寫寫筆記

我有兩台Vigor 2920,環境如下: Vigor B 撥出 LAN:192.168.1.0/24 Vigor A 撥入 LAN:172.16.1.0/24 設定如下: Vigor B設定 Vigor A設定 詳細設定請參考官網 http://www.draytek.com/index.php?option=com_k2&view=item&id=2666&Itemid=264&lang=tw

在MS-DOS視窗下輸入: dism /online /enable-feature /featurename:SNMP Hyper-V 2012 R2 Hyper-V 2012也是一樣的語法 參考來源 http://petersitblog.blogspot.tw/2012/12/hyper-v-server-2012-enable-snmp.html

Cisco 2950 Switch在Show Logging時，前方是帶設備的開機時間 3w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down 3w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up 3w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up 如果要帶事件發生的時間，可以輸入下面的指令 service timestamps log datetime show-timezone localtime Sep 17 02:53:54: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.249) Sep 17 03:02:12: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) Sep 17 03:04:40: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) Sep 17 11:07:07 TW: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) 參考資料

root@EX2200-113> show ethernet-switching table Ethernet-switching table: 147 entries, 143 learned, 0 persistent entries   VLAN              MAC address       Type         Age Interfaces   default           64:64:9b:34:TT:TT Static         - Router   vlan1             *                 Flood          - All-members   vlan1             ac:a0:16:91TT:TT Learn          0 ge-0/0/47.0   vlan10            *                 Flood          - All-members   vlan10            00:00:1c:d1:TT:TT Learn          0 ge-0/0/47.0   <---以下略過---> root@EX2200-113> show ethernet-switching table interface ge-0/0/38 Ethernet-switching table: 1 unicast entries   VLAN              MAC address       Type         Age Interfaces   vlan10            *                 Flood          - All-members   vlan10            30:85:a9:a8:TT:TT Learn          0 ge-0/0/38.0 參考資料

Wiershark在抓封包的時候,一直抓到0x8899的Protocol，查了一下發現這個是Realtek用來偵測Loop的協定 因為我上層已經有開啟STP，所以我就下參數把該Mac-Address給Drop掉 2F-Switch(config)# mac address-table static 2828.5db3.cb39 vlan 1 drop 指令參考來源 註: 如果要新增某Mac-address也可以下這個指令 Switch(config)# mac-address-table static 1111.1111.1111 vlan 1 interface fastEthernet 0/1 Switch#show mac-address-table           Mac Address Table ------------------------------------------- Vlan    Mac Address       Type        Ports ----    -----------       --------    -----    1    1111.1111.1111    STATIC      Fa0/1

公司新買的Juniper EX2200一直出現Alerm的告警，進到Web畫面後出現是Management Ethernet Down，查了一下解決方式 root@EX2200-2> show chassis alarms 1 alarms currently active Alarm time               Class  Description 2014-03-13 09:44:37 UTC  Major  Management Ethernet Link Down {master:0} root@EX2200-2> configure Entering configuration mode {master:0}[edit] root@EX2200-2# set chassis alarm management-ethernet link-down ignore {master:0}[edit] root@EX2200-2# commit configuration check succeeds commit complete {master:0}[edit] root@EX2200-2# exit Exiting configuration mode {master:0} root@EX2200-2> show chassis alarms No alarms currently active 參考資料

Brocade ICX6430 Switch 啟用 DHCP Snooping 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server ICX6430-24 Switch> enable No password has been assigned yet... ICX6430-24 Switch# configure terminal ICX6430-24 Switch(config)# ip dhcp snooping vlan 1 ICX6430-24 Switch(config)# interface ethernet 1/1/24 ICX6430-24 Switch(config-if-e1000-1/1/24)# dhcp snooping trust 預設Spanning Tree是開啟的,我把Port 9與Port 11接成Loop ICX6430-24 Switch# show span STP instance owned by VLAN 1 Global STP (IEEE 802.1D) Parameters:      Root             Root Root   Prio Max He- Ho- Fwd Last    Chg Bridge       ID              Cost Port   rity Age llo ld  dly Chang   cnt Address                                   Hex  sec sec sec sec sec      8000cc4e2434dda0 0    Root   8000 20  2   1   15  6       2   cc4e2434dda0 Port STP Parameters: Port   Prio Path  State       Fwd    Design  Designated       Designated Num    rity Cost              Trans  Cost    Root             Bridge        Hex 1/1/1  80

兩個Cisco 2950 Switch , 第一台與第二台的Port 1 與 Port 2 對連，設定EtherChannel 第一台Switch up# configure terminal Enter configuration commands, one per line.  End with CNTL/Z. up(config)# interface range fastEthernet 0/1 - 2 up(config-if-range)# no ip address up(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 第二台Switch down# configure terminal Enter configuration commands, one per line.  End with CNTL/Z. down(config)# interface range fastEthernet 0/1 - 2 down(config-if-range)# no ip address down(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 down(config-if-range)# 00:34:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down 00:34:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down 00:34:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up 00:34:33: %LINE

啟動DHCP Snooping 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server C3750(config)# ip dhcp snooping C3750(config)# ip dhcp snooping vlan 1 C3750(config)# interface gigabitEthernet 2/0/24 C3750(config-if)# ip dhcp snooping trust C3750(config-if)# do show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 DHCP snooping is operational on following VLANs: 1 DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is enabled    circuit-id default format: vlan-mod-port    remote-id: 0016.9d99.3e80 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces: Interface                  Trusted    Allow option    Rate limit (pps) -----------------------    -------    ------------    ---------------- GigabitEthernet2/0/24      yes        yes             unlimited   C

沒用過HP的Switch，指令跟Cisco完全不同，花了一些時間熟悉~ 1.啟動Spanning-Tree，預設沒有開啟 (黑色粗體是我敲的指令) <HP> system-view System View: return to User View with Ctrl+Z. [HP] stp enable [HP] %Apr 26 12:03:59:826 2000 HP MSTP/6/MSTP_ENABLE: STP is now enabled on the device. %Apr 26 12:03:59:918 2000 HP MSTP/6/MSTP_FORWARDING: Instance 0's GigabitEthernet1/0/17 has been set to forwarding state. %Apr 26 12:04:00:068 2000 HP MSTP/6/MSTP_DETECTED_TC: Instance 0's GigabitEthernet1/0/17 detected a topology change. #Apr 26 12:04:00:208 2000 HP MSTP/1/PFWD: hwPortMstiStateForwarding: Instance 0's Port 0.9437200 has been set to forwarding state! 2.DHCP Snooping   (黑色粗體是我敲的指令) 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server <HP> system-view System View: return to User View with Ctrl+Z. [HP] dhcp-snooping  DHCP Snooping is enabled. [HP] interface GigabitEthernet 1/0/24 [HP-GigabitEthernet1/0/24 ]dhcp-snooping trust 若是沒有Port 設成dhcp-snooping trust,那麼這台Switch就沒有Client可以從DHCP Serv