首页
统计信息
友情链接
壁纸
Search
1
【更新】CommentToMail typecho2017&v4.1& Mailer三版本,支持php5.6/7,插件详解
157,825 阅读
2
CentOS 7安装bbr教程
12,568 阅读
3
纯小白10分钟变身linux建站高手?宝塔linux面板全体验
12,216 阅读
4
深信服超融合架构测试介绍
11,107 阅读
5
优秀的个人博客系统,typecho从入门到精通
7,386 阅读
技术相关
ACG相关
胡言乱语
数码杂烩
登录
Search
标签搜索
进击的巨人
漫画
宝塔
php
typecho
diy
vps
折腾
动漫
优酷路由宝
ubuntu
路由器
QQ
KMS
王忘杰
累计撰写
219
篇文章
累计收到
179
条评论
首页
栏目
技术相关
ACG相关
胡言乱语
数码杂烩
页面
统计信息
友情链接
壁纸
搜索到
187
篇与
的结果
2023-09-21
Windows Server WDS导致DHCP无法正常工作故障处理
故障记录: 2023年9月20日19:30分,王工进行域控月度系统补丁更新20:00分,接到用户反馈,电脑无网络20:05分,王工发现手机连接wifi后也无法获取IP地址由于DHCP服务器搭建在主域控上,王工进行主域控补丁回退至20:15分,补丁回退完成后,依然无法获取Ip地址随后,王工进行B计划,启用辅域控DHCP功能,配置故障转移集群,交换机配置辅域控为DHCP服务器通过手机测试,辅域控可以正常分配地址20:30分,王工将交换机所有DHCP服务器配置为辅域控地址,故障临时处理完成,恢复业务当前主域控DHCP仍为故障状态,暂时不影响业务,需进行完整排查测试,王工拉了故障处理: 由于无法处理故障,随即联系中心高级系统运维工程师葛工进行处理。1、查看DHCP服务器状态无异常IPV4属性-高级-无法绑定网卡2、查看日志经查看,DHCP事件为端口被占用占用UDP67端口的程序时svchost.exe,无法判断具体原因3、检查服务经查询,这台域控服务器还安装了IIS、DNS、WDS服务WDS默认也是用UDP67端口4、禁用WDS5、重启DHCP服务并绑定网卡6、测试客户机成功通过此DHCP服务器获取IP7、后续处理卸载WDS服务小结: 有故障先看日志,先看日志!
2023年09月21日
137 阅读
0 评论
2 点赞
2023-09-18
华为超融合FusionCube故障处理“主机最大内存复用率小于100%”
故障现象: 对华为虚拟化进行物理内存升级后,FusionCompute组件出现主机最大内存复用率小于100%的故障告警故障分析: 点击故障告警,进入华为超融合自带的故障帮助告警解释 系统按60秒周期检测主机的最大内存复用率,当主机的最大内存复用率小于100%时,系统产生此告警。 当主机的最大内存复用率大于等于100%时,告警恢复。 对系统的影响 可能会影响虚拟机正常启动。 可能原因 新添加主机,内存swap分区规格过小。 主机增加内存 。 处理步骤 添加一个可用的新的swap分区。具体步骤请参见添加主机内存交换分区。 等待1分钟后,查看告警是否消除。 是,处理完毕。 否,执行3。添加交换分区的帮助文档在FusionCompute左侧导航中,单击。 进入“资源池”页面。 在“主机”页签,单击待操作主机名称。 显示“概要”页签。 在“配置”页签,选择“系统配置 > 内存交换分区”。 进入内存交换分区列表界面。 在列表上方单击“添加”。 弹出对话框。 设置内存交换分区的参数。 名称:内存交换分区名称。同一个主机中添加的内存交换分区名称不能重复。 数据存储:目前只支持本地虚拟化存储。 分区空间(GB):内存交换分区的大小。其取值不能超过所选数据存储的剩余容量。 主机最大内存复用率:默认为主机的当前最大内存复用率,分区空间输入数值后会实时更新。 单击“确定”。 完成主机内存交换分区的添加。可在“任务和事件”页签的任务列表中查看任务进度。故障处理: 按文档要求增加交换分区我这里增加20G,主机最大内存复用率超过100%即可告警自动消除小结: 多看文档
2023年09月18日
25 阅读
0 评论
0 点赞
2023-09-08
内网KMS自动激活windows和office
前提条件: 需要具备自己的内网DNS服务器需要部署KMS激活服务器或使用互联网公共KMS服务器部署的windows需要为企业版,我使用的是LTSC版本部署的office需要为批量许可版或安装office Mondo 2016 - 批量版 - [MondoVolume]许可证连接内网后,自动激活在DNS中配置KMS服务器: 在 DNS 服务器上,打开 DNS 管理器。要打开 DNS 管理器,请依次单击开始、管理工具、DNS。单击需要在其上创建 SRV 资源记录的 DNS 服务器。在控制台树中,展开正向查找区域,右键单击该域,然后单击其他新记录。向下滚动列表,单击服务位置 (SRV),然后单击创建记录。键入以下信息: a. 服务:_VLMCS b. 协议:_TCP c. 端口号: 1688 d. 提供服务的主机:<FQDN_of_KMS_Host>完成后,单击确定,然后单击完成。 示例: 作者:大智在所不虑 https://www.bilibili.com/read/cv8769488/ 出处:bilibili
2023年09月08日
89 阅读
0 评论
1 点赞
2023-09-05
Centos7重置root密码(详细版)
https://mefj.com.cn/lur1974.html修改了root密码,步骤如下: 步骤一:在开机出现如下界面的时候就按e键步骤二:在步骤一按下e键之后,出现如下界面,按 ↓键一直到底部找到LANG=zh_CN.UTF-8这句,在这句后面加上init=/bin/sh,然后按Ctrl+x进入单用户。步骤三:挂载文件系统为可写模式mount –o remount,rw /注释:至于为什么要这句命令是因为默认情况在进入单用户模式后,我们的/文件系统是只读模式,无法进行修改,那么这个时候我们就需要用到一条命令mount –o remount,rw / 这个命令来让我们的/路径文件系统为可读模式,这样就可以实现自由修改了。步骤四:执行passwd命令,修改root密码,密码要输入两次要求两次密码要一致。步骤五:如果之前系统启用了selinux,必须执行以下命令,否则将无法正常启动系统touch /.autorelabel。然后执行命令exec /sbin/init来正常启动,或者用命令exec /sbin/reboot重启就OK了。
2023年09月05日
24 阅读
0 评论
1 点赞
2023-09-05
office tool plus全能office部署、激活、卸载工具
一、下载Office Tool Plus {abtn icon="" color="#ff6800" href="https://otp.landian.vip/zh-cn/" radius="" content="官方主页"/} Office Tool Plus 的主要功能 Office Tool Plus 基于 Office 部署工具 (ODT) 打造,可以很轻松地部署 Office。无论你是个体还是团队,Office Tool Plus 都是您的 Office 小助手{anote icon="" href="https://otp.landian.vip/zh-cn/download.html" type="secondary" content="下载地址"/} 二、安装office建议下载 包含框架 (7z 自解压缩包),解压后运行Office Tool Plus.exe点击部署选择需要安装的组件、语言、体系结构后,点击右上角“开始部署”等待安装完成即可三、激活office 可用于所有企业版office1、安装许可证,office Mondo 2016 - 批量版 - [MondoVolume]2、输入kms主机并设置主机:kms.loli.beer 或自行搭建3、点击激活四、取消激活卸载所有许可证五、卸载office当office被破坏无法卸载,使用 工具箱-office工具-移除office,六、总结无
