昨天下午17點多發生一台cisco不明原因的網路不通
早上去查了一下
找不到原因
只好把昨天早上的config 備份倒回去
說也奇怪 就正常了
到了今天中午
宿舍的4台cisco一起出問題
查了一下log如下
Jul 30 11:10:27 GMT+8: %ACL_ERRMSG-4-UNLOADED: 1 fed: Output IP Vlan ACL on interface Vlan206 for label 3 on asic255 could not be programmed in hardware and traffic will be dropped.
Jul 30 11:10:27 GMT+8: %ACL_ERRMSG-4-UNLOADED: 1 fed: Output IP Vlan ACL on interface Vlan207 for label 3 on asic255 could not be programmed in hardware and traffic will be dropped.
Jul 30 11:10:27 GMT+8: %ACL_ERRMSG-4-UNLOADED: 1 fed: Output IP Vlan ACL on interface Vlan208 for label 3 on asic255 could not be programmed in hardware and traffic will be dropped.
Jul 30 11:10:27 GMT+8: %ACL_ERRMSG-4-UNLOADED: 1 fed: Output IP Vlan ACL on interface Vlan209 for label 3 on asic255 could not be programmed in hardware and traffic will be dropped.
Jul 30 11:10:27 GMT+8: %ACL_ERRMSG-4-UNLOADED: 1 fed: Output IP Vlan ACL on interface Vlan210 for label 3 on asic255 could not be programmed in hardware and traffic will be dropped.
詢問廠商後得到這樣的回答
原廠對3850/3650 ACL限制的說明,
ACL TCAM (TAQ)有2塊,分別為in與out,但VACL只能使用其中1塊.限制如下:
1.VACL => 1.5K 筆 (最多,不分in,out)
2.MAC VACL => 單向460筆(in,out分開算)
3.IPv4 VACL => 單向690筆(in,out分開算)
4.IPv4 PACL,RACL => 單向1380筆(in,out分開算)
5.MAC PACL,RACL =>單向690筆(in,out分開算)
6.IPv6 PACL,RACL =>單向690筆(in,out分開算)
VLAN Access Control List (VACL) − A VACL is an ACL that is applied to a VLAN. It can only be applied to a VLAN and no other type of interface. The security boundary is to permit or deny traffic that moves between VLANs and permit or deny traffic within a VLAN. The VLAN ACL is supported in hardware, and has no effect on the performance.
Port Access Control List (PACL) − A PACL is an ACL applied to a Layer 2 switchport interface. The security boundary is to permit or deny traffic within a VLAN. The PACL is supported in hardware and has no effect on the performance.
Router ACL (RACL) − An RACL is an ACL that is applied to an interface that has a Layer 3 address assigned to it. It can be applied to any port that has an IP address such as routed interfaces, loopback interfaces, and VLAN interfaces. The security boundary is to permit or deny traffic that moves between subnets or n
意思就是說當acl下超過690條後 机器就會不正常了
XD
cisco吔
為什麼以前都沒發生過咧
不知是因為最近snort升到 2.9.7.5 所以 port scan變的比較敏感
還是port scan真的變多了
反正先改了一下程式
要block的ip直接下到fortiget而不先進LP了
看來也沒啥好方法可以處理了
2015/07/28
2015/07/22
雖然網路上已經有很多關於使用ssh不用打密碼的教學文章
還是稍微記一下好了
先在client和server使用者的home目錄下建立.ssh的目錄
在client的机器中執行以下指令
ssh-keygen -t rsa 或 ssh-keygen -t dsa
dsa rsa 是二種不同的加密方式 就看要選擇那一種
之後按個几次enter
會在.ssh這個目錄內產生一對檔案
id_dsa
id_dsa.pub
或
id_rsa
id_rsa.pub
接下來把.pub那個檔案傳到要連線的server上
scp id_rsa.pub server_ip:~/.ssh/
再連到server上執行
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
exit後再次連到server就無需再打密碼了
若有很多的client端key要放到server上
只要把pub檔附加到authorized_keys即可
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
server端 修改 /etc/ssh/sshd_config
某些os可能不接受dsa的key而無法登入 此時就要換用rsa
server端 修改 /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
如果要開放 root login
PermitRootLogin prohibit-password
改為:
PermitRootLogin yes
2015/07/21
2015/07/15
又到了每半年一次要使用openvas的時間
果不其然 又出問題了
決定以後要用再下vm 回來就好了
不想再裝了
vm使用的是debian
跑在virtualbox上還ok
跑完後因為報表只需要High跟Medium
所以在用ip sort後要再改 levels=hm 才符合需求
整個filter的條件如下
sort=host first=1 result_hosts_only=1 min_cvss_base= min_qod= levels=hm autofp=0 notes=1 overrides=1 rows=100 delta_states=gn
果不其然 又出問題了
決定以後要用再下vm 回來就好了
不想再裝了
vm使用的是debian
跑在virtualbox上還ok
跑完後因為報表只需要High跟Medium
所以在用ip sort後要再改 levels=hm 才符合需求
整個filter的條件如下
sort=host first=1 result_hosts_only=1 min_cvss_base= min_qod= levels=hm autofp=0 notes=1 overrides=1 rows=100 delta_states=gn
最近每次升級cacti都有問題
升到 0.8.8e 後原本正常的script output 竟然有個值不見了
到forum看看 已經有人反應了
http://forums.cacti.net/viewtopic.php?f=21&t=54856
只能再等了
無言
升到 0.8.8e 後原本正常的script output 竟然有個值不見了
到forum看看 已經有人反應了
http://forums.cacti.net/viewtopic.php?f=21&t=54856
只能再等了
無言
2015/07/07
今天接到一個工作
要把snort裡的資料匯出成文字檔給外面的單位
因為BASE沒辦法一次全部匯出
所以要自己寫sql了
select event.cid,signature,sig_name,inet_ntoa(iphdr.ip_src),inet_ntoa(iphdr.ip_dst),timestamp from iphdr,event,signature where event.signature=signature.sig_id and event.cid=iphdr.cid into outfile '/tmp/sqloutput.txt';
http://www.andrew.cmu.edu/user/rdanyliw/snort/acid_db_er_v102.html
http://sgros.blogspot.tw/2012/07/querying-snort-sql-database.html
http://note.tc.edu.tw/670.html
要把snort裡的資料匯出成文字檔給外面的單位
因為BASE沒辦法一次全部匯出
所以要自己寫sql了
select event.cid,signature,sig_name,inet_ntoa(iphdr.ip_src),inet_ntoa(iphdr.ip_dst),timestamp from iphdr,event,signature where event.signature=signature.sig_id and event.cid=iphdr.cid into outfile '/tmp/sqloutput.txt';
http://www.andrew.cmu.edu/user/rdanyliw/snort/acid_db_er_v102.html
http://sgros.blogspot.tw/2012/07/querying-snort-sql-database.html
http://note.tc.edu.tw/670.html
訂閱:
文章 (Atom)