免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 3451 | 回复: 2
打印 上一主题 下一主题

cisco5540防火墙口丢包 [复制链接]

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2011-12-29 15:18 |只看该作者 |倒序浏览
口g1/1属于dmz区域,口g1/0属于inside区域,先发现每个口上均出现一定数量的丢包(packets dropped),不知这是否属于正常现象:

Interface GigabitEthernet1/1 "dmz", is up, line protocol is up
  Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        Media-type configured as RJ45 connector
        MAC address 001f.9e2a.6325, MTU 1500
        IP address 10.20.55.1, subnet mask 255.255.255.0
        449927919 packets input, 433306840584 bytes, 0 no buffer
        Received 243055 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        393359925 packets output, 144643196301 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        1036 rate limit drops
        input queue (curr/max packets): hardware (0/0) software (0/0)
        output queue (curr/max packets): hardware (0/0) software (0/0)
  Traffic Statistics for "dmz":
        449747509 packets input, 424862444052 bytes
        393381731 packets output, 136453937466 bytes
        999858 packets dropped
      1 minute input rate 128 pkts/sec,  111081 bytes/sec
      1 minute output rate 130 pkts/sec,  63106 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 260 pkts/sec,  272215 bytes/sec
      5 minute output rate 197 pkts/sec,  53272 bytes/sec
      5 minute drop rate, 0 pkts/sec


Interface GigabitEthernet1/0 "inside", is up, line protocol is up
  Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
        (Full-duplex), Auto-Speed(1000 Mbps)
        Media-type configured as SFP connector

CISCO-FINISAR SFP, p/n FTLF8519P2BCL-CS installed
        MAC address 001f.9e2a.6324, MTU 1500
        IP address 10.20.100.4, subnet mask 255.255.255.0
        410116308 packets input, 145902427447 bytes, 0 no buffer
        Received 8728 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        523345585 packets output, 444335759663 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        0 rate limit drops
        input queue (curr/max packets): hardware (0/0) software (0/0)
        output queue (curr/max packets): hardware (0/0) software (0/0)
  Traffic Statistics for "inside":
        410126188 packets input, 137412753511 bytes
        523373824 packets output, 434561624174 bytes
        2588355 packets dropped
      1 minute input rate 185 pkts/sec,  31316 bytes/sec
      1 minute output rate 294 pkts/sec,  284858 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 215 pkts/sec,  53888 bytes/sec
      5 minute output rate 340 pkts/sec,  314646 bytes/sec
      5 minute drop rate, 0 pkts/sec

论坛徽章:
15
CU大牛徽章
日期:2013-03-13 15:32:35白羊座
日期:2013-10-30 13:11:16未羊
日期:2013-11-29 10:47:02白羊座
日期:2014-01-22 11:34:25白羊座
日期:2014-03-04 11:05:50申猴
日期:2014-07-29 16:31:36天秤座
日期:2013-10-23 15:33:47未羊
日期:2013-10-09 09:18:53CU大牛徽章
日期:2013-03-13 15:38:15CU大牛徽章
日期:2013-03-13 15:38:52CU大牛徽章
日期:2013-03-14 14:08:55未羊
日期:2013-09-23 09:29:22
2 [报告]
发表于 2011-12-29 15:26 |只看该作者
防火墙的作用就是要drop包的嘛

论坛徽章:
0
3 [报告]
发表于 2011-12-29 15:31 |只看该作者
嗯,会把一些检查没通过的包扔掉的。你那个丢包的数也算正常的。也如果客户没有说业务有影响,那肯定是正常的。
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP