Hatena::ブログ(Diary)

パソコンとパソコンをつなぐものですね

2015-12-20

[]

《手順1》 キャプチャしたい特定のvSwitchポートポートナンバーを調べる

[root@user:~] net-stats -l

PortNum Type SubType SwitchName MACAddress ClientName

〜中略〜

67108869 5 9 vSwitch2 00:0c:29:b3:ed:cf 01_CSR1000V(03.13.04.S)


《手順2》 手順1で調べた特定のvSwitchポートナンバーを指定してキャプチャする

※別途wiresharkキャプチャファイルを見たいときは、-oオプションを付けて出力先ファイル指定する。

例:pktcap-uw --switchport 67108869 -o /tmp/capture.cap


[root@user:~] pktcap-uw --switchport 67108869

The switch port id is 0x04000005

No server port specifed, select 60535 as the port

Output the packet info to console.

Local CID 2

Listen on port 60535

Accept...Vsock connection from port 1032 cid 2

08:53:30.888874[1] Captured at PortInput point, TSO not enabled, Checksum not offloaded and not verified, VLAN tag 24, length 76.

Segment[0] ---- 76 bytes:

0x0000: 0100 5e00 0002 000c 29b3 edcf 0800 45c0

0x0010: 003e 0000 0000 0111 0041 c0a8 1804 e000

0x0020: 0002 0286 0286 002a 2884 0001 001e 0404

0x0030: 0404 0000 0100 0014 0000 0000 0400 0004

0x0040: 000f 0000 0401 0004 0404 0404

08:53:31.224431[2] Captured at PortInput point, TSO not enabled, Checksum not offloaded and not verified, VLAN tag 14, length 76.

Segment[0] ---- 76 bytes:

0x0000: 0100 5e00 0002 000c 29b3 edcf 0800 45c0

0x0010: 003e 0000 0000 0111 0a41 c0a8 0e04 e000

0x0020: 0002 0286 0286 002a 3284 0001 001e 0404

0x0030: 0404 0000 0100 0014 0000 0000 0400 0004

0x0040: 000f 0000 0401 0004 0404 0404

08:53:31.304819[3] Captured at PortInput point, TSO not enabled, Checksum not offloaded and not verified, VLAN tag 14, length 94.

Segment[0] ---- 94 bytes:

0x0000: 0100 5e00 0005 000c 29b3 edcf 0800 45c0

0x0010: 0050 7f68 0000 0159 8a7b c0a8 0e04 e000

0x0020: 0005 0201 0030 0404 0404 0000 0000 453a

0x0030: 0000 0000 0000 0000 0000 ffff ff00 000a

0x0040: 1201 0000 0028 c0a8 0e01 c0a8 0e04 0101

0x0050: 0101 fff6 0003 0001 0004 0000 0001

08:53:32.676856[4] Captured at PortInput point, TSO not enabled, Checksum not offloaded and not verified, VLAN tag 34, length 94.

Segment[0] ---- 94 bytes:

0x0000: 0100 5e00 0005 000c 29b3 edcf 0800 45c0

0x0010: 0050 7f69 0000 0159 767a c0a8 2204 e000

0x0020: 0005 0201 0030 0404 0404 0000 0000 1934

0x0030: 0000 0000 0000 0000 0000 ffff ff00 000a

0x0040: 1201 0000 0028 c0a8 2203 c0a8 2204 0303

0x0050: 0303 fff6 0003 0001 0004 0000 0001

08:53:33.83841[5] Captured at PortInput point, TSO not enabled, Checksum not offloaded and not verified, VLAN tag 34, length 76.

Segment[0] ---- 76 bytes:

0x0000: 0100 5e00 0002 000c 29b3 edcf 0800 45c0

0x0010: 003e 0000 0000 0111 f640 c0a8 2204 e000

0x0020: 0002 0286 0286 002a 1e84 0001 001e 0404

0x0030: 0404 0000 0100 0014 0000 0000 0400 0004

0x0040: 000f 0000 0401 0004 0404 0404

2015-04-04

[]

esxcli system snmp set --communities public

esxcli system snmp set --targets 192.168.0.1@162/public

esxcli system snmp set --loglevel=warning

esxcli system snmp set --enable true

esxcli system snmp set --notraps=1.3.6.1.4.1.6876.4.90.0.401,1.3.6.1.4.1.6876.4.1.0.3,1.3.6.1.4.1.6876.4.1.0.4



