How to determine whether the memory usage of an S series switch is high

2

For S series switches (except the S1700), the memory usage of a switch is within the normal range when the following conditions are met:
- The memory usage does not exceed 80%.
- The memory usage does not keep increasing or fluctuate.
- No high memory usage alarm is generated.

Other related questions:
How to determine whether CPU usages of the system and processes are high for S series switches
For S series switches (except the S1700), the system CPU usage is within a normal range when the following conditions are met: - The CPU usage does not exceed 80% when the system runs for a long period. - The CPU usage does not exceed 95% in a short period and does not keep increasing. - No high CPU usage alarm is generated. In the following situations, the system may generate an alarm when CPU usage becomes high instantly and then clear this alarm rapidly: Cards just start. Information about all optical modules is queried at a time. Traffic volume increases instantly. This situation is a normal situation and does not affect the device operation. CPU usage of a CPU task process may become low or high, depending on the service volume and processing time. CPU usage is within a normal range as long as the system CPU usage does not exceed 80% and no high CPU usage alarm is generated. For possible causes and common troubleshooting procedures for high CPU usage, see the following: - For the S12700, see "High CPU Usage > Common Information" in S12700 Troubleshooting - Preliminary. - For the S7700 and S9700, see "High CPU Usage > Common Information" in S7700&S9700 Troubleshooting - Preliminary. - For the S1720, S2700, S3700, S5700, and S6700, see "High CPU Usage > Common Information" in S1720&S2700&S3700&S5700&S6700 Troubleshooting - Preliminary. - For the S9300, see "High CPU Usage > Common Information" in S9300 Troubleshooting - Preliminary. - For the S600-E, see "High CPU Usage > Common Information" in S600-E Troubleshooting - Preliminary.

View CPU usage and memory usage on s series switch
For S series switches except S1700 switches, you can run commands to display CPU and memory usage. - display cpu-usage [ slave | slot slot-id ]: displays CPU usage statistics. - display cpu-usage configuration [ slave | slot slot-id ]: displays CPU usage configuration. - display memory-usage [ slave | slot slot-id ]: displays memory usage statistics. - display memory-usage threshold [ slot slot-id ]: displays the alarm threshold for memory usage. For S series switches and E series switches except S1700 switches, you can check CPU and memory usage through the related MIB OIDs. - hwEntityCpuUsage 1.3.6.1.4.1.2011.5.25.31.1.1.1.1.5: provides CPU usage. - hwEntityCpuUsageThreshold 1.3.6.1.4.1.2011.5.25.31.1.1.1.1.6: provides the alarm threshold for CPU usage. - hwEntityMemUsage 1.3.6.1.4.1.2011.5.25.31.1.1.1.1.7: provides memory usage. - hwEntityMemUsageThreshold 1.3.6.1.4.1.2011.5.25.31.1.1.1.1.8: provides the alarm threshold for memory usage.

How to determine whether an S series switch suffers an ARP attack
On an S series switch: If a network suffers an ARP attack, the following symptoms may occur: Users are frequently disconnected, network access speed is low, or services are interrupted. The switch has a high CPU usage and is out of management, the connected clients go offline, the active/standby switchover frequently occurs, and the port indicator blinks fast in red. The ping operation has a long delay, lost packets, or fails. When locating an ARP attack, determine whether the problem occurred on the link, loop, or route, and then perform the following operations:Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you can provide the record of your actions to Huawei. 1. Run the display cpu-defend statistics all command on the gateway to view the statistics about ARP request, ARP reply, and ARP Miss packets. Check whether the Drop count increases. If the Drop count is 0, no ARP packet is lost. Go to step 2. If the drop count is not 0, the rate of ARP request packets exceeds the CPCAR settings and excess ARP requests are discarded. If many ARP Miss packets are discarded, the switch may suffer an ARP Miss attack. If many ARP request or reply packets are discarded, the switch may suffer an ARP request or reply attack. 2. Run the display arp all command on the gateway to view ARP entries of users. If the ARP entries exist, check the entries again to determine whether the ARP entry of any user or gateway is modified. If the user ARP entries on the gateway are modified, the switch is suffering an ARP gateway spoofing attack. If the gateway ARP entry on clients is modified, the switch is suffering an ARP bogus gateway attack. If ARP entries of other users on a client are modified, perform the following operations: Capture packets on the user-side interface, and find the attacker according to the source addresses of ARP packets. Find out the attacker and scan virus or uninstall the attack tool. Alternatively, you can configure attack defense on the access switch. If there is no user ARP entry, perform the following operations: Run the debugging arp packet interface command in the user view to enable ARP packet debugging. Check whether the switch has sent ARP request packets and received ARP reply packets. 3. Collect the following information and contact Huawei technical support personnel. Results of the preceding troubleshooting procedure Configuration file, logs, and alarms of the switch

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top