection restarted
334 2012-07-31 14:40:53 Port 6 VID 815 LBD recovered. Loop detection restarted
333 2012-07-31 14:40:53 Port 5 VID 815 LBD recovered. Loop detection restarted
332 2012-07-31 14:40:53 Port 4 VID 815 LBD recovered. Loop detection restarted
331 2012-07-31 14:40:53 Port 3 VID 815 LBD recovered. Loop detection restarted
330 2012-07-31 14:40:53 Port 2 VID 815 LBD recovered. Loop detection restarted
329 2012-07-31 14:40:53 Port 1 VID 815 LBD recovered. Loop detection restarted
328 2012-07-31 14:40:01 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
327 2012-07-31 14:39:53 Port 7 VID 815 LBD loop occurred. Packet discard begun
326 2012-07-31 14:39:53 Port 6 VID 815 LBD loop occurred. Packet discard begun
325 2012-07-31 14:39:53 Port 5 VID 815 LBD loop occurred. Packet discard begun
324 2012-07-31 14:39:53 Port 4 VID 815 LBD loop occurred. Packet discard begun
323 2012-07-31 14:39:53 Port 3 VID 815 LBD loop occurred. Packet discard begun
322 2012-07-31 14:39:53 Port 2 VID 815 LBD loop occurred. Packet discard begun
321 2012-07-31 14:39:53 Port 1 VID 815 LBD loop occurred. Packet discard begun
320 2012-07-31 14:39:53 Port 7 VID 815 LBD recovered. Loop detection restarted
319 2012-07-31 14:39:53 Port 6 VID 815 LBD recovered. Loop detection restarted
318 2012-07-31 14:39:53 Port 5 VID 815 LBD recovered. Loop detection restarted
317 2012-07-31 14:39:53 Port 4 VID 815 LBD recovered. Loop detection restarted
316 2012-07-31 14:39:53 Port 3 VID 815 LBD recovered. Loop detection restarted
315 2012-07-31 14:39:53 Port 2 VID 815 LBD recovered. Loop detection restarted
314 2012-07-31 14:39:53 Port 1 VID 815 LBD recovered. Loop detection restarted
313 2012-07-31 14:39:00 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
312 2012-07-31 14:38:53 Port 7 VID 815 LBD loop occurred. Packet discard begun
311 2012-07-31 14:38:53 Port 6 VID 815 LBD loop occurred. Packet discard begun
310 2012-07-31 14:38:53 Port 5 VID 815 LBD loop occurred. Packet discard begun
309 2012-07-31 14:38:53 Port 4 VID 815 LBD loop occurred. Packet discard begun
308 2012-07-31 14:38:53 Port 3 VID 815 LBD loop occurred. Packet discard begun
307 2012-07-31 14:38:53 Port 2 VID 815 LBD loop occurred. Packet discard begun
306 2012-07-31 14:38:53 Port 1 VID 815 LBD loop occurred. Packet discard begun
305 2012-07-31 14:38:53 Port 7 VID 815 LBD recovered. Loop detection restarted
304 2012-07-31 14:38:53 Port 6 VID 815 LBD recovered. Loop detection restarted
303 2012-07-31 14:38:53 Port 5 VID 815 LBD recovered. Loop detection restarted
302 2012-07-31 14:38:53 Port 4 VID 815 LBD recovered. Loop detection restarted
301 2012-07-31 14:38:53 Port 3 VID 815 LBD recovered. Loop detection restarted
300 2012-07-31 14:38:53 Port 2 VID 815 LBD recovered. Loop detection restarted
299 2012-07-31 14:38:53 Port 1 VID 815 LBD recovered. Loop detection restarted
298 2012-07-31 14:38:00 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
297 2012-07-31 14:37:53 Port 7 VID 815 LBD loop occurred. Packet discard begun
296 2012-07-31 14:37:53 Port 6 VID 815 LBD loop occurred. Packet discard begun
295 2012-07-31 14:37:53 Port 5 VID 815 LBD loop occurred. Packet discard begun
294 2012-07-31 14:37:53 Port 4 VID 815 LBD loop occurred. Packet discard begun
293 2012-07-31 14:37:53 Port 3 VID 815 LBD loop occurred. Packet discard begun
