寫寫筆記

我有兩台Vigor 2920,環境如下: Vigor B 撥出 LAN:192.168.1.0/24 Vigor A 撥入 LAN:172.16.1.0/24 設定如下: Vigor B設定 Vigor A設定 詳細設定請參考官網 http://www.draytek.com/index.php?option=com_k2&view=item&id=2666&Itemid=264&lang=tw

在MS-DOS視窗下輸入: dism /online /enable-feature /featurename:SNMP Hyper-V 2012 R2 Hyper-V 2012也是一樣的語法 參考來源 http://petersitblog.blogspot.tw/2012/12/hyper-v-server-2012-enable-snmp.html

Cisco 2950 Switch在Show Logging時，前方是帶設備的開機時間 3w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to down 3w4d: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up 3w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up 如果要帶事件發生的時間，可以輸入下面的指令 service timestamps log datetime show-timezone localtime Sep 17 02:53:54: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.249) Sep 17 03:02:12: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) Sep 17 03:04:40: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) Sep 17 11:07:07 TW: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.150) 參考資料

root@EX2200-113> show ethernet-switching table Ethernet-switching table: 147 entries, 143 learned, 0 persistent entries   VLAN              MAC address       Type         Age Interfaces   default           64:64:9b:34:TT:TT Static         - Router   vlan1             *                 Flood          - All-members   vlan1             ac:a0:16:91TT:TT Learn          0 ge-0/0/47.0   vlan10            *                 Flood          - All-members   vlan10            00:00:1c:d1:TT:TT Learn          0 ge-0/0/47.0   <---以下略過---> ...

Wiershark在抓封包的時候,一直抓到0x8899的Protocol，查了一下發現這個是Realtek用來偵測Loop的協定 因為我上層已經有開啟STP，所以我就下參數把該Mac-Address給Drop掉 2F-Switch(config)# mac address-table static 2828.5db3.cb39 vlan 1 drop 指令參考來源 註: 如果要新增某Mac-address也可以下這個指令 Switch(config)# mac-address-table static 1111.1111.1111 vlan 1 interface fastEthernet 0/1 Switch#show mac-address-table           Mac Address Table ------------------------------------------- Vlan    Mac Address       Type        Ports ----    -----------       --------    -----    1    1111.1111.1111    STATIC      Fa0/1

公司新買的Juniper EX2200一直出現Alerm的告警，進到Web畫面後出現是Management Ethernet Down，查了一下解決方式 root@EX2200-2> show chassis alarms 1 alarms currently active Alarm time               Class  Description 2014-03-13 09:44:37 UTC  Major  Management Ethernet Link Down {master:0} root@EX2200-2> configure Entering configuration mode {master:0}[edit] root@EX2200-2# set chassis alarm management-ethernet link-down ignore {master:0}[edit] root@EX2200-2# commit configuration check succeeds commit complete {master:0}[edit] root@EX2200-2# exit Exiting configuration mode {master:0} root@EX2200-2> show chassis alarms No alarms currently active 參考資料

Brocade ICX6430 Switch 啟用 DHCP Snooping 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server ICX6430-24 Switch> enable No password has been assigned yet... ICX6430-24 Switch# configure terminal ICX6430-24 Switch(config)# ip dhcp snooping vlan 1 ICX6430-24 Switch(config)# interface ethernet 1/1/24 ICX6430-24 Switch(config-if-e1000-1/1/24)# dhcp snooping trust 預設Spanning Tree是開啟的,我把Port 9與Port 11接成Loop ICX6430-24 Switch# show span STP instance owned by VLAN 1 Global STP (IEEE 802.1D) Parameters:      Root             Root Root   Prio Max He- Ho- Fwd Last    Chg Bridge       ID              Cost Port   rity Age llo ld  dly Chang   cnt Address                                   Hex  sec sec sec sec sec      8000cc4e2434dda0 0    Root ...