2023年09月05日
386 阅读
0 评论
0 点赞
2023-09-05
python3 multiprocessing windows环境下 pyinstaller打包exe运行无限创建进程问题
https://blog.csdn.net/fly_leopard/article/details/121610641multiprocessing提供了freeze_support来实现main module的安全导入,在运行multiprocessing创建进程前调用该方法:.... if __name__ == '__main__': import multiprocessing # 该方法作用是阻止子进程运行其后面的代码 multiprocessing.freeze_support() pool = Pool(3) try: log.info("Start Program.") pool.apply_async(start_queue_manager, error_callback=error_callback) pool.apply_async(start_server, error_callback=error_callback).ready() pool.apply_async(start_browser, error_callback=error_callback) except: log.error(traceback.format_exc()) finally: pool.close() pool.join()
2023年09月05日
9 阅读
0 评论
0 点赞
2023-09-05
win10使用镜像ISO安装.Net Framework 3.5
加载ISO文件管理员运行cmddism.exe /online /enable-feature /featurename:netfx3 /Source:G:\sources\sxs安装完成
2023年09月05日
12 阅读
0 评论
0 点赞
2023-09-05
win10 无法访问共享 0x80070035 找不到网络路径
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "AllowInsecureGuestAuth"=dword:00000001然后保存,修改后缀名为“.reg”;
2023年09月05日
14 阅读
0 评论
0 点赞
2023-09-01
【MSSQL】SQL SERVER 收缩日志
收缩日志不影响数据库运行,但会影响数据库按日志恢复,进行收缩前应进行数据库完整备份。1、登录数据库,打开要收缩的数据库的属性2、更改数据库恢复模式,“完整”改为“简单”3、收缩数据库日志,在对应数据库上右键,“任务” - “收缩” - “文件”文件类型:日志,收缩大小一般填写2MB4、收缩完成后,将数据库恢复模式改回“完整”5、收缩完成,检查业务系统工作是否正常
2023年09月01日
21 阅读
0 评论
0 点赞
2023-08-21
H3C STP生成树协议与环路检测配置实战
一、环境介绍 本次实验环境为一台H3C S5130交换机,两台TP-LINK TL-SG1008D八口千兆傻瓜交换机,一台TP-LINK TL-SG1005D五口千兆傻瓜交换机。二、实验目的 在各种条件下,测试交换机防环功能和状态,H3C交换机默认STP协议为MSTP协议。三、实验步骤 1、普通环路实验拓扑图关闭STP协议[H3C]un stp global en [H3C]%Jan 1 02:19:16:001 2013 H3C STP/6/STP_DISABLE: STP is now disabled on the device.将交换机1口2口通过网线连接,查看接口状态[H3C]dis int br Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1查看CPU使用率[H3C]dis cpu Slot 1 CPU 0 CPU usage: 3% in last 5 seconds 4% in last 1 minute 3% in last 5 minutes 在网络静默状态下,无广播包,CPU使用率不会飙升将电脑接入交换机,交换机ping电脑,仅一台电脑的网络下,因为环路,CPU使用率即出现飙升,交换机指示灯狂闪,且通讯中断。[H3C]dis cpu Slot 1 CPU 0 CPU usage: 30% in last 5 seconds 31% in last 1 minute 3% in last 5 minutes 在交换机开启STP协议[H3C]stp global en %Jan 1 02:25:56:729 2013 H3C STP/6/STP_ENABLE: STP is now enabled on the device. %Jan 1 02:25:56:775 2013 H3C STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change.查看CPU使用率恢复正常[H3C]dis cpu Slot 1 CPU 0 CPU usage: 2% in last 5 seconds 30% in last 1 minute 3% in last 5 minutes 查看接口状态,1 2口仍为UP状态Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1查看STP接口状态,2号口为DISCARDING阻塞状态,防环功能正常启动。[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 0 GigabitEthernet1/0/15 DESI FORWARDING NONE 2、接入傻瓜交换机形成大环路网络拓扑通过傻瓜交换机串联形成环路,STP工作正常,环路被屏蔽[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 3、接入傻瓜交换机形成小环路网络拓扑通过傻瓜交换机串联形成小环路,STP工作正常,环路在网管交换机处被屏蔽,但傻瓜交换机等狂闪,仍为环路状态。