跳到主要內容

HP A5120 Switch 基本設定

沒用過HP的Switch,指令跟Cisco完全不同,花了一些時間熟悉~


1.啟動Spanning-Tree,預設沒有開啟 (黑色粗體是我敲的指令)

<HP>system-view
System View: return to User View with Ctrl+Z.
[HP]stp enable
[HP]
%Apr 26 12:03:59:826 2000 HP MSTP/6/MSTP_ENABLE: STP is now enabled on the device.
%Apr 26 12:03:59:918 2000 HP MSTP/6/MSTP_FORWARDING: Instance 0's GigabitEthernet1/0/17 has been set to forwarding state.
%Apr 26 12:04:00:068 2000 HP MSTP/6/MSTP_DETECTED_TC: Instance 0's GigabitEthernet1/0/17 detected a topology change.
#Apr 26 12:04:00:208 2000 HP MSTP/1/PFWD: hwPortMstiStateForwarding: Instance 0's Port 0.9437200 has been set to forwarding state!


2.DHCP Snooping (黑色粗體是我敲的指令)
假設我的DHCP Server接在24 Port,其他Port不允許有DHCP Server

<HP>system-view
System View: return to User View with Ctrl+Z.

[HP]dhcp-snooping
 DHCP Snooping is enabled.
[HP]interface GigabitEthernet 1/0/24
[HP-GigabitEthernet1/0/24]dhcp-snooping trust
若是沒有Port 設成dhcp-snooping trust,那麼這台Switch就沒有Client可以從DHCP Server拿到IP

DHCP Snooping 詳細說明可以看這裡

3.查看各介面的狀態

[HP]display interface brief
The brief information of interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface            Link Protocol Main IP         Description
NULL0                UP   UP(s)    --

The brief information of interface(s) under bridge mode:
Link: ADM - administratively down; Stby - standby
Speed or Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface            Link Speed   Duplex Type PVID Description
GE1/0/1              DOWN auto    A      A    1
GE1/0/2              DOWN auto    A      A    1
GE1/0/3              DOWN auto    A      A    1
GE1/0/4              DOWN auto    A      A    1
GE1/0/5              DOWN auto    A      A    1
GE1/0/6              DOWN auto    A      A    1
GE1/0/7              DOWN auto    A      A    1
GE1/0/8              DOWN auto    A      A    1
GE1/0/9              DOWN auto    A      A    1
GE1/0/10             DOWN auto    A      A    1
GE1/0/11             DOWN auto    A      A    1
GE1/0/12             DOWN auto    A      A    1
GE1/0/13             UP   100M(a) F(a)   A    1
GE1/0/14             DOWN auto    A      A    1
GE1/0/15             DOWN auto    A      A    1
GE1/0/16             DOWN auto    A      A    1
GE1/0/17             DOWN auto    A      A    1
GE1/0/18             DOWN auto    A      A    1
GE1/0/19             DOWN auto    A      A    1
GE1/0/20             DOWN auto    A      A    1
GE1/0/21             DOWN auto    A      A    1
GE1/0/22             DOWN auto    A      A    1
GE1/0/23             DOWN auto    A      A    1
GE1/0/24             UP   1G(a)   F(a)   A    1
GE1/0/25             DOWN auto    A      A    1
GE1/0/26             DOWN auto    A      A    1
GE1/0/27             DOWN auto    A      A    1
GE1/0/28             DOWN auto    A      A    1




DHCP starvation attack


淡江下載Kali Linux





留言

這個網誌中的熱門文章

使用Cisco L3 Switch做VLAN的Routing

目標: 讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing,並且可以互相存取資源與上網,另外再使用Windows Server 2012配發VLAN100,VLAN200的IP Firewall: 使用ASUS AP當Firewall,並設兩條Static Route Switch: Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200,VLAN10為預設的VLAN,VLAN100為Sales,VLAN200為RD Edge Switch為Cisco 3750與2950,其中2950為VLAN100,3750為VLAN200,如果要By Port切VLAN也可以,這裡只是為了方便說明,所以Edge Switch都直接設為單一VLAN Core Switch的設定 原本我只想Show Running-config其中比較重要的設定,後來想想還是全部列出,用紅色標記重要的設定 Gi 1/0/1接2950 Gi 1/0/2接3750 Gi 1/0/24接Router Core-3750#show running-config Building configuration... Current configuration : 2436 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Core-3750 ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model switch 1 provision ws-c3750g-24t system mtu routing 1546 ip routing no ip domain-lookup ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree portfas...

Cisco Switch 發生Loopback

User告知網路無法使用,看了Switch的狀況後,發現那個Port的狀態是Error Disable,接著又看了Switch的log Feb  8 12:14:14 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:15:49 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:18:00 TW: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on FastEthernet0/10. Feb  8 12:18:00 TW: %PM-4-ERR_DISABLE: loopback error detected on Fa0/10, putting Fa0/10 in err-disable state Feb  8 12:18:01 TW: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down Feb  8 12:18:02 TW: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down 應該是User私接設備,除了造成Loopback之外,又在隨便發放IP....... 不過因為那個User比較特殊,先教育了一下之後,再把那個Port shutdown , no shutdown,接著把Recovery設了上去,下次如果再遇到相同狀況,10分鐘後會自動恢復 xxx...

2台 Vigor 2920建立 LAN To LAN VPN (IPsec)

我有兩台Vigor 2920,環境如下: Vigor B 撥出 LAN:192.168.1.0/24 Vigor A 撥入 LAN:172.16.1.0/24 設定如下: Vigor B設定 Vigor A設定 詳細設定請參考官網 http://www.draytek.com/index.php?option=com_k2&view=item&id=2666&Itemid=264&lang=tw