問題描述:
MSR56-60路由器係統版本是最新Version 7.1.064, Release 6728P26隻要一打開用戶流量排行,ipoed進程就占用一半CPU資源,關掉,ipoed進程還是一樣占用CPU一半資源,另外一台設備係統版本是Version 7.1.064, Release 6728P25,就沒有出現這裏的問題,我把整體配置文件發出來,請各位幫忙優化一下,是什麼原因導致ipoed進程一直占用CPU一半資源不釋放,本人不是專業網工,大部分配置都是依賴於Web頁麵配置,設備已過保沒法找400,請各位大佬擔待,謝謝各位大佬,謝謝
#
version 7.1.064, Release 6728P26
#
sysname H3C
#
clock timezone Beijing add 08:00:00
clock protocol ntp
#
undo resource-monitor output syslog snmp-notification netconf-event
#
security-zone intra-zone default permit
#
security-policy disable
#
dialer-group 1 rule ip permit
#
ip load-sharing mode per-flow src-ip global
#
nat alg h323
nat alg ils
nat alg mgcp
nat alg sccp
nat alg tftp
#
dhcp enable
dhcp server always-broadcast
#
dns proxy enable
#
system-working-mode standard
password-recovery enable
#
vlan 1
#
dhcp server ip-pool lan1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
address range 192.168.1.51 192.168.1.254
dns-list 192.168.1.1
expired day 8
#
controller Cellular2/0/0
#
controller Cellular2/0/1
#
interface Aux0/0/1
#
interface Dialer0
mtu 1480
ppp chap password cipher XXX
ppp chap user XXX
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user XXX password cipher XXX
dialer bundle enable
dialer-group 1
dialer timer idle 0
dialer timer autodial 5
ip address ppp-negotiate
tcp mss 1440
packet-filter name GigabitEthernet2/0/0 inbound
nat outbound
#
interface NULL0
#
interface Vlan-interface1
description LAN-interface
mtu 1480
ip address 192.168.1.1 255.255.255.0
tcp mss 1440
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber initiator unclassified-ip enable
ip subscriber dhcp domain ipoeenabledomain
ip subscriber unclassified-ip domain ipoeenabledomain
#
interface GigabitEthernet2/0/0
port link-mode route
description Multiple_Line1
combo enable copper
pppoe-client dial-bundle-number 0
#
interface GigabitEthernet2/0/1
port link-mode route
description Multiple_Line2
combo enable copper
ip last-hop hold
#
interface GigabitEthernet2/0/2
port link-mode route
description Multiple_Line3
combo enable copper
ip last-hop hold
#
interface GigabitEthernet2/0/3
port link-mode route
description Multiple_Line4
combo enable copper
ip last-hop hold
#
interface GigabitEthernet2/5/0
port link-mode bridge
#
interface GigabitEthernet2/5/1
port link-mode bridge
#
interface GigabitEthernet2/5/2
port link-mode bridge
#
interface GigabitEthernet2/5/3
port link-mode bridge
#
interface GigabitEthernet2/5/4
port link-mode bridge
#
interface GigabitEthernet2/5/5
port link-mode bridge
#
interface GigabitEthernet2/5/6
port link-mode bridge
#
interface GigabitEthernet2/5/7
port link-mode bridge
#
interface GigabitEthernet2/5/8
port link-mode bridge
#
interface GigabitEthernet2/5/9
port link-mode bridge
#
interface GigabitEthernet2/5/10
port link-mode bridge
#
interface GigabitEthernet2/5/11
port link-mode bridge
#
interface GigabitEthernet2/5/12
port link-mode bridge
#
interface GigabitEthernet2/5/13
port link-mode bridge
#
interface GigabitEthernet2/5/14
port link-mode bridge
#
interface GigabitEthernet2/5/15
port link-mode bridge
#
interface GigabitEthernet2/5/16
port link-mode bridge
#
interface GigabitEthernet2/5/17
port link-mode bridge
#
interface GigabitEthernet2/5/18
port link-mode bridge
#
interface GigabitEthernet2/5/19
port link-mode bridge
#
interface GigabitEthernet2/5/20
port link-mode bridge
#
interface GigabitEthernet2/5/21
port link-mode bridge
#
interface GigabitEthernet2/5/22