[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI DISCARDING NONE 一段时间后,STP进入转发状态,网络瘫痪,即STP可以无法运行在傻瓜交换机上[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 4、普通环路检测拓扑图开启基于VLAN的全局环路检测,配置环路检测处理模式为关闭接口,配置检测间隔为35秒[H3C]loopback-detection global enable vlan all [H3C]loopback-detection global action shutdown [H3C]loopback-detection interval-time 35使用网线连接1 2口,查看STP状态[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 查看接口状态,当STP正常工作时,环路检测不会检测出环路Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1 关闭STP[H3C]un stp global en查看接口状态[H3C]%Jan 1 03:02:05:069 2013 H3C LPDT/4/LPDT_LOOPED: A loop was detected on GigabitEthernet1/0/1. %Jan 1 03:02:05:076 2013 H3C LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port GigabitEthernet1/0/2 (IfIndex 2), neighbor's chassis ID is 6893-20d4-f004, port ID is GigabitEthernet1/0/1. %Jan 1 03:02:05:212 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:02:05:223 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:02:05:227 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. 环路的两个接口被关闭,环路检测功能正常Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1 5、接入傻瓜交换机形成大环路进行环路检测网络拓扑检测到环路%Jan 1 03:12:36:560 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:12:36:560 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/11 in VLAN 1. %Jan 1 03:12:36:561 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/11. %Jan 1 03:12:36:563 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:12:36:563 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1. %Jan 1 03:12:36:571 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface1 changed to down. %Jan 1 03:12:36:572 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface Vlan-interface1 changed to down. 查看接口状态,接口被Loopback关闭,环路检测正常Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1 [H3C]dis interface g1/0/1 GigabitEthernet1/0/1 Current state: DOWN (Loopback detection down) Line protocol state: DOWN 6、接入傻瓜交换机形成小环路进行环路检测网络拓扑环路检测检测到环路,接口被关闭%Jan 1 03:18:51:179 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:18:51:186 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:18:51:189 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:18:51:213 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:18:51:214 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1. %Jan 1 03:18:51:231 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface1 changed to down. Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1但傻瓜交换机的网络仍然为瘫痪状态四、实验总结 网管交换机不可与傻瓜交换机混用1、即使STP与环路检测生效,傻瓜交换机仍为环路满载状态。2、傻瓜交换机无法支持STP与环路检测协议,仍会造成网络故障另外,配置环路检测后,需要配置日志告警系统,对环路协议报告进行告警。
2023年08月21日
175 阅读
0 评论
2 点赞
2023-08-17
H3C华三交换机学习笔记
软件名称:HCL_Setup_V5.9.0发布日期:2023/7/13 9:29:22{anote icon="" href="https://www.h3c.com/cn/Service/Document_Software/Software_Download/Other_Product/H3C_Cloud_Lab/Catalog/HCL/" type="secondary" content="下载地址"/} 模拟器bug注意!注意!不要调整模拟器内设备的内存,极易造成设备出bug,比如路由器内存调小后,自己ping自己都不通!https://zhiliao.h3c.com/questions/dispcont/8085“配置没问题,端口也up了,也ping不通自己,是因为hcl路由器或交换机的内存不能人为的调小于520M,调成350M就容易出问题”{dotted startColor="#ff6c6c" endColor="#1989fa"/}基础命令:进入系统视图<H3C>system-view 路由追踪[H3C]tracert 更改主机名[H3C]hostname Switch1 显示详细路由追踪信息 [H3C]ip ttl-expires enable [H3C]ip unreachables enable 保存[H3C]save 重启<H3C>reboot 查看接口信息[H3C]display interface brief 查看详细配置文件[H3c]display current-cohnfiguration 查看OSPF信息[SwitchA]display ospf peer verbose 查看SN序列号display device manuinfo display counters inbound interface display counters outbound interface 查询所有接口包速率 开启NTP时间同步,同步需要几分钟 [H3C]dis clock 04:06:38.180 UTC Sat 01/05/2013 [H3C]sntp enable [H3C]sntp unicast-server 172.16.21.246 [H3C]display sntp sessions SNTP server Stratum Version Last receive time 11.22.33.44 4 4 Sat, Jan 5 2013 4:07:40.856 查看交换机时间 [H3C]dis clock 08:11:36.223 UTC Mon 04/25/2022 关闭LLDP PVID检查 lldp ignore-pvid-inconsistency 打开LLDP PVID检查 undo lldp ignore-pvid-inconsistency 通过IP和MAC地址查找所在交换机1、查看本机IP和MAC地址以太网适配器 以太网: 描述. . . . . . . . . . . . . . . : Realtek PCIe GbE Family Controller 物理地址. . