搜索内容

路由器

  • NE40E-X3 V600R001 ospf震荡问题

    问题描述 OSPF邻居震荡,设备重启之后故障仍然存在 处理过程 ospf震荡原因为ospf hello超时,即保活时间内未收到hello报文超时down Aug 30 2023 19:06:35 AL_ZD_NE40E_X3 %OSPF/3/NBR_CHG_DOWN(l)[1]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=x.x.x.x, NeighborEvent=InactivityTimer, NeighborPreviousState=Full, NeighborCurrentState=Down) Aug 30 2023 19:03:38 AL_ZD_NE40E_X3 %OSPF/3/NBR_CHG_DOWN(l)[14]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=x.x.x.x, NeighborEvent=InactivityTimer, NeighborPreviousState=Exchange, NeighborCurrentState=Down) Aug 30 2023 19:02:41 AL_ZD_NE40E_X3 %OSPF/3/NBR_CHG_DOWN(l)[23]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=x.x.x.x, NeighborEvent=InactivityTimer, NeighborPreviousState=Full, NeighborCurrentState=Down) Aug 30 2023 18:55:30 AL_ZD_NE40E_X3 %OSPF/3/NBR_CHG_DOWN(l)[60]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=x.x.x.x, NeighborEvent=InactivityTimer, NeighborPreviousState=Full, NeighborCurrentState=Down) Aug 30 2023 18:53:45 AL_ZD_NE40E_X3 %OSPF/3/NBR_CHG_DOWN(l)[88]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=x.x.x.x, NeighborEvent=InactivityTimer, NeighborPreviousState=Full, NeighborCurrentState=Down) 1、查看cpu-defend,发现有大量上送cpu的ospf报文超cpcar丢弃   2、查看设备记录的攻击溯源,发现GigabitEthernet1/0/1.20端口收到大量的ospf hello组播报文 [AL_ZD_NE40E_X3-hidecmd]dis……

    SE_You 2022-08-15
    13 0 0

  • NE40E-X8 SSH 登录,有时登录失败问题

    问题描述 NE40E-X8设备频繁上报ssh登陆失败告警,告警原因是user public key authentication failed. 告警信息 处理过程 1、MP02设备存在SSH登录失败的报错记录,频率超过5分钟30次会有trap日志记录 2、查看报错信息,为User public key authentication failed.  查看打印的debug信息,发送支持的认证列表之后,客户端选择了publickey认证方式,但是设备用户没有配置publickey认证,导致认证失败,重新发送认证方式进行认证,使用了密码认证 3、比对正常的设备,客户端选择了密码认证,没有使用publickey认证,所以不会有User public key authentication failed.的报错记录,登录失败的频率没有达到阈值,不会有告警 根因 客户端请求的认证方式不一样,客户端选择了publickey认证但是设备用户没有配置publickey认证的情况会导致设备记录ssh登陆失败日志。 解决方案 客户端侧取消publickey认证 设备侧配置用户启用publickey认证 免责声明:本案例仅供参考不提供专业意见。

    SE_You 2022-08-15
    43 0 0

  • 思科路由器控制列表ACL增删

    思科路由器多条访问控制列表,在全局模式下删除某一条访问列表而不会影响其它列表的功能 一般管理者在设定ACL的时候都会利用系统预设编号范围 RA1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list 但是只删除某一行的话,如果用”no access-list number”指令则这个编号 整份清单也就移除了!! 如果要删除某一行ACL必须要利用ip access-list extended 指令或者standard。范例如下: RA1(config)#ip access-list extended acl_name RA1(config-ext-nacl)#permit tcp any any eq 80 RA1(config-ext-nacl)#permit ip any any RA1(config-ext-nacl)#deny 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255 RA1(config-ext-nacl)#deny ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255 RA1#sh access-lists Extended IP access list acl_name 10 permit tcp any any eq www 20 permit ip any any 30 deny ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255 RA1#config t RA1#sh access-lists Extended IP access list acl_name //每一条设定规则前都IOS会自动编号 10 permit tcp any any eq www 20 permit ip any any 30 deny ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255 RA1#config t Enter configuration commands, one per line. End with CNTL/Z. RA1(conf……

    SE_Gai 2022-04-09
    11 0 0

  • FAQ-USG6300防火墙设备部署URL过滤www.facebook.com失败

    问题描述 如图: 该项目针对防火墙部署的架构比较简单,网络连通性方面没有问题。根据客户要求配置URL过滤facebook,配置如下: url-filter category user-defined name noface_cat  add url www.facebook.com  add url facebook.pt  add url facebook.com # profile type url-filter name nofacebook  add blacklist url *facebook*  add blacklist url *www.facebook.com*  add blacklist url www.facebook.com  add blacklist url facebook  category pre-defined control-level high  category user-defined name noface_cat action block  default action block security-policy  rule name NoFacebook   description App Do Facebook   policy logging   session logging   application app Facebook   action permit  rule name BlockSiteFacebook   description BlockSiteFacebook   policy logging   session logging   source-zone trust   destination-zone untrust   profile url-filter nofacebook   action permit rule name Saida   policy logging   source-zone trust   destination-zone untrust   profile av default   profile ips default   profile url-filter default   action permit  rule name Entrada   policy logging   source-zone untrust   destination-zone trust   profile av default   profile ips default   profile url-filter default   action permit  rule name BypassDetect   policy logging   source-zone untrust   destination-zone untrust   profile av default   profile ips default   a……

    SE_Gai 2022-03-16
    18 0 0
首页上一页 1011121314 14/14