port link-mode bridge
#
interface GigabitEthernet2/5/23
port link-mode bridge
#
interface M-GigabitEthernet0
ip address 192.168.0.1 255.255.255.0
#
object-policy ip Any-Any
rule 65533 inspect 8048_url_profile_global disable
rule 65534 pass
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface1
#
security-zone name DMZ
#
security-zone name Untrust
import interface Dialer0
import interface GigabitEthernet2/0/1
import interface GigabitEthernet2/0/2
import interface GigabitEthernet2/0/3
#
security-zone name Management
#
zone-pair security source Any destination Any
object-policy apply ip Any-Any
#
zone-pair security source Local destination Trust
packet-filter name SWXWSGL
#
zone-pair security source Local destination Untrust
packet-filter name SWXWSGL
#
zone-pair security source Trust destination Local
packet-filter name SWXWSGL
#
zone-pair security source Untrust destination Local
packet-filter name SWXWSGL
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 Dialer0
#
info-center loghost 127.0.0.1 port 3301
info-center source CFGLOG loghost level informational
#
performance-management
#
ssh user admin service-type all authentication-type password
#
ntp-service enable
ntp-service unicast-server ***.***
#
acl advanced name SWXWSGL
rule 1 permit ip
#
password-control enable
undo password-control aging enable
undo password-control history enable
password-control length 6
password-control login-attempt 3 exceed lock-time 10
password-control update-interval 0
password-control login idle-time 0
#
domain ipoeenabledomain
authorization-attribute idle-cut 5 1
authentication ipoe none
authorization ipoe none
accounting ipoe none
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type ftp
service-type ssh telnet terminal http https
authorization-attribute user-role network-admin
#
security-enhanced level 1
#
session statistics enable
#
ip http enable
#
url-filter category custom severity 65535
#
traffic-policy
rule 1 name web_AppTraffRank
application app http
#
dac log-collect service dpi traffic enable
dac traffic-statistic application enable
#
dac storage service dpi traffic limit hold-time 1
dac storage service traffic limit hold-time 1
#
return
- 2023-12-23提問
- 舉報
-
(0)
最佳答案
一般不是版本的問題,後續版本都是在之前的版本上優化的,找個時間取消流量排行的配置,一般不建議用,保存配置重啟恢複看看
- 2023-12-23回答
- 評論(2)
- 舉報
-
(0)
您好,首先感謝您的回複,我試過恢複配置文件,但隻要一打開用戶流量排行,ipoed進程就啟動直接吃掉cpu一半資源,打開上網行為管理,網址日誌,應用流量排行都沒事。
我看到您的配置文件,發現您的路由器使用了IPoE業務,這可能是導致CPU占用率高的原因之一。IPoE業務是一種基於IP地址的用戶接入方式,它需要路由器對用戶的IP地址進行認證、授權、計費等操作,這些操作會消耗CPU的資源。您可以嚐試以下方法來優化您的配置:
1. 限製IPoE用戶的數量,避免過多的用戶同時接入造成CPU壓力。
2. 優化IPoE用戶的地址分配,使用固定的地址池或者預分配的地址,減少動態地址分配的開銷。
3. 優化IPoE用戶的認證方式,使用基於MAC地址的認證或者Portal認證,避免使用基於DHCP的認證,因為DHCP報文會增加CPU的處理負載。
4. 優化IPoE用戶的計費方式,使用基於流量的計費或者基於時長的計費,避免使用基於會話的計費,因為會話的建立和維護會占用CPU的資源。
5. 優化IPoE用戶的策略控製,使用基於用戶組的策略或者基於業務的策略,避免使用基於用戶的策略,因為用戶的策略會增加CPU的匹配次數。
- 2023-12-23回答
- 評論(1)
- 舉報
-
(0)
您好,首先感謝您的回複,請問配置文件裏麵那一部分是屬於IPoE業務,麻煩您指點一下,我好研究官方文檔,謝謝
您好,首先感謝您的回複,請問配置文件裏麵那一部分是屬於IPoE業務,麻煩您指點一下,我好研究官方文檔,謝謝
編輯答案
親~登錄後才可以操作哦!
確定你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作
舉報
×
侵犯我的權益
×
侵犯了我企業的權益
×
- 1. 您舉報的內容是什麼?(請在郵件中列出您舉報的內容和鏈接地址)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
- 3. 是哪家企業?(營業執照,單位登記證明等證件)
- 4. 您與該企業的關係是?(您是企業法人或被授權人,需提供企業委托授權書)
抄襲了我的內容
×
原文鏈接或出處
誹謗我
×
- 1. 您舉報的內容以及侵犯了您什麼權益?(請在郵件中列出您舉報的內容、鏈接地址,並給出簡短的說明)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
對根叔社區有害的內容
×
不規範轉載
×
舉報說明
這種一般就要後台收診斷去看了呀,目前您過保的話建議您不使用這個功能