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX IPv4 地址 . . . . . . . . . . . . : 172.XX.X.XXX(首选)2、登录VLAN网关,查看IP和MAC地址查看IP MAC对应关系dis arp | include 172.XX.X.XXX 172.XX.X.XXX xxxx-xxxx-xxxx 18 BAGG1 852 D查看MAC所在接口dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned BAGG1 Y3、查看接口下联交换机IP查看接口与端口绑定关系dis cu查看接口下lldp信息dis lldp n v4、依次登录下层交换机,最终确定接口所在交换机dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned GE1/0/43 Y 查看接口STP报文数量,其中G1/0/5口异常 <H3C>display stp tc -------------- STP slot 1 TC or TCN count ------------- MST ID Port Receive Send 0 Bridge-Aggregation1 1 34537 0 Bridge-Aggregation2 109 9708 0 GigabitEthernet1/0/1 10 458 0 GigabitEthernet1/0/2 29 1580 0 GigabitEthernet1/0/3 0 18213 0 GigabitEthernet1/0/4 0 18243 0 GigabitEthernet1/0/5 1496 8417 0 GigabitEthernet1/0/6 0 18225 0 GigabitEthernet1/0/7 423 17148 0 GigabitEthernet1/0/8 3 3856 0 GigabitEthernet1/0/9 36 18298 0 GigabitEthernet1/0/10 0 18277 0 GigabitEthernet1/0/17 185 34206 0 GigabitEthernet1/0/18 0 34535 0 GigabitEthernet1/0/20 0 206 0 GigabitEthernet1/0/21 0 34535 0 GigabitEthernet1/0/23 0 34536 0 GigabitEthernet1/0/24 0 3306 查看交换机日志 <H3C>dis logbuffer 查看邻居信息 <H3C>dis lldp neighbor-information list Chassis ID : * -- -- Nearest nontpmr bridge neighbor # -- -- Nearest customer bridge neighbor Default -- -- Nearest bridge neighbor System Name Local Interface Chassis ID Port ID XX GE1/0/1 70c6-ddb5-905e 70c6-ddb5-9087 XX GE1/0/2 6ce5-f71b-0754 GigabitEthernet1/0/28 XX GE1/0/3 9ce8-955a-b540 GigabitEthernet1/0/28 XX GE1/0/4 1cab-3479-2220 1cab-3479-2220 XX GE1/0/5 6ce5-f71b-904c GigabitEthernet1/0/28 H3C GE1/0/6 3c8c-4010-1f3e GigabitEthernet1/0/26 查看邻居详细信息 <S-151-04>dis lldp neighbor-information verbose LLDP neighbor-information of port 1[GigabitEthernet1/0/1]: LLDP agent nearest-bridge: LLDP neighbor index : 1 Update time : 46 days, 6 hours, 59 minutes, 31 seconds Chassis type : MAC address Chassis ID : 70c6-ddb5-905e Port ID type : MAC address Port ID : 70c6-ddb5-9087 Time to live : 121 Port description : GigabitEthernet1/0/28 Interface System name : S-178-01 System description : H3C Comware Platform Software, Software Version 7.1.070, Release 6328P03 H3C S5130S-28P-HPWR-EI Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. Al l rights reserved. System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 169.254.144.94 Management address interface type : IfIndex Management address interface ID : 635 Management address OID : 0 dis process cpu 查看进程对于CPU的使用率。 dis process memory 查看进程对于内存使用率 dis cpu-usage 查看CPU使用率。 dis memory 查询内存使用率。 