※下記オブジェクトに関して、発報しないように抑止した。

vmwCimOmHeartbeat 1.3.6.1.4.1.6876.4.90.0.401

vmwVmHBLost 1.3.6.1.4.1.6876.4.1.0.3

vmwVmHBDetected 1.3.6.1.4.1.6876.4.1.0.4



~ # esxcli system snmp get

Authentication:

Communities: public

Enable: true

Engineid: xxxxxxxxxxxxxxxxxxxxxxxx

Hwsrc: indications

Largestorage: true

Loglevel: warning

Notraps: 1.3.6.1.4.1.6876.4.1.0.3, 1.3.6.1.4.1.6876.4.1.0.4, 1.3.6.1.4.1.6876.4.90.0.401

Port: 161

Privacy:

Remoteusers:

Syscontact:

Syslocation:

Targets: 192.168.0.1@162 public

Users:

V3targets:

2013-05-04

[]

※事前にVLAN1にip addressを設定、fa0/1にvlan1をアサインしておく。

※tftpサーバは3CDを使用した。

flash:の空き容量に注意

 ここをクリアしていないと転送してるように見えるが、

 実際は失敗している。

Switch#delete /force /recursive flash:

 ⇒flash:の中身を全て強制的に消去

Switch#sh flash:

Directory of flash:/

No files in directory

32514048 bytes total (32513024 bytes free)




Switch#archive tar /xtract tftp://20.20.20.2/c3560-ipservicesk9-mz.122-55.SE6.tar flash:

 ⇒tftpサーバから転送する.tar ファイルを上書きコピーして、すべてのファイル抽出

 ⇒copy tftp flashなどで、flash:にtarをuploadしてから抽出しようとすると、容量が少なくなり失敗する可能性が高い。

Loading c3560-ipservicesk9-mz.122-55.SE6.tar from 20.20.20.2 (via Vlan1): !

c3560-ipservicesk9-mz.122-55.SE6 (directory)

c3560-ipservicesk9-mz.122-55.SE6/html (directory)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/layers.js (1616 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/topbannernofpv.shtml (18990 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/stylesheet.css (22059 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/appsui.js (1749 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/frmwrkResource.htm (950 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/more.txt (62 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/preflight.js (17300 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/xsetup.js (71430 bytes)

c3560-ipservicesk9-mz.122-55.SE6/html/en (directory)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/re_framework.js (6052 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/troubleshooting_Browser.htm (3477 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/re_xsetup.js (23012 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/charset.js (333 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/re_fpv_title.js (3795 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/troubleshooting_OS.htm (2891 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/re_preflight.js (3853 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/en/troubleshooting_JavaScript.htm (8346 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/setup_report.htm (12811 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/empty.htm (313 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/reloadstatus.shtml (846 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/charset.js (333 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/helpframework.js (865 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/title.js (577 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/back.htm (515 bytes)

c3560-ipservicesk9-mz.122-55.SE6/html/help (directory)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/help.htm (900 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/xsetup_help.htm (896 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/xsetstd.htm (19342 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/xsetinit.htm (13252 bytes)!

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/xsetip.htm (6314 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/help/helptoolbar.shtml (9571 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/toolbar.js (6383 bytes)

c3560-ipservicesk9-mz.122-55.SE6/html/images (directory)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_button_left.gif (298 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/informational16.gif (1045 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/up_arrow.gif (837 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/question.gif (405 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/ip_fig1.gif (7769 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_bg_active.gif (827 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_left_inactive.gif (919 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/spacer.gif (49 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbarButtonDownLeft.gif (187 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_back.gif (908 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/warning_big.gif (296 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/top_left.gif (45 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/down_arrow.gif (837 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/top_right.gif (45 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/bottom_left.gif (45 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbarGradient3px.gif (519 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_help.gif (1077 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbarButtonDownRight.gif (188 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbarButtonDownTile.gif (157 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbarGradient.gif (262 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/swrefresh.gif (773 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/confirm.gif (515 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_bg_inactive.gif (931 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/logo.gif (1706 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_button_right.gif (295 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_forward.gif (906 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/fatal_error_big.gif (271 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_refresh.gif (1189 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_right_inactive.gif (922 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/ip_fig2.gif (7003 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_right_active.gif (862 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_button_tile.gif (160 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/toolbar_print.gif (1183 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/tab_left_active.gif (852 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/images/bottom_right.gif (45 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/bottombanner.htm (4108 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/nsback.htm (519 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/xsetup.shtml (107459 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/express-setup.htm (6825 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/sitewide.js (12467 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/framework.js (25715 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/sorttable.js (48234 bytes)!

