刘文粟,某局点40G 无线插卡系列AP一直掉线
问题描述
现场AP一直掉线
%Oct 9 17:33:40:515 2022 NC-ZHENGSHANG-AC CWS/6/CWS_AP_UP: Master CAPWAP tunnel to AP jysd-11f-1112wai went up.
%Oct 9 17:33:40:537 2022 NC-ZHENGSHANG-AC CWS/4/CWS_AP_DOWN: CAPWAP tunnel to AP abc-nb-jianxing-3 went down. Reason: Failed to retransmit message.
%Oct 9 17:33:40:543 2022 NC-ZHENGSHANG-AC APMGR/6/APMGR_AP_OFFLINE: AP abc-nb-jianxing-3 went offline. State changed to Idle.
过程分析
Ping不通交换机内联口,没学到ARP
===============display arp all===============
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface/Link ID Aging Type
xx.xx.xx.xx xx.xx.xx.xx -- MGE0/0/0 18 D
xx.xx.xx.xx xx.xx.xx.xx 2098 BAGG1 10 D
xx.xx.xx.xx xx.xx.xx.xx 2098 BAGG1 20 D
没有用户接入
===============display wlan client===============
CPU很高
===============display CPU-usage history slot 1 ===============
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%| #### # # # # # # ####### #####
55%| ####### #################### ##################### ######
50%|############################################################
45%|############################################################
40%|############################################################
35%|############################################################
30%|############################################################
25%|############################################################
20%|############################################################
15%|############################################################
10%|############################################################
5%|############################################################
------------------------------------------------------------
10 20 30 40 50 60 (minutes)
cpu-usage (Slot 1 CPU 0) last 60 minutes (SYSTEM)
转发核全打满了
312 3.2% 3.1% 3.2% [kdrvfwd16]
313 3.2% 3.1% 3.2% [kdrvfwd17]
314 3.2% 3.1% 3.2% [kdrvfwd18]
315 3.2% 3.1% 3.2% [kdrvfwd19]
316 3.2% 3.1% 3.2% [kdrvfwd20]
317 3.2% 3.1% 3.2% [kdrvfwd21]
318 3.2% 3.1% 3.2% [kdrvfwd22]
319 3.2% 3.1% 3.2% [kdrvfwd23]
320 3.2% 3.1% 3.2% [kdrvfwd24]
321 3.2% 3.1% 3.2% [kdrvfwd25]
322 3.2% 3.1% 3.2% [kdrvfwd26]
323 3.2% 3.1% 3.2% [kdrvfwd27]
324 3.2% 3.1% 3.2% [kdrvfwd28]
325 3.2% 3.1% 3.2% [kdrvfwd29]
326 3.2% 3.1% 3.2% [kdrvfwd30]
服务模板几乎都是集中转发
用户隔离配置在服务模板下
#
wlan service-template 25
ssid
vlan 1500
user-isolation enable
akm mode psk
preshared-key pass-phrase cipher $c$3$T1I3mI5+X0hz3hWxTPH/8g5AK7wQTGm0twMX
cipher-suite ccmp
security-ie rsn
service-template enable
#
wlan service-template 26
ssid YingYuan
vlan 1503
user-isolation enable
service-template enable
#
wlan service-template 27
ssid
vlan 1503
user-isolation enable
akm mode psk
preshared-key pass-phrase cipher $c$3$w6CYpq8LEFVKInWhIvvVisPUZ/Y5iExMVvdX
cipher-suite ccmp
security-ie rsn
service-template enable
#
接口放通的vlan太多
#
interface Bridge-Aggregation1
description nei
port link-type trunk
port trunk permit vlan 1 to 841 843 to 4094
#
AC与核心连接的端口的广播/组播流量统计,外界向AC侧输入的广播/组播流量pps很高,达到了几十万,导致AC的转发核被打满,导致AP掉线。
解决方法
修改为vlan下的二层隔离和修剪接口vlan,排查外界向AC输入的广播/组播来源,需要考虑外界设备上环路的可能