兩個Cisco 2950 Switch , 第一台與第二台的Port 1 與 Port 2 對連，設定EtherChannel 第一台Switch up# configure terminal Enter configuration commands, one per line.  End with CNTL/Z. up(config)# interface range fastEthernet 0/1 - 2 up(config-if-range)# no ip address up(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 第二台Switch down# configure terminal Enter configuration commands, one per line.  End with CNTL/Z. down(config)# interface range fastEthernet 0/1 - 2 down(config-if-range)# no ip address down(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 down(config-if-range)# 00:34:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down 00:34:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down 00:34:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up 00:34:...

啟動DHCP Snooping 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server C3750(config)# ip dhcp snooping C3750(config)# ip dhcp snooping vlan 1 C3750(config)# interface gigabitEthernet 2/0/24 C3750(config-if)# ip dhcp snooping trust C3750(config-if)# do show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 DHCP snooping is operational on following VLANs: 1 DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is enabled    circuit-id default format: vlan-mod-port    remote-id: 0016.9d99.3e80 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces: Interface                  Trusted    Allow option    Rate limit (pps) -----------------------    -------   ...

沒用過HP的Switch，指令跟Cisco完全不同，花了一些時間熟悉~ 1.啟動Spanning-Tree，預設沒有開啟 (黑色粗體是我敲的指令) <HP> system-view System View: return to User View with Ctrl+Z. [HP] stp enable [HP] %Apr 26 12:03:59:826 2000 HP MSTP/6/MSTP_ENABLE: STP is now enabled on the device. %Apr 26 12:03:59:918 2000 HP MSTP/6/MSTP_FORWARDING: Instance 0's GigabitEthernet1/0/17 has been set to forwarding state. %Apr 26 12:04:00:068 2000 HP MSTP/6/MSTP_DETECTED_TC: Instance 0's GigabitEthernet1/0/17 detected a topology change. #Apr 26 12:04:00:208 2000 HP MSTP/1/PFWD: hwPortMstiStateForwarding: Instance 0's Port 0.9437200 has been set to forwarding state! 2.DHCP Snooping   (黑色粗體是我敲的指令) 假設我的DHCP Server接在24 Port，其他Port不允許有DHCP Server <HP> system-view System View: return to User View with Ctrl+Z. [HP] dhcp-snooping  DHCP Snooping is enabled. [HP] interface GigabitEthernet 1/0/24 [HP-GigabitEthernet1/0/24 ]dhcp-snooping trust 若是沒有Port 設成dhcp-snooping trust,那麼這台Switch就沒有Client可以從DHCP Serv...

先做一下記錄~ http://sysadmin.blog.51cto.com/83876/304152 http://blogat.centilin.com/everything_it/network/routing-and-switching/svi-vs-routed-ports/ http://packetlife.net/blog/2011/jan/24/convergence-delays-svi-vs-routed-interface/

CDP 1.CDP會有安全性的疑慮,建議非必要還是關掉! 2.Data Link Layer, Multicast S2950# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge                   S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID Switch           Fas 0/8            145          S I      WS-C3750G- Gig 1/0/9 S2950# show cdp entry Switch ------------------------- Device ID: Switch Entry address(es):   IP address: 192.168.1.150 Platform: cisco WS-C3750G-24T,  Capabilities: Switch IGMP Interface: FastEthernet0/8,  Port ID (outgoing port): GigabitEthernet1/0/9 Holdtime : 131 sec Version : Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE9, RELEASE SO     ...

手上的Cisco 2950 Switch設了密碼，猜了半天也進不去，重開後按Ctrl+Break也無反應，還在懷疑是不是線壞掉的時候，Google了一下.....原來Switch密碼還原和Router完全不同 1. 按住Switch上的Mode鍵，並將Switch開機 2.此時Switch會出現以下訊息，紅字為輸入的文字 C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22-Jul-02 18:57 by antonino WS-C2950-24 starting... Base ethernet MAC Address: 00:0a:8a:c0:52:80 Xmodem file system is available. The system has been interrupted prior to initializing the flash filesystem.  The following commands will initialize the flash filesystem, and finish loading the operating system software:     flash_init     load_helper     boot switch: flash_init Initializing Flash... flashfs[0]: 326 files, 5 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 5598208 flashfs[0]: Bytes available: 2143232 flashfs[0]: flashfs fsck took 8 seconds. ...done initializing...

