某企業網核心爲4506,接入基本爲2950系列。核心有一塊X 4548 GB -RJ業務板,其中48口上聯到防火牆,其他下聯到客戶端。客戶端網關指向核心交換機,上網速度奇慢。指向防火牆則速度正常,防火牆地址爲172。16。1。1 核心配置如下:
core_switch#show run
Building configuration...
Current configuration : 6061 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname core_switch
!
enable secret 5 $1$21p4$rcisbziyY7iFWx0w7jm6d.
enable password kindy
!
vtp mode transparent
ip subnet-zero
!
spanning-tree extend system-id
!
!
vlan 2
name vlan2
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet2/1
description To ZXC
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/2
description To HYS-310
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/3
description To HYS-303
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/4
description To PGZ
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/5
description To WLZ
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/1
description To BACK_24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/3
!
interface GigabitEthernet3/4
!
interface GigabitEthernet3/5
!
interface GigabitEthernet3/6
!
interface GigabitEthernet4/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/25
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/26
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/27
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/28
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/29
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/31
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/32
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/33
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/34
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/35
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/36
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/37
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/38
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/39
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/40
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/41
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/42
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/43
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/44
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/45
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/46
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/47
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/48
!
interface Vlan1
ip address 172.16.1.121 255.255.255.0
!
interface Vlan2
ip address 172.16.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.1
no ip http server
!
!
!
!
line con 0
password ******
login
stopbits 1
line vty 0 4
password ******
login
!
end
core_switch#show run
Building configuration...
Current configuration : 6061 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname core_switch
!
enable secret 5 $1$21p4$rcisbziyY7iFWx0w7jm6d.
enable password kindy
!
vtp mode transparent
ip subnet-zero
!
spanning-tree extend system-id
!
!
vlan 2
name vlan2
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet2/1
description To ZXC
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/2
description To HYS-310
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/3
description To HYS-303
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/4
description To PGZ
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/5
description To WLZ
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/1
description To BACK_24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/3
!
interface GigabitEthernet3/4
!
interface GigabitEthernet3/5
!
interface GigabitEthernet3/6
!
interface GigabitEthernet4/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/25
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/26
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/27
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/28
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/29
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/30
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/31
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/32
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/33
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/34
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/35
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/36
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/37
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/38
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/39
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/40
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/41
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/42
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/43
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/44
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/45
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/46
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/47
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet4/48
!
interface Vlan1
ip address 172.16.1.121 255.255.255.0
!
interface Vlan2
ip address 172.16.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.1
no ip http server
!
!
!
!
line con 0
password ******
login
stopbits 1
line vty 0 4
password ******
login
!
end
解決辦法:
int vlan 1
no ip redirects
no ip redirects
解釋:
ip redirect是ICMP協議中規定的一種狀態,在此例中所有的數據包都要通過172.16.1.121再轉發給防火牆172.16.1.1,121發現1以及所有的客戶機都在一個網段內,121就會給客戶機發出icmp redirect報文,告訴客戶機往外訪問的下一跳地址指向172.16.1.1,如果客戶機是UNIX操作系統(我試過linux和Sco UNIX),操作系統會自動在主機路由表中加入這個信息,這樣客戶機就不必通過172.16.1.121來轉發數據包了。但Windows主機好像無此功能,所以就造成了主交換機不斷給客戶機發icmp redirect報文,導致了整個系統很慢。這是我的看法,希望和大家共同討論!