display fan 查看风扇 display power 查看电源 dis device 查看板卡状态 display logbuffer 查看设备日志 display environment 查看温度 dis counter rate inbound interface 查看接口进方向的使用率 dis counter rate outbound interface 查看接口出方向的使用率 dis int | inc rate 查看接口历史使用率 dis int | inc sec 查看接口历史使用率及出入方向的字节 dis int gi 1/0/1 查看接口最近300秒使用率 修改风扇旋转反向 fan prefer-direction slot 1 port-to-power 查看风扇状态 dis fan 清除配置,恢复出厂 <H3C>reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y #选择Y确认 <H3C>reboot Start to check configuration with next startup configuration file, please wait.........DONE! Current configuration may be lost after the reboot, save current configuration? [Y/N]:n #N选择不保存 This command will reboot the device. Continue? [Y/N]:y #Y确认重启 关闭日志 关闭终端上下线日志分为以下几种情况 (1)通过console的方式登录时 info-center source STAMGR console deny info-center source WLANAUD console deny (2)通过telnet的方式登录时 info-center source STAMGR monitor deny info-center source WLANAUD monitor deny 以上两种情况互不影响。这两种方式只是在总控制台不显示用户上下线的日志信息,但设备的logbuffer里还是记录的,如果想要在logbuffer也不记录日志,需采取以下两种命令关闭: info-center source STAMGR logbuffer deny info-center source WLANAUD logbuffer deny 如关闭DHCP日志 info-center source DHCPS logbuffer deny 配置日志服务器 info-center loghost 172.16.21.111 {dotted startColor="#ff6c6c" endColor="#1989fa"/}环路检测排查 查看CPU使用率dis cpu查看MAC漂移dis mac-address mac-move查看STP接口状态dis stp brief查看lldp状态dis lldp neighbor-information list dis lldp neighbor-information verbose环路检测配置 https://www.h3c.com/cn/d_202308/1905729_30005_0.htm#_Ref470192304loopback-detection global enable vlan { vlan-id-list | all } 全局开启环路检测 interface interface-type interface-number 进入二层以太网接口/二层聚合接口视图 loopback-detection enable vlan { vlan-id-list | all } 在端口上开启环路检测功能 loopback-detection global action shutdown 全局配置环路检测的处理模式 interface interface-type interface-number 进入接口视图 loopback-detection action { block | no-learning | shutdown } 在端口上配置环路检测的处理模式 loopback-detection interval-time interval 配置检测间隔时间 display loopback-detection 显示环路检测的配置和运行情况查询AP上线离线掉线时间 网络-操作-无线配置-AP管理-详情基础配置-上线/离线/版本下载时间2023-07-15 13:23:29二层端口模式 参考链接:https://blog.51cto.com/shyln/2087240 a)access端口 发送(从交换机内部往外发送): 带有vlan tag:删除tag后,发送 不带vlan tag:不可能出现 接收: 带有vlan tag:若该tag等于该access端口的pvid,则可以接收,进入交换机内部 不带vlan tag:添加该access端口的pvid,进入交换机内部 b)trunk端口(允许发送native VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag:若tag等于该trunk端口的pvid,则删除tag后发送;否则保留tag直接发送 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该trunk端口的pvid,进入交换机内部 c)hybrid端口(允许发送多个VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag: 是否带tag进行发送,取决于用户配置(用户可以配置tagged list,untagged list) 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该hybrid端口的pvid,进入交换机内部{dotted startColor="#ff6c6c" endColor="#1989fa"/}模拟傻瓜交换机 思路,创建全部vlan,端口启用untag。vlan 2 to 4000 #批量创建vlan interface GigabitEthernet1/0/1 #进入接口 port link-type hybrid #接口类型hybrid port hybrid vlan 1 to 4000 untagged #撕掉vlan标签{dotted startColor="#ff6c6c" endColor="#1989fa"/}配置telnet参考链接https://jingyan.baidu.com/article/1876c852517425890b1376d2.html给VLAN1配置IP[H3C-Vlan-interface1]ip address 192.168.56.254 255.255.255.0 [H3C-Vlan-interface1]quit配置VTY(Virtual Teletype Terminal)虚拟终端接口的认证方式 [H3C]user-interface vty 0 4 [H3C-line-vty0-4]authentication-mode scheme //进行本地或远端用户名和口令认证。