Chinaunix首页 | 论坛 | 博客
  • 博客访问: 590895
  • 博文数量: 57
  • 博客积分: 877
  • 博客等级: 准尉
  • 技术积分: 1275
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-24 16:16
文章分类

全部博文(57)

文章存档

2014年(2)

2013年(15)

2012年(20)

2011年(20)

我的朋友

分类: 系统运维

2012-09-21 17:44:45

故障描述:2012921日下午1342分左右,接到短信报警,报警显示数据库服务器,医保服务器等一系列设备网络不通,经过仔细的排查,对问题产生的原因做出如下分析。

一、问题的现象

    1:从200.120.75.0/24 网段访问其他网段都不通,数据库服务器也不能登陆,这造成了业务不能正常进行,但从其他网段访问数据库是可以正常访问的,而且其他网段之间是互通的(除去200.120.75.0/250网段)。

二、问题的原因分析

1)从200.120.70.10服务器上登陆交换机200.120.70.254,查看了下系统日志


 

点击(此处)折叠或打开

  1. kqsbswitch#sh logging
  2. Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns)
  3. Console logging: level debugging, 7367 messages logged
  4. Monitor logging: level debugging, 0 messages logged
  5. Buffer logging: level debugging, 7368 messages logged
  6. Exception Logging: size (8192 bytes)
  7. Count and timestamp logging messages: disabled
  8. Trap logging: level informational, 7326 message lines logged
  9. Log Buffer (4096 bytes):
  10. address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
  11. *Sep 20 22:01:11: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
  12. *Sep 20 22:01:41: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
  13. *Sep 20 22:02:12: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
  14. *Sep 20 22:02:42: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by 0019.2129.9217
  15. *Sep 20 22:03:12: %IP-4-DUPADDR: Duplicate address 200.120.75.249 on Vlan2, sourced by

2)再查看了mac地址为0019.2129.9217ip信息(截取了一部分信息)


 

点击(此处)折叠或打开

  1. kqsbswitch#sh arp | include 0019.2129.9217
  2. Internet 200.120.75.251 0 0019.2129.9217 ARPA Vlan2
  3. Internet 200.120.75.248 0 0019.2129.9217 ARPA Vlan2
  4. Internet 200.120.75.240 0 0019.2129.9217 ARPA Vlan2
  5. Internet 200.120.75.246 0 0019.2129.9217 ARPA Vlan2
  6. Internet 200.120.75.245 0 0019.2129.9217 ARPA Vlan2
  7. Internet 200.120.75.244 0 0019.2129.9217 ARPA Vlan2
  8. Internet 200.120.75.235 0 0019.2129.9217 ARPA Vlan2
  9. Internet 200.120.75.234 0 0019.2129.9217 ARPA Vlan2
  10. Internet 200.120.75.233 0 0019.2129.9217 ARPA Vlan2
  11. Internet 200.120.75.232 0 0019.2129.9217 ARPA Vlan2
  12. Internet 200.120.75.239 0 0019.2129.9217 ARPA Vlan2
  13. Internet 200.120.75.236 0 0019.2129.9217 ARPA Vlan2
  14. Internet 200.120.75.231 0 0019.2129.9217 ARPA Vlan2
  15. Internet 200.120.75.230 0 0019.2129.9217 ARPA Vlan2
  16. Internet 200.120.75.229 0 0019.2129.9217 ARPA Vlan2
  17. Internet 200.120.75.228 0 0019.2129.9217 ARPA Vlan2
  18. Internet 200.120.75.219 0 0019.2129.9217 ARPA Vlan2
  19. Internet 200.120.75.218 0 0019.2129.9217 ARPA Vlan2
  20. Internet 200.120.75.217 0 0019.2129.9217 ARPA Vlan2
  21. Internet 200.120.75.216 0 0019.2129.9217 ARPA Vlan2
  22. Internet 200.120.75.211 0 0019.2129.9217 ARPA Vlan2
  23. Internet 200.120.75.210 0 0019.2129.9217 ARPA Vlan2
  24. Internet 200.120.75.214 0 0019.2129.9217 ARPA Vlan2
  25. Internet 200.120.75.213 0 0019.2129.9217 ARPA Vlan2
  26. Internet 200.120.75.212 0 0019.2129.9217 ARPA Vlan2
  27. Internet 200.120.75.206 0 0019.2129.9217 ARPA Vlan2
  28. Internet 200.120.75.204 0 0019.2129.9217 ARPA Vlan2
  29. Internet 200.120.75.195 0 0019.2129.9217 ARPA Vlan2
  30. Internet 200.120.75.199 0 0019.2129.9217 ARPA Vlan2

3)再查看自己电脑网关的mac 地址

C:\Users\Administrator.PC--20120613GWA>arp -a | findstr 200.120.75.250

  200.120.75.250        00-19-21-29-92-17     动态

到这这一步就可以确定问题的原因是ARP网关欺骗

      分析结果:arp网关欺骗打乱了我们电脑上的 正常的arp表,导致我们电脑无法找到网关正确的mac地址,从而导致无法正常上网。

三、问题的处理

1)ARP网关欺骗的解决办法就是绑定网关的mac地址

查看200.120.75.250 的正确mac地址,然后对ip地址进行绑定

kqsbswitch#sh arp | include 200.120.75.250

Internet  200.120.75.250          -   0000.0c07.ac01  ARPA

kqsbswitch#configure t

kqsbswitch(config)#arp 200.120.75.250 0000.0c07.ac01 arpa

 

阅读(3188) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~