故障描述:2012年9月21日下午13点42分左右,接到短信报警,报警显示数据库服务器,医保服务器等一系列设备网络不通,经过仔细的排查,对问题产生的原因做出如下分析。
一、问题的现象
1:从200.120.75.0/24 网段访问其他网段都不通,数据库服务器也不能登陆,这造成了业务不能正常进行,但从其他网段访问数据库是可以正常访问的,而且其他网段之间是互通的(除去200.120.75.0/250网段)。
二、问题的原因分析
1)从200.120.70.10服务器上登陆交换机200.120.70.254,查看了下系统日志
-
kqsbswitch#sh logging
-
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns)
-
Console logging: level debugging, 7367 messages logged
-
Monitor logging: level debugging, 0 messages logged
-
Buffer logging: level debugging, 7368 messages logged
-
Exception Logging: size (8192 bytes)
-
Count and timestamp logging messages: disabled
-
Trap logging: level informational, 7326 message lines logged
-
-
Log Buffer (4096 bytes):
-
address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
-
*Sep 20 22:01:11: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
-
*Sep 20 22:01:41: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
-
*Sep 20 22:02:12: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
-
*Sep 20 22:02:42: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
-
*Sep 20 22:03:12: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by
2)再查看了mac地址为0019.2129.9217的ip信息(截取了一部分信息)
-
kqsbswitch#sh arp | include 0019.2129.9217
-
Internet 200.120.75.251 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.248 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.240 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.246 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.245 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.244 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.235 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.234 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.233 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.232 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.239 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.236 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.231 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.230 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.229 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.228 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.219 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.218 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.217 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.216 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.211 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.210 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.214 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.213 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.212 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.206 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.204 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.195 0 0019.2129.9217 ARPA Vlan2
-
Internet 200.120.75.199 0 0019.2129.9217 ARPA Vlan2
3)再查看自己电脑网关的mac 地址
C:\Users\Administrator.PC--20120613GWA>arp -a | findstr 200.120.75.250
200.120.75.250 00-19-21-29-92-17 动态
到这这一步就可以确定问题的原因是ARP网关欺骗
分析结果:arp网关欺骗打乱了我们电脑上的 正常的arp表,导致我们电脑无法找到网关正确的mac地址,从而导致无法正常上网。
三、问题的处理
1)ARP网关欺骗的解决办法就是绑定网关的mac地址
查看200.120.75.250 的正确mac地址,然后对ip地址进行绑定
kqsbswitch#sh arp | include 200.120.75.250
Internet 200.120.75.250 - 0000.0c07.ac01 ARPA
kqsbswitch#configure t
kqsbswitch(config)#arp 200.120.75.250 0000.0c07.ac01 arpa
阅读(3188) | 评论(1) | 转发(0) |