剛裝好ESXi 5.1發現時間一直不對,後來找到這篇可以變更時間 http://communities.vmware.com/message/1989143 雖然我是用PC在測Vmware ESXi,不過效能怎麼會那麼差,點有想不透.... 只有跑Win2008與Win2003而已.....

環境如下: Tacacs的相關設定: 1. 請先確定Router可以Ping到Tacacs Server 2. 2811設定如下 RA(config)#aaa new-model RA(config)#aaa authentication enable default group tacacs+ local (若Tacacs Server連絡不到,則會改由Local Database做驗證) RA(config)#tacacs-server host 10.1.1.2 key cisco RA(config)#username ccna1 password cisco1 3. 再次登入後,則會詢問相關帳號,密碼 RA> RA>enable Username: Password: RA# 4. Telnet 改用Tacacs Server做驗證 RA(config)#aaa authentication login tt group tacacs+ local RA(config)#line vty 0 4 RA(config-line)#password ccaa RA(config-line)#login authentication tt

剛裝好的Windows Server 2008，在命令提示字元中，中文會顯示問號 進到控制台／地區及語言／系統管理，點選變更系統地區設定，把非Unicode程式的語言改為中文(繁體，台灣)，中文就會顯示正常！

IE 8大約16MB http://windows.microsoft.com/zh-TW/internet-explorer/downloads/ie IE 7大約14MB http://www.microsoft.com/zh-tw/download/details.aspx?id=2

原來Windows 8 上面有專用的管理工具，我目前正在安裝中，準備使用相關的功能! http://www.microsoft.com/zh-tw/download/details.aspx?id=28972

同事告知Windows AD的帳號被鎖住，我從Windows AD中解開被鎖住的帳號後，順便看了安全性稽核的Log，發現一堆User帳號被鎖住(如下圖) 解開被鎖住的一堆帳號後，還是陸續出現帳號被鎖住，於是我又點入該事件，看到有一個IP在搞鬼 找到搞鬼的電腦，在他的電腦輸入 Netstat -n，會發現他持續在掃網段的IP，而且Port 都是445(網路芳鄰)，我的解決方式如下： 1. Trend的iClean掃毒，結果問題仍然沒解 2. 安裝公司的Symantec Endpoint，結果有掃到病毒，掃瞄內容如下圖 在 Symantec的網站 可以看出他是利用Windows RPC的漏洞進行攻擊，而同事的電腦沒上更新，Firewall又是關閉狀態，才會中毒... 重開機後解決這個問題，再請使用者安裝SP3，再執行Windows Update......

同事詢問WinRAR的備份指令，需求如下: 1.從 C:\Program Files\tmp備份到D:\tmp 2.檔名則為日期+時間 3.把備份好的原始檔砍掉 內容如下： echo off set pp="C:\Program Files\tmp\" "C:\Program Files\WinRAR\RAR.exe" a -df -agyyyymmddhhmm d:\tmp\ %pp%  因為我習慣備份的時候還會留下Log，所以我又給了他下面的批次檔 echo off set pp="C:\Program Files\tmp\" set xx=%date:~0,4%%date:~5,2%%date:~8,2%   echo  =====%date%  %time%===== > %xx%.log "C:\Program Files\WinRAR\RAR.exe" a -agyyyymmddhhmm d:\tmp\ %pp% >> %xx%.log echo  =====%date%  %time%===== >> %xx%.log 有點時間又研究了公司備份時用的ROBOCOPY指令，所以改寫公司備份的批次檔 echo off set x=%date:~0,4%%date:~5,2%%date:~8,2% set y=%date:~11,3% set pp=\\10.0.1.250/d$\mailbackup\ robocopy  D:\lotus \\10.0.1.250\mailbackup\%y%\  /e  /xo  /purge /log:%pp%log_%y%.txt 內容為把D:\Lotus 備份到網路上的10.0.1.250主機的Mailbakcup目錄，並且以星期為週期，也就是我只會存七天內的備份，另外/Log則是要新增Log檔，這個指令好用多了....... ROBOCOPY　詳細的內容可以 參考這裡