即AAA认证 //关于认证,一共有三种认证方式 //password 本地口令认证; //scheme 本地或远端用户名和口令认证; //none 不认证; [H3C-line-vty0-4]quit 本地用户的创建与配置 [H3C]local-user admin //设置创建本地认证的用户名 [H3C-luser-manage-admin]password simple 123456 //设置明文密码,使用命令查看当前配置时 //密码会以哈希加密后显示 图3 [H3C-luser-manage-admin]authorization-attribute user-role level-15 #开启最高权限或authorization-attribute user-role network-admin [H3C-luser-manage-admin]service-type telnet //用户作用于telnet服务 [H3C-luser-manage-admin]quit [H3C]telnet server enable //开启telnet 服务 [H3C]save //保存配置 {dotted startColor="#ff6c6c" endColor="#1989fa"/}静态路由[R1]int g0/0 #进入接口或者vlan [R1-GigabitEthernet0/0]ip add 192.168.1.1 24 #设置接口IP [R1]ip route-static 192.168.2.0 24 192.168.1.2 #为目标网段设置网关{dotted startColor="#ff6c6c" endColor="#1989fa"/}普通DHCP配置路由1<H3C>sys #系统视图 [H3C]int g0/0 #进入接口 [H3C-GigabitEthernet0/0]ip add 192.168.1.1 24 #配置IP [H3C-GigabitEthernet0/1]int g0/1 [H3C-GigabitEthernet0/1]ip add 192.168.2.1 24路由2<H3C>sys [H3C]int g0/0 [H3C-GigabitEthernet0/0]ip add 192.168.2.2 24路由1[route1]dhcp server ip-pool 1 #设置DHCP地址池 [route1-dhcp-pool-1]network 192.168.0.1 mask 255.255.255.0 #地址范围为192.168.0.0/24网段的ip地址 [route1-dhcp-pool-1]gateway-list 192.168.0.1 #网关地址为192.168.0.1 [route1-dhcp-pool-1]dns-list 192.168.0.1 #DNS服务器地址也为192.168.0.1 注意:这里设置的是一个网段的范围,在这个地址范围里可能这里面的某些地址不能够被分配出去。比如说网关的地址和一些指定的设备的ip地址。 [route1]dhcp server forbidden-ip 192.168.0.1 192.168.0.2 #不允许网关地址和DNS地址192.168.0.1分配被出去 [route1]dhcp enable #启动DHCP服务{dotted startColor="#ff6c6c" endColor="#1989fa"/}ospf配置:参考:https://blog.51cto.com/14219797/2402420配置接口IP:SwitchB<H3C>sys #进入系统视图 [H3C]hostname SwitchB #主机名重命名 [SwitchB]vlan 200 进入vlan200 [SwitchB-vlan100]port g 1/0/1 #指定vlan200端口 [SwitchB-vlan100]quit [SwitchB]vlan 300 进入vlan300 [SwitchB-vlan200]port g 1/0/2 #指定vlan300端口 [SwitchB-vlan200]quit [SwitchB]inter vlan 200 #进入vlan200 [SwitchB-Vlan-interface100]ip add 10.1.1.2 24 #设定IP [SwitchB-Vlan-interface100]quit [SwitchB]inter vlan 300 #进入vlan300 [SwitchB-Vlan-interface200]ip add 10.2.1.1 24 #设定IP [SwitchB-Vlan-interface200]quit配置OSPF协议:<SwitchB> system-view #进入系统视图 [SwitchB] router id 10.2.1.1 #设定唯一标识 [SwitchB] ospf #进入ospf设置 [SwitchB-ospf-1] area 0 #配置区域0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 #通告网络,子网掩码为反码 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 #配置区域 [SwitchB-ospf-1-area-0.0.0.2] network 10.2.1.0 0.0.0.255 #通告网络 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quitSwitchA 的 OSPF 邻居:[SwitchA]display ospf peer verbose OSPF Process 1 with Router ID 10.1.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface200)'s neighbors Router ID: 10.2.1.1 Address: 10.1.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 31 sec Neighbor is up for 00:37:39 Authentication sequence: [ 0 ] Neighbor state change count: 6 BFD status: Disabled Area 0.0.0.1 interface 10.3.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.2 Address: 10.3.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.3.1.1 BDR: 10.3.1.2 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 39 sec Neighbor is up for 00:36:50 Authentication sequence: [ 0 ] Neighbor state change count: 5 BFD status: DisabledSwitchA 的 OSPF 路由信息:[SwitchA]display ospf routing OSPF Process 1 with Router ID 10.1.1.1 Routing Table Topology base (MTID 0) Routing for network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 2 Inter 10.1.1.2 10.2.1.1 0.0.0.0 10.3.1.0/24 1 Transit 0.0.0.0 10.1.1.1 0.0.0.1 10.1.1.0/24 1 Transit 0.0.0.0 10.2.1.1 0.0.0.0 Total nets: 3 Intra area: 2 Inter area: 1 ASE: 0 NSSA: 0SwitchC到SwitchD进行测试连通性:[SwitchC]ping 10.2.1.2 Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.2.1.2: icmp_seq=0 ttl=253 time=1.651 ms 56 bytes from 10.2.1.2: icmp_seq=1 ttl=253 time=1.567 ms 56 bytes from 10.2.1.2: icmp_seq=2 ttl=253 time=1.465 ms 56 bytes from 10.2.1.2: icmp_seq=3 ttl=253 time=1.431 ms 56 bytes from 10.2.1.2: icmp_seq=4 ttl=253 time=2.635 msSwitchC到SwitchD进行路由追踪:[SwitchC]tracert 10.2.1.2 traceroute to 10.2.1.2 (10.2.1.