292 2012-07-31 14:37:53 Port 2 VID 815 LBD loop occurred. Packet discard begun
291 2012-07-31 14:37:53 Port 1 VID 815 LBD loop occurred. Packet discard begun
290 2012-07-31 14:37:53 Port 7 VID 815 LBD recovered. Loop detection restarted
289 2012-07-31 14:37:53 Port 6 VID 815 LBD recovered. Loop detection restarted
288 2012-07-31 14:37:53 Port 5 VID 815 LBD recovered. Loop detection restarted
287 2012-07-31 14:37:53 Port 4 VID 815 LBD recovered. Loop detection restarted
286 2012-07-31 14:37:52 Port 3 VID 815 LBD recovered. Loop detection restarted
285 2012-07-31 14:37:52 Port 2 VID 815 LBD recovered. Loop detection restarted
284 2012-07-31 14:37:52 Port 1 VID 815 LBD recovered. Loop detection restarted
283 2012-07-31 14:37:00 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
282 2012-07-31 14:36:52 Port 7 VID 815 LBD loop occurred. Packet discard begun
281 2012-07-31 14:36:52 Port 6 VID 815 LBD loop occurred. Packet discard begun
280 2012-07-31 14:36:52 Port 5 VID 815 LBD loop occurred. Packet discard begun
279 2012-07-31 14:36:52 Port 4 VID 815 LBD loop occurred. Packet discard begun
278 2012-07-31 14:36:52 Port 3 VID 815 LBD loop occurred. Packet discard begun
277 2012-07-31 14:36:52 Port 2 VID 815 LBD loop occurred. Packet discard begun
276 2012-07-31 14:36:52 Port 1 VID 815 LBD loop occurred. Packet discard begun
275 2012-07-31 14:36:52 Port 7 VID 815 LBD recovered. Loop detection restarted
274 2012-07-31 14:36:52 Port 6 VID 815 LBD recovered. Loop detection restarted
273 2012-07-31 14:36:52 Port 5 VID 815 LBD recovered. Loop detection restarted
272 2012-07-31 14:36:52 Port 4 VID 815 LBD recovered. Loop detection restarted
271 2012-07-31 14:36:52 Port 3 VID 815 LBD recovered. Loop detection restarted
270 2012-07-31 14:36:52 Port 2 VID 815 LBD recovered. Loop detection restarted
269 2012-07-31 14:36:52 Port 1 VID 815 LBD recovered. Loop detection restarted
268 2012-07-31 14:36:01 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
267 2012-07-31 14:35:53 Port 7 VID 815 LBD loop occurred. Packet discard begun
266 2012-07-31 14:35:53 Port 6 VID 815 LBD loop occurred. Packet discard begun
265 2012-07-31 14:35:53 Port 5 VID 815 LBD loop occurred. Packet discard begun
264 2012-07-31 14:35:53 Port 4 VID 815 LBD loop occurred. Packet discard begun
263 2012-07-31 14:35:53 Port 3 VID 815 LBD loop occurred. Packet discard begun
262 2012-07-31 14:35:53 Port 2 VID 815 LBD loop occurred. Packet discard begun
261 2012-07-31 14:35:53 Port 1 VID 815 LBD loop occurred. Packet discard begun
260 2012-07-26 21:56:11 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
259 2012-07-26 21:56:04 Port 20 link up, 1000Mbps FULL duplex
258 2012-07-26 21:54:54 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
257 2012-07-26 21:54:47 Port 20 link down
256 2012-07-25 17:37:07 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
255 2012-07-25 17:37:00 Port 7 VID 815 LBD recovered. Loop detection restarted
254 2012-07-25 17:37:00 Port 6 VID 815 LBD recovered. Loop detection restarted
253 2012-07-25 17:37:00 Port 5 VID 815 LBD recovered. Loop detection restarted
252 2012-07-25 17:37:00 Port 4 VID 815 LBD recovered. Loop detection restarted
251 2012-07-25 17:37:00 Port 3 VID 815 LBD recovered. Loop detection restarted
250 2012-07-25 17:37:00 Port 2 VID 815 LBD recovered. Loop detection restarted
249 2012-07-25 17:37:00 Port 1 VID 815 LBD recovered. Loop detection restarted
