АЧ
если изменить цифру влана- что изменит? сори за нуб вопрос
Size: a a a
2021 April 13
ГП
будет другой влан
M
Надо разнести подсети по вланам, но сначала найти вредителя, искать по макам, отключать порты, изолировать в общем, к сожалению это не быстро в вашем случае... Придётся страдать какое-то время
АЧ
итак, выключил все порты, включил несколько клиентских портов,
запросов арп от 192,168,0,1 не стало
но инкомплиты все равно есть, в разных вланах
запросов арп от 192,168,0,1 не стало
но инкомплиты все равно есть, в разных вланах
АЧ
ethanalyzer local interface inband display-filter arp limit-captured-frames 100
Capturing on inband
2021-04-13 18:00:38.815242 28:28:5d:ed:f4:09 -> ff:ff:ff:ff:ff:ff ARP Who has 10.11.21.254? Tell 10.11.21.16
2021-04-13 18:00:38.815574 a4:4c:11:b8:b3:41 -> 28:28:5d:ed:f4:09 ARP 10.11.21.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:38.818097 00:18:a9:77:7e:33 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.26.254? Tell 192.168.26.52
2021-04-13 18:00:38.975331 c0:25:e9:0c:8f:5b -> a4:4c:11:b8:b3:41 ARP Who has 10.11.42.254? Tell 10.11.42.5
2021-04-13 18:00:38.975672 a4:4c:11:b8:b3:41 -> c0:25:e9:0c:8f:5b ARP 10.11.42.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:39.018380 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.46? Tell 192.168.25.254
6 packets captured
NexusSaran(config-if)# ethanalyzer local interface inband display-filter arp limit-captured-frames 100
Capturing on inband
2021-04-13 18:00:44.354973 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.22? Tell 192.168.25.254
2021-04-13 18:00:44.364940 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.23? Tell 192.168.25.254
2021-04-13 18:00:44.364982 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.25? Tell 192.168.25.254
2021-04-13 18:00:44.374928 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.26? Tell 192.168.25.254
2021-04-13 18:00:44.388875 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.128? Tell 192.168.25.254
2021-04-13 18:00:44.389582 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.129? Tell 192.168.25.254
2021-04-13 18:00:44.474936 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.29? Tell 192.168.25.254
2021-04-13 18:00:44.504894 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.31? Tell 192.168.25.254
2021-04-13 18:00:44.511548 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.33? Tell 192.168.25.254
2021-04-13 18:00:44.521554 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.35? Tell 192.168.25.254
2021-04-13 18:00:44.521616 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.37? Tell 192.168.25.254
2021-04-13 18:00:44.521704 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.32? Tell 192.168.25.254
2021-04-13 18:00:44.531556 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.36? Tell 192.168.25.254
2021-04-13 18:00:44.531617 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.38? Tell 192.168.25.254
2021-04-13 18:00:44.544485 18:0f:76:8d:9d:c8 -> ff:ff:ff:ff:ff:ff ARP Who has 10.159.247.217? Tell 10.159.247.218
2021-04-13 18:00:44.545023 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.39? Tell 192.168.25.254
2021-04-13 18:00:44.545134 ac:84:c6:50:12:03 -> a4:4c:11:b8:b3:41 ARP Who has 10.11.31.254? Tell 10.11.31.6
2021-04-13 18:00:44.545429 a4:4c:11:b8:b3:41 -> ac:84:c6:50:12:03 ARP 10.11.31.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:44.588328 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.43? Tell 192.168.25.254
Capturing on inband
2021-04-13 18:00:38.815242 28:28:5d:ed:f4:09 -> ff:ff:ff:ff:ff:ff ARP Who has 10.11.21.254? Tell 10.11.21.16
2021-04-13 18:00:38.815574 a4:4c:11:b8:b3:41 -> 28:28:5d:ed:f4:09 ARP 10.11.21.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:38.818097 00:18:a9:77:7e:33 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.26.254? Tell 192.168.26.52
2021-04-13 18:00:38.975331 c0:25:e9:0c:8f:5b -> a4:4c:11:b8:b3:41 ARP Who has 10.11.42.254? Tell 10.11.42.5
2021-04-13 18:00:38.975672 a4:4c:11:b8:b3:41 -> c0:25:e9:0c:8f:5b ARP 10.11.42.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:39.018380 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.46? Tell 192.168.25.254
6 packets captured
NexusSaran(config-if)# ethanalyzer local interface inband display-filter arp limit-captured-frames 100
Capturing on inband
2021-04-13 18:00:44.354973 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.22? Tell 192.168.25.254
2021-04-13 18:00:44.364940 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.23? Tell 192.168.25.254
2021-04-13 18:00:44.364982 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.25? Tell 192.168.25.254
2021-04-13 18:00:44.374928 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.26? Tell 192.168.25.254
2021-04-13 18:00:44.388875 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.128? Tell 192.168.25.254
2021-04-13 18:00:44.389582 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.129? Tell 192.168.25.254
2021-04-13 18:00:44.474936 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.29? Tell 192.168.25.254
2021-04-13 18:00:44.504894 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.31? Tell 192.168.25.254
2021-04-13 18:00:44.511548 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.33? Tell 192.168.25.254
2021-04-13 18:00:44.521554 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.35? Tell 192.168.25.254
2021-04-13 18:00:44.521616 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.37? Tell 192.168.25.254
2021-04-13 18:00:44.521704 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.32? Tell 192.168.25.254
2021-04-13 18:00:44.531556 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.36? Tell 192.168.25.254
2021-04-13 18:00:44.531617 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.38? Tell 192.168.25.254
2021-04-13 18:00:44.544485 18:0f:76:8d:9d:c8 -> ff:ff:ff:ff:ff:ff ARP Who has 10.159.247.217? Tell 10.159.247.218
2021-04-13 18:00:44.545023 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.39? Tell 192.168.25.254
2021-04-13 18:00:44.545134 ac:84:c6:50:12:03 -> a4:4c:11:b8:b3:41 ARP Who has 10.11.31.254? Tell 10.11.31.6
2021-04-13 18:00:44.545429 a4:4c:11:b8:b3:41 -> ac:84:c6:50:12:03 ARP 10.11.31.254 is at a4:4c:11:b8:b3:41
2021-04-13 18:00:44.588328 a4:4c:11:b8:b3:41 -> ff:ff:ff:ff:ff:ff ARP Who has 192.168.25.43? Tell 192.168.25.254
ГП
так сказать, велком в провайдеринг и последствия пофигизма при построении сети.
АЧ
sh ip arp | grep INC | wc -l
454
NexusSaran(config-if)# sh ip arp | grep INC | wc -l
444
454
NexusSaran(config-if)# sh ip arp | grep INC | wc -l
444
M
У вас какая-то страшная картина :)) ваш Нексус умирает в броадкастах, сторм-контрол можно сделать на интерфейсах для начала, чтобы ему дышать хоть можно было
M
proxy-arp выключите, везде где он включен
M
Если он конечно не используется :)
ГП
кстати да
ГП
%10 поставить максимум
АЧ
можете подсказать, как это сделать?
M
Google nexus model storm-control configuration guide
M
Я не знаю вашей инфраструктуры
АЧ
storm-control broadcast level 66.75
storm-control action shutdown
На всех портах - пока ничего не отключил
storm-control action shutdown
На всех портах - пока ничего не отключил
V
арп коппом срезаться должен
С
ну так у вас на 66% порог сработки выставлен- чет много.
M
Если он есть, мы так и не выяснили :)
V
в дефолтном копп полиси есть арп класс