内容摘要:对于当前的网络主管们,最关心的莫过于:当出现网络故障时,如何进行快速的定位?本文以解决冲击波病毒为例,从设备故障、网络流量、协议分析等多种途径分析网络故障来源之所在,最后总结出解决网络故障的一般思路和方法。
针对上述分析,在Flex5010上做常见病毒acl访问控制,关闭病毒端口。
启用acl
Harbour(config)#service acl enable
针对常见病毒端口,制定相应的规则,阻止其传播。
以下是引用片段:
Harbour(config)#createaclacl1tcpDIPanyip-port113SIPanyip-portanydenyportsany
Harbour(config)#createaclacl2udpDIPanyip-port135SIPanyip-portanydenyportsany
Harbour(config)#createaclacl3tcpDIPanyip-port135SIPanyip-portanydenyportsany
Harbour(config)#createaclacl4udpDIPanyip-port137SIPanyip-portanydenyportsany
Harbour(config)#createaclacl5udpDIPanyip-port138SIPanyip-portanydenyportsany
Harbour(config)#createaclacl6tcpDIPanyip-port139SIPanyip-portanydenyportsany
Harbour(config)#createaclacl7udpDIPanyip-port139SIPanyip-portanydenyportsany
Harbour(config)#createaclacl8udpDIPanyip-port445SIPanyip-portanydenyportsany
Harbour(config)#createaclacl9tcpDIPanyip-port445SIPanyip-portanydenyportsany
Harbour(config)#createaclacl10tcpDIPanyip-port593SIPanyip-portanydenyportsany
Harbour(config)#createaclacl11udpDIPanyip-port593SIPanyip-portanydenyportsany
Harbour(config)#createaclacl12tcpDIPanyip-port1022SIPanyip-portanydenyportsany
Harbour(config)#createaclacl13tcpDIPanyip-port1023SIPanyip-portanydenyportsany
Harbour(config)#createaclacl14tcpDIPanyip-port1025SIPanyip-portanydenyportsany
Harbour(config)#createaclacl15tcpDIPanyip-port1029SIPanyip-portanydenyportsany
Harbour(config)#createaclacl16tcpDIPanyip-port1034SIPanyip-port80denyportsany
Harbour(config)#createaclacl17tcpDIPanyip-port1068SIPanyip-portanydenyportsany
Harbour(config)#createaclacl18udpDIPanyip-port1434SIPanyip-portanydenyportsany
Harbour(config)#createaclacl19tcpDIPanyip-port1871SIPanyip-portanydenyportsany
Harbour(config)#createaclacl20tcpDIPanyip-port2745SIPanyip-portanydenyportsany
Harbour(config)#createaclacl21tcpDIPanyip-port3067SIPanyip-portanydenyportsany
Harbour(config)#createaclacl22tcpDIPanyip-port3127SIPanyip-portanydenyportsany
Harbour(config)#createaclacl23tcpDIPanyip-port3208SIPanyip-portanydenyportsany
Harbour(config)#createaclacl24tcpDIPanyip-port4331SIPanyip-portanydenyportsany
Harbour(config)#createaclacl25tcpDIPanyip-port4334SIPanyip-portanydenyportsany
Harbour(config)#createaclacl26tcpDIPanyip-port4444SIPanyip-portanydenyportsany
Harbour(config)#createaclacl27tcpDIPanyip-portanySIPanyip-port4444denyportsany
Harbour(config)#createaclacl28tcpDIPanyip-port4510SIPanyip-portanydenyportsany
Harbour(config)#createaclacl29tcpDIPanyip-port4557SIPanyip-portanydenyportsany
Harbour(config)#createaclacl30tcpDIPanyip-port5554SIPanyip-portanydenyportsany
Harbour(config)#createaclacl31tcpDIPanyip-port5800SIPanyip-portanydenyportsany
Harbour(config)#createaclacl32tcpDIPanyip-port5900SIPanyip-portanydenyportsany
Harbour(config)#createaclacl33tcpDIPanyip-port6129SIPanyip-portanydenyportsany
Harbour(config)#createaclacl34tcpDIPanyip-port6667SIPanyip-portanydenyportsany
Harbour(config)#createaclacl35tcpDIPanyip-port9995SIPanyip-portanydenyportsany
Harbour(config)#createaclacl36tcpDIPanyip-port9996SIPanyip-portanydenyportsany
Harbour(config)#createaclacl37tcpDIPanyip-port10080SIPanyip-portanydenyportsany
Harbour(config)#createaclacl38tcpDIPanyip-port20168SIPanyip-portanydenyportsany
做上述操作之后,网络正常,flex5010再也不会时通时断了。在下班时刻(此时几乎没有什么用户在上网)查看设备端口:
来源:anheng 作者:何黎明 李果 黄振 责编:豆豆技术应用