返回列表 回复 发帖
midy

四星会员

Rank: 5Rank: 5

社区积分
890  
技术积分
2466  
阅读权限
50 
注册时间
2007-7-18 
    论坛徽章 7
2008年新春纪念徽章  圣诞节徽章  每日论坛发贴之星  网络设备与网管技术板块每日发帖之星  网络设备与网管技术板块每日发帖之星  网络设备与网管技术板块每日发帖之星  网络设备与网管技术板块每日发帖之星  
楼主
打印
tT
发表于 2007-8-16 17:27 | 只看该作者

ISG1000防火墙与CISCO3725路由器之间的问题

我们单位的防火墙是ISG1000,路由器是CISCO3725,现在发现在网络流量高的时候,从内网发ping包到路由器,延时很不稳定,CPU占用率 高,路由器内网接口的input error在不停的增长,而对外出口没发现异常.用另一款东软的防火墙代替ISG1000则没有C出现这些问题.我们的拓补是:外网-3725- ISG1000-内网.下面是防火墙和路由器的接口情况:

JGXY_3725#sh interfaces fa 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 000f.23ff.5340 (bia 000f.23ff.5340)
Description: connected to FW
Internet address is 219.242.48.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
  reliability 255/255, txload 7/255, rxload 20/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 3d01h
Input queue: 0/75/111316/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 7951000 bits/sec, 1015 packets/sec
5 minute output rate 2970000 bits/sec, 859 packets/sec
  365555511 packets input, 1253040526 bytes
  Received 721379 broadcasts, 0 runts, 0 giants, 0 throttles
  93300 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  392196324 packets output, 559050518 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out

nsisg1000-> get interface ethernet1/1
Interface ethernet1/1:
number 29, if_info 119016, if_index 0, mode route
link up, phy-link up/full-duplex
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
*ip 219.242.48.2/20   mac 0010.dbc2.561d
*manage ip 219.242.48.2, mac 0010.dbc2.561d
route-deny disable
ping enabled, telnet disabled, SSH disabled, SNMP disabled
web disabled, ident-reset disabled, SSL disabled
webauth disabled, webauth-ip 0.0.0.0
OSPF disabled BGP disabled RIP disabled
bandwidth: physical 100Mbps, configured 20Mbps
DHCP-Relay disabled
DHCP-server disabled


网友:

把ISG2000和3725路由器的接口参数手动设置一下,100M/full-duplex,尽量不要让它自动协商。
收藏 分享 评分
回复 引用

订阅 TOP

返回列表