248 2012-07-25 17:36:08 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
247 2012-07-25 17:36:00 Port 7 VID 815 LBD loop occurred. Packet discard begun
246 2012-07-25 17:36:00 Port 6 VID 815 LBD loop occurred. Packet discard begun
245 2012-07-25 17:36:00 Port 5 VID 815 LBD loop occurred. Packet discard begun
244 2012-07-25 17:36:00 Port 4 VID 815 LBD loop occurred. Packet discard begun
243 2012-07-25 17:36:00 Port 3 VID 815 LBD loop occurred. Packet discard begun
242 2012-07-25 17:36:00 Port 2 VID 815 LBD loop occurred. Packet discard begun
241 2012-07-25 17:36:00 Port 1 VID 815 LBD loop occurred. Packet discard begun
240 2012-07-24 14:10:58 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
239 2012-07-24 14:10:56 Port 20 link up, 1000Mbps FULL duplex
238 2012-07-24 14:09:49 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
237 2012-07-24 14:09:46 Port 20 link down
236 2012-07-24 01:52:59 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
235 2012-07-24 01:52:59 Port 24 link up, 100Mbps FULL duplex
234 2012-07-24 01:52:43 Port 24 link down
233 2012-07-24 01:52:43 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
232 2012-07-24 01:52:43 Port 24 link up, 100Mbps FULL duplex
231 2012-07-24 01:47:55 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
230 2012-07-24 01:47:47 Port 24 link down
229 2012-07-24 01:46:19 Port 24 link up, 100Mbps FULL duplex
228 2012-07-24 01:46:12 Port 24 link down
227 2012-07-24 01:46:02 Port 24 link up, 100Mbps FULL duplex
226 2012-07-24 01:46:01 Port 24 link down
225 2012-07-24 01:46:01 Possible spoofing attack from 00-1E-58-5A-D6-00 port 2
5
224 2012-07-24 01:46:01 Port 24 link up, 100Mbps FULL duplex
LBD Global Settings
---------------------------
LBD Status : Enabled
LBD Mode : VLAN-Based
LBD Interval : 1 s
LBD Recover Timer : 60 s
LBD Trap Status : Both
DGS-3627G:5#show stp
Command: show stp
STP Bridge Global Settings
---------------------------
STP Status : Disabled
STP Version : RSTP
Max Age : 20
Hello Time : 2
Forward Delay : 15
Max Hops : 20
TX Hold Count : 3
Forwarding BPDU : Enabled
Loopback Detection : Enabled
LBD Recover Time : 60
версия прошивки 2.50, менять прошивку нельзя, коммутатор постоянно под нагрузкой.
скажите пожалуйста что все это значит? как отыскать петлю? VLAN ID 815 прописан на 1-7, 20 портах тегом. причем здесь подмена мака на 25 порту и причем здесь такая реакция на поднятие и падение 24 порта? почему при падении 20 порта также обнаруживается подмена мака на 25 порту? почему коммутатор начинает дико глючить при Possible spoofing attack port и резко тормозит прохождение трафика в других VLAN?
какова логика DGS3627G в данной ситуации???
разве в прошивке DGS36xxRun_2.84-B25 исправлялся протокол LBD?
можно ли в данном случае обойтись без обновления прошивки?
А вам принципиально loopdetect VLAN based? Может лучше port based? так хотя бы понятно будет, в каком порту петля.
Судя по всему где-то петля, флуд или подмена ip/mac шлюза пользователем. У нас себя плохо вел не управляемый коммутатор. При включении его в сеть, начиналось вот такое-же.
На доступе нужно включать Loopdetect, прописывать на клиентские порты ACL, запрещающий мак шлюза. И прописывать arp_spoofing_prevention на клиентские порты, и должно будет быть счастье. (это конечно, если оборудование на доступе управляемое)
Вход
Регистрация
FAQ
Поиск