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 10.3.1.1 (10.3.1.1) 1.438 ms 0.424 ms 0.418 ms 2 10.1.1.2 (10.1.1.2) 1.481 ms 1.221 ms 0.695 ms 3 10.2.1.2 (10.2.1.2) 1.073 ms 1.087 ms 0.923 ms{dotted startColor="#ff6c6c" endColor="#1989fa"/}VLAN隔离:参考链接:https://blog.51cto.com/14220513/2367688http://www.023wg.com/vlan/132.htmlhttp://www.h3c.com/cn/d_200809/615974_30005_0.htm配置SwitchA:<SwitchA> system-view #系统视图 [SwitchA] vlan 100 [SwitchA-vlan100] port ge1/0/2 #添加端口 [SwitchA-vlan100] quit [SwitchA] vlan 200 [SwitchA-vlan100] port ge1/0/3 #添加端口 [SwitchA-vlan100] quit [SwitchA] interface ge1/0/1 #进入端口 [SwitchA-GigabitEthernet1/0/1] port link-type trunk #设置trunk模式 [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 100 200 #允许VLAN100 200通过输入display vlan 100 和display vlan200 查看配置:[SwtichA]display vlan 100 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 [SwtichA]display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/3{dotted startColor="#ff6c6c" endColor="#1989fa"/}MSTP多生成树MSTP默认开启,可手动配置最佳路径参考链接:https://www.cnblogs.com/aqicheng/p/13824682.html每个交换机创建vlan10 vlan20[H3C]vlan 10 [H3C-vlan10]vlan 20 [H3C-vlan20]int g1/0/1 [H3C-GigabitEthernet1/0/1]port link-type trunk #所有接口设置trunk模式 [H3C-GigabitEthernet1/0/1]port trunk permit vlan all #允许所有vlan通过 [H3C-GigabitEthernet1/0/1]int g 1/0/2 [H3C-GigabitEthernet1/0/2]port link-type trunk [H3C-GigabitEthernet1/0/2]port trunk permit vlan all [H3C-GigabitEthernet1/0/2]quit [H3C]hostname sw3设置区域[sw3]stp region-configuration [sw3-mst-region]region-name h3c #区域命名 [sw3-mst-region]instance 1 vlan 10 #vlan10划入1组 [sw3-mst-region]instance 2 vlan 20 #vlan20划入2组 [sw3-mst-region]active region-configuration #激活配置 [sw3-mst-region]display this #查看以上配置 # stp region-configuration region-name h3c instance 1 vlan 10 instance 2 vlan 20 active region-configuration # return调整根桥[sw1]stp instance 1 root primary #sw1设置为组1的根桥 [sw2]stp instance 2 root primary #sw2设置为组2的根桥查看结果<sw1>display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 DESI FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/3 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 ROOT FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/3 DESI FORWARDING NONE [sw2]display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 DESI FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE{dotted startColor="#ff6c6c" endColor="#1989fa"/}VRRP虚拟路由冗余协议参考链接:https://www.cnblogs.com/hukey/p/13071447.html配置心跳线双线冗余[SW1]int Bridge-Aggregation 1 #创建接口聚合 [SW1]int g1/0/2 [SW1-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW1-GigabitEthernet1/0/2]int g1/0/3 [SW1-GigabitEthernet1/0/3]port link-aggregation group 1 [SW1]int Bridge-Aggregation 1 [SW1-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW1-Bridge-Aggregation1]port trunk