extracting c3560-ipservicesk9-mz.122-55.SE6/html/forms.js (13756 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/html/xhome.htm (6960 bytes)

extracting c3560-ipservicesk9-mz.122-55.SE6/c3560-ipservicesk9-mz.122-55.SE6.bin (12752912 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

extracting c3560-ipservicesk9-mz.122-55.SE6/info (522 bytes)

c3560-ipservicesk9-mz.122-55.SE6 (directory)

extracting c3560-ipservicesk9-mz.122-55.SE6/info (524 bytes)

extracting info (111 bytes)

[OK - 13338624 bytes]




Switch#sh flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:16:58 +00:00 c3560-ipservicesk9-mz.122-55.SE6

83 -rwx 111 Mar 1 1993 00:16:59 +00:00 info

32514048 bytes total (19213312 bytes free)




Switch#dir flash:c3560-ipservicesk9-mz.122-55.SE6

Directory of flash:/c3560-ipservicesk9-mz.122-55.SE6/

3 drwx 1792 Mar 1 1993 00:10:26 +00:00 html

81 -rwx 12752912 Mar 1 1993 00:16:58 +00:00 c3560-ipservicesk9-mz.122-55.SE6.bin

82 -rwx 524 Mar 1 1993 00:16:59 +00:00 info

32514048 bytes total (19213312 bytes free)




Switch#verify flash:c3560-ipservicesk9-mz.122-55.SE6/c3560-ipservicesk9-mz.122-55.SE6.bin

Verified flash:c3560-ipservicesk9-mz.122-55.SE6/c3560-ipservicesk9-mz.122-55.SE6.bin





Switch(config)#boot system flash:c3560-ipservicesk9-mz.122-55.SE6/c3560-ipservicesk9-mz.122-55.SE6.bin





Switch#sh boot

BOOT path-list : flash:c3560-ipservicesk9-mz.122-55.SE6/c3560-ipservicesk9-mz.122-55.SE6.bin

Config file : flash:/config.text

Private Config file : flash:/private-config.text

Enable Break : no

Manual Boot : no

HELPER path-list :

Auto upgrade : yes

Auto upgrade path :

Switch#




Switch#wr

2013-02-27

[]

f:id:okm:20130228012233j:image


検証1:RSTPを設定して動作を確認する

    ⇒各SWにRSTPを設定する

    ⇒各SWのRSTPにおけるポート役割を確認する

    ⇒SW1_2950のfa0/2側のケーブルを抜線

    ⇒再び、各SWのRSTPにおけるポート役割を確認する

    ⇒debugを確認する


■SW1_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

spanning-tree vlan 100 priority 4096

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

end


■SW2_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

end


■SW3_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

spanning-tree vlan 100 priority 8192

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

end


検証1:RSTPを設定して動作を確認する

    ⇒各SWのRSTPにおけるポート役割を確認する

SW1_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4196 (priority 4096 sys-id-ext 100)

Address 000e.3854.be00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p


SW2_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)

Address 000d.bc1d.c100

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Altn BLK 19 128.2 P2p


SW3_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8292 (priority 8192 sys-id-ext 100)

Address 000d.2903.e680

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p


    ⇒SW1_2950のfa0/2側のケーブルを抜線

    ⇒再び、各SWのRSTPにおけるポート役割を確認する

SW1_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4196 (priority 4096 sys-id-ext 100)

Address 000e.3854.be00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p


SW2_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)

Address 000d.bc1d.c100

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p


SW3_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 38

Port 2 (FastEthernet0/2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8292 (priority 8192 sys-id-ext 100)

Address 000d.2903.e680

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/2 Root FWD 19 128.2 P2p


    ⇒debugを確認する

SW3_2950#debug spanning-tree events

Spanning Tree event debugging is on

SW3_2950#

00:15:37: RSTP(100): updt roles, root port Fa0/1 is going down

00:15:37: RSTP(100): we become the root bridge

00:15:37: RSTP(100): updt roles, superior bpdu on Fa0/2 (synced=0)

