1. Check the information of APs by the command ”display ap all”. And then found the state the of APs is normal.
<AC6605>display ap all
All AP information:
Normal[20],Fault[3],Commit-failed[0],Committing[0],Config[0],Download[0]
Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]
------------------------------------------------------------------------------
AP AP AP Profile AP AP
/Region
ID Type MAC ID State Sysname
------------------------------------------------------------------------------
0 AP5030DN 643e-8c4a-1f40 0/0 normal ap-0
1 AP5030DN 643e-8c4a-1f00 0/0 normal ap-1
2 AP5030DN 643e-8c4a-1e80 0/0 normal ap-2
3 AP5030DN 643e-8c4a-2000 0/0 normal ap-3
4 AP5030DN 643e-8c4a-1ea0 0/0 normal ap-4
5 AP5030DN 643e-8c4a-1e40 0/0 normal ap-5
6 AP5030DN 643e-8c4a-2040 0/0 normal ap-6
7 AP5030DN 643e-8c4a-1e20 0/0 normal ap-7
8 AP5030DN 643e-8c4a-1f20 0/0 normal ap-8
9 AP5030DN 643e-8c4a-1f60 0/0 normal ap-9
10 AP5030DN 643e-8c4a-1fa0 0/0 normal ap-10
11 AP5030DN 9c37-f491-6bc0 0/0 normal ap-11
12 AP5030DN 9c37-f491-6ae0 0/0 normal ap-12
13 AP5030DN 9c37-f491-6ac0 0/0 normal ap-13
14 AP5030DN 9c37-f491-6b40 0/0 normal ap-14
15 AP5030DN 9c37-f491-6b80 0/0 normal ap-15
16 AP5030DN 9c37-f491-6aa0 0/0 normal ap-16
17 AP5030DN 9c37-f491-6b20 0/0 normal ap-17
18 AP5030DN 9c37-f491-6b00 0/0 normal ap-18
19 AP5130DN 643e-8c40-60e0 0/0 normal ap-19
20 AP5130DN 643e-8c40-61a0 0/0 normal ap-20
21 AP5130DN 643e-8c40-6020 0/0 normal ap-21
22 AP5130DN 643e-8c40-6400 0/0 normal ap-22
------------------------------------------------------------------------------
Total number: 23,printed: 23
2. Ping test from AC to APs. Packet lost percentage reach to 30%~40%.
3. Ping test from the AC to PCs. Packet lost percentage reach to 30%~40%.
4. Check the TC information for core SW.
==================================================================
===============display stp tc-bpdu statistics===============
==================================================================
-------------------------- STP TC/TCN information --------------------------
MSTID Port TC(Send/Receive) TCN(Send/Receive)
0 GigabitEthernet0/0/1 682/51802 0/0
0 GigabitEthernet0/0/18 11/0 0/0
0 GigabitEthernet0/0/32 6/0 0/0
0 GigabitEthernet0/0/46 10/0 0/0
0 XGigabitEthernet0/0/1 98747/366 0/0
0 XGigabitEthernet0/0/2 101125/6 0/0
0 XGigabitEthernet0/0/3 78481/11 0/0
0 XGigabitEthernet0/0/4 80836/28 0/0
0 XGigabitEthernet0/0/5 83175/17 0/0
0 XGigabitEthernet0/0/6 86282/2 0/0
Found the TC(Send/Receive) increase by the command “display stp tc-bpdu statistics”. There must be ports up/down frequently.
5. Configure the bpdu-protection and stp edged-port just as the steps below:
For the core SW and access SW
#
stp bpdu-protection
#
Set ports that connected with terminal (e.g: PC, Server & AP) as edged port or stp disable
#
interface GigabitEthernet X/X/X
stp edged-port enable
#
6. Check the trapbuffer of core SW. The details just as below:
Nov 17 2015 22:59:15-05:13 CORE %%01SECE/3/ARPS_DROP_PACKET_LENTH(l)[16]:Invalid packet length.(PacketLength=1680, SourceMAC=f827-93e6-6de1, SourceIP=10.0.216.70, SourceInterface=XGigabitEthernet0/0/2, DropTime=2015/11/17 22:59:15)
Check the user(10.0.216.70), whether it is invalid user.
7. Check the network and found one PC(10.0.216.70) send a lot of invalid broadcast packets. Configure the broadcast-suppression and cpu-defend just as below:
a. Input the command “broadcast-suppression packets 5” at the ports that connect with PC which send the invalid packets.
#
broadcast-suppression packets 5
#
b. Input the command for core SW
#
cpu-defend policy io-board
car packet-type ttl-expired cir 8
car packet-type tcp cir 16
car packet-type fib-hit cir 16
auto-defend enable
auto-defend attack-packet sample 5
auto-defend threshold 30
undo auto-defend trace-type source-portvlan
undo auto-defend protocol tcp igmp telnet ttl-expired
auto-defend action deny
auto-defend whitelist 1 interface GigabitEthernet x/x/x ----that connect with AC
#
cpu-defend-policy io-board global
#
8. Check the TC information for core SW.
==================================================================
===============display stp tc-bpdu statistics===============
==================================================================
-------------------------- STP TC/TCN information --------------------------
MSTID Port TC(Send/Receive) TCN(Send/Receive)
0 GigabitEthernet0/0/1 852/58792 0/0
Found the TC(Send/Receive) increase and the port GE0/0/1 Received a lot of TC.
Check the equipment that connect with GE0/0/1.
9. After troubleshooting, it's found that all the ports of one SW ports UP/Down frequently. Check the log of the SW found “Equipment is striked by thunderbolt!”
After troubleshooting, it's found this SW was struck by lightning and the ports UP/Down frequently. The SW sent lots of TC packets, which impacted the network performance. After replaced the fault Switch, the problem for wire users had been resolved.
10. Ping test from AC to APs. There is no packets been lost.
Ping test from the AC to PCs. There is no packets been lost.
Handling Process
