There is a simplified configuration version of SingleCLOUD V100R002C00SPC200 at a certain site. The user’s core switch was receiving the SNMP Request message send from the ESC continually, which influenced the customer’s core switch’s performance.
1. The customer ask us to close the SNMP service on the ESC, but once we did so, the OMS will can’t monitor the system running status of the CRM, CNA and so on, therefore, this resolution isn’t feasible;
2. We can settle the problem by setting ACL and traffic-filter on the access switch S5352. The configuration command is as followed:
acl number 3005-----------------configure the ACL;
description TO_BLOCK_OUTBOUND_SNMP_REQUESTS--------------the ACL’s description rule 11 deny udp source 10.81.41.49 0 destination 10.81.41.1 0 destination-port eq snmp----------------configure the rules to refuse the SNMP broadcast message
rule 20 permit ip--------------green light the message from the other IP
traffic-filter vlan 1001 outbound acl 3005 rule 11-------------configure the traffic-filter on the global area
traffic-filter vlan 1001 outbound acl 3005 rule 20-------------configure the traffic-filter on the global area
Remarks：10.81.41.49 is the ESC’s IP, and 10.81.41.1 is the gateway of the management plane, vlan 1001 is the vlan where the management plane is in.
The ESC acquires the running status of the CRM, CNA servers via sending the SNMP Request message, and actualizes monitoring the servers. The SNMP Request message is broadcasting to the whole broadcast area, because the VDI system connects with the user’s network at the second layer, the gateway has configured at the user’s switch, so the user’s core switch will receive the SNMP Request message continually.
In the condition that the VDI system connecting the user’s network at the second layer, we can settle the SNMP flooding problem by setting ACL and traffic-filter on the access switch.