00:15:37: RSTP(100): Fa0/2 is now root port

00:15:37: RSTP(100): synced Fa0/2

00:15:37: RSTP(100): transmitting an agreement on Fa0/2 as a response to a proposal

2013-02-26

[]

f:id:okm:20130226224425j:image


検証1:RSTPを設定して動作を確認する

    ⇒各SWにRSTPを設定する

    ⇒各SWのRSTPにおけるポート役割を確認する

    ⇒SW1_2950のfa0/1側のケーブルを抜線

    ⇒SW3_2950のfa0/2側のケーブルを抜線

    ⇒再び、各SWのRSTPにおけるポート役割を確認する

    ⇒debugを確認する


■SW1_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

spanning-tree vlan 100 priority 4096

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

end


■SW2_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

end


■SW3_2950投入コンフィグ

conf t

!

vlan 100

!

spanning-tree mode rapid-pvst

spanning-tree vlan 100 priority 8192

!

int fa0/1

switchport mode access

switchport access vlan 100

!

int fa0/2

switchport mode access

switchport access vlan 100

!

int fa0/3

switchport mode access

switchport access vlan 100

!

end


検証1:RSTPを設定して動作を確認する

    ⇒各SWのRSTPにおけるポート役割を確認する

SW1_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4196 (priority 4096 sys-id-ext 100)

Address 000e.3854.be00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p


SW2_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)

Address 000d.bc1d.c100

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Altn BLK 19 128.2 P2p


SW3_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8292 (priority 8192 sys-id-ext 100)

Address 000d.2903.e680

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Fa0/3 Back BLK 19 128.3 P2p

    ⇒SW1_2950のfa0/1側のケーブルを抜線

    ⇒SW3_2950のfa0/2側のケーブルを抜線

    ⇒再び、各SWのRSTPにおけるポート役割を確認する

SW1_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4196 (priority 4096 sys-id-ext 100)

Address 000e.3854.be00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/2 Desg FWD 19 128.2 P2p


SW2_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 38

Port 2 (FastEthernet0/2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)

Address 000d.bc1d.c100

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/2 Root FWD 19 128.2 P2p


SW3_2950#sh spanning-tree

VLAN0100

Spanning tree enabled protocol rstp

Root ID Priority 4196

Address 000e.3854.be00

Cost 19

Port 1 (FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8292 (priority 8192 sys-id-ext 100)

Address 000d.2903.e680

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

                                • ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/3 Desg FWD 19 128.3 P2p


    ⇒debugを確認する

SW2_2950#debug spanning-tree events

01:48:32: RSTP(100): updt roles, root port Fa0/1 is going down

01:48:32: RSTP(100): Fa0/2 is now root port

01:48:37: RSTP(100): Fa0/2 rcvd info expired

01:48:37: RSTP(100): updt roles, information on root port Fa0/2 expired

01:48:37: RSTP(100): we become the root bridge

01:48:37: RSTP(100): Fa0/2 is now designated

01:48:37: RSTP(100): updt roles, superior bpdu on Fa0/2 (synced=0)

01:48:37: RSTP(100): Fa0/2 is now root port

01:48:37: RSTP(100): synced Fa0/2

01:48:37: RSTP(100): transmitting an agreement on Fa0/2 as a response to a proposal

2013-02-23

[]

f:id:okm:20130223151621j:image

※DSW3_3560を下位L2SW想定として使用


プライベートVLAN設定におけるポイント

    ⇒VTPはtransparent modeに設定する(L2SWならびに上位L3SW)

    ⇒上位L3SWのSVIはプライマリVLANのみを設定(隔離VLANとコミュニティVLANのSVIは設定しない。)


■DSW3_3560投入コンフィグ

conf t

!

vtp mode transparent

!

vlan 100

private-vlan primary

exit

!

vlan 10

private-vlan isolated

exit

!

vlan 20

private-vlan community

exit

!

vlan 100

private-vlan association 10,20

exit

!

int gi0/1

switchport mode private-vlan promiscuous

switchport private-vlan mapping 100 10,20

no shut

exit

!

int range fa0/1 - 2

switchport mode private-vlan host

switchport private-vlan host-association 100 10

no shut

exit

!

int range fa0/3 - 4

switchport mode private-vlan host

switchport private-vlan host-association 100 20

no shut

exit

!

end


■DSW1_3750投入コンフィグ

conf t

!

ip routing

!

vtp mode transparent

!

vlan 100

!

int gi1/0/1

switchport mode access

switchport access vlan 100

no shut

!

int fa1/0/1

no switchport

ip address 10.0.0.1 255.255.255.0

no shut

!

int vlan 100

private-vlan mapping add 10,20

ip address 172.16.100.1 255.255.255.0

no shut

!

router eigrp 100

network 172.16.100.0 0.0.0.255

network 10.0.0.0 0.0.0.255

!

end


DSW3_3560#sh vlan private-vlan

Primary Secondary Type Ports

              • --------- ----------------- ------------------------------------------

100 10 isolated Fa0/1, Fa0/2, Gi0/1

100 20 community Fa0/3, Fa0/4, Gi0/1

2013-02-19

[]

f:id:okm:20130218204351j:image


検証1:PACLでvlan101の特定PC(ホストC)からARPパケットを拒否する

    ⇒mac access-listをPACLで物理インターフェイス適用

    ⇒特定PC(ホストC)のarp tableを確認する

    ⇒特定PC(ホストC)からLinux端末へping実施

    ⇒再度、特定PC(ホストC)のarp tableを確認する

    ⇒ARPパケット拒否の対象ではない他PC(ホストB)からLinux端末へping実施

    ⇒他PC(ホストB)のarp tableを確認する

    ⇒他PC(ホストB)から特定PCping実施


■DSW3_3560投入コンフィグ

conf t

!

ip routing

!

enable secret ccnp

!

vlan 101

!

int loopback 0

ip address 1.1.1.1 255.255.255.255

!

int fa0/1

switchport mode access

switchport access vlan 101

mac access-group deny-arp in

no shut

!

int fa0/2

switchport mode access

switchport access vlan 101

mac access-group deny-arp in

no shut

!

int fa0/3

switchport mode access

switchport access vlan 101

mac access-group deny-arp in

no shut

!

int vlan 101

ip address 172.16.101.1 255.255.255.0

no shut

exit

!

mac access-list extended deny-arp

deny host 001d.7298.f312 0000.0000.0000 ffff.ffff.ffff 0x0806 0x0

permit any any

exit

!

line vty 0 4

password cisco

login

!

end


検証1:PACLでvlan101の特定PC(ホストC)からARPパケットを拒否する

    ⇒特定PC(ホストC)のarp tableを確認する

C:\Documents and Settings\administrator.EXAMPLE>arp -a

No ARP Entries Found


    ⇒特定PC(ホストC)からLinux端末へping実施

C:\Documents and Settings\administrator.EXAMPLE>ping 172.16.101.100

Pinging 172.16.101.100 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 172.16.101.100:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


    ⇒再度、特定PC(ホストC)のarp tableを確認する

C:\Documents and Settings\administrator.EXAMPLE>arp -a

No ARP Entries Found


    ⇒ARPパケット拒否の対象ではない他PC(ホストB)からLinux端末へping実施

C:\Documents and Settings\otherPC>ping 172.16.101.100

Pinging 172.16.101.100 with 32 bytes of data:

Reply from 172.16.101.100: bytes=32 time<1ms TTL=64

Reply from 172.16.101.100: bytes=32 time<1ms TTL=64

Reply from 172.16.101.100: bytes=32 time<1ms TTL=64

Reply from 172.16.101.100: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.101.100:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


    ⇒他PC(ホストB)のarp tableを確認する

C:\Documents and Settings\otherPC>arp -a

Interface: 172.16.101.150 --- 0x3

Internet Address Physical Address Type

172.16.101.1 f4-ac-c1-1f-f6-c1 dynamic

172.16.101.100 00-16-d3-c2-44-b2 dynamic


    ⇒他PC(ホストB)から特定PCping実施

C:\Documents and Settings\otherPC>ping 172.16.101.200

Pinging 172.16.101.200 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 172.16.101.200:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


-------------------------------------------------

DSW3_3560#sh access-lists

Extended MAC access list deny-arp

deny host 001d.7298.f312 any 0x806 0x0

permit any any (3 matches)


DSW3_3560#sh mac access-group

Interface FastEthernet0/1:

Inbound access-list is deny-arp

Outbound access-list is not set

Interface FastEthernet0/2:

Inbound access-list is deny-arp

Outbound access-list is not set

Interface FastEthernet0/3:

Inbound access-list is deny-arp

Outbound access-list is not set

Connection: close