permit vlan all [SW2]int Bridge-Aggregation 1 #创建链路聚合 [SW2]int g1/0/2 [SW2-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW2-GigabitEthernet1/0/2]int g1/0/3 [SW2-GigabitEthernet1/0/3]port link-aggregation group 1 [SW2]int Bridge-Aggregation 1 [SW2-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW2-Bridge-Aggregation1]port trunk permit vlan all查看绑定状态[sw1]dis int Bridge-Aggregation bri Brief information on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 UP 2G(a) F(a) T 1配置vlanSW3对应SW2和SW1的两个端口配置trunk,对应客户机的端口配置vlan [SW3]vlan 10 [SW3-vlan10]port g1/0/1 [SW3]int range g1/0/2 to g1/0/3 [SW3-if-range]port link-type trunk [SW3-if-range]port trunk permit vlan 10 20 [SW1]vlan 10 #创建vlan [SW1-vlan10]vlan 20 #创建vlan [SW1-vlan0]int g1/0/1 [SW1-GigabitEthernet1/0/1]port link-type trunk [SW1-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW1-GigabitEthernet1/0/1]int vlan 10 #进入vlan10 [SW1-Vlan-interface10]ip add 10.0.10.253 24 #设置IP [SW1-Vlan-interface10]int v20 #进入vlan20 [SW1-Vlan-interface20]ip add 10.0.20.253 24 #设置IP [SW1]dis ip int bri [sw1]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.253 -- Vlan20 up up 10.0.20.253 -- [SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2-vlan20]int g1/0/1 [SW2-GigabitEthernet1/0/1]port link-type trunk [SW2-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW2-GigabitEthernet1/0/1]int v10 [SW2-Vlan-interface10]ip add 10.0.10.252 24 [SW2-Vlan-interface10]int v20 [SW2-Vlan-interface20]ip add 10.0.20.252 24 [SW2]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.252 -- Vlan20 up up 10.0.20.252 --配置VRRP配置vlan10的vrrp [SW1]int v10 #进入vlan10 [SW1-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 #配置虚拟地址 [SW1-Vlan-interface10]vrrp vrid 10 priority 105 # 配置vrrp权重,默认为100 如果要设置master则大于100即 [SW1]track 10 int Bridge-Aggregation 1 # 配置心跳线为聚合链路 [SW2]int v10 [SW2-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 [SW2]track 10 int Bridge-Aggregation 1 配置vlan20的vrrp [SW1]int v20 [SW1-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW1]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [SW2]int v20 [SW2-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW2-Vlan-interface20]vrrp vrid 20 priority 105 #设置为vlan20的master [SW2]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [sw1]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Master 105 100 None 10.0.10.254 Vlan20 20 Backup 100 100 None 10.0.20.254 [sw2]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Backup 100 100 None 10.0.10.254 Vlan20 20 Master 105 100 None 10.0.20.254{dotted startColor="#ff6c6c" endColor="#1989fa"/}堆叠参考链接:CSDN博主「猫先生的早茶」的原创文章https://blog.csdn.net/qq_43017750/article/details/89323450注意!1、配置前必须移除两路由间连接线2、全部配置完成后,连线,次路由会自动重启master交换机#sys #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 1 priority 32 #配置irf成员优先级,32为最高,默认是1 #irf-port 1/1 #进入irf端口1/1 #port group interface Ten-GigabitEthernet 1/0/49 #加入当前irf端口 #port group interface Ten-GigabitEthernet 1/0/50 #port group interface Ten-GigabitEthernet 1/0/51 #port group interface Ten-GigabitEthernet 1/0/52 #quit #irf-port-configuration active #激活irf配置 #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #undo shutdown #启动端口 #save #保存standby交换机的命令#sys #irf member 1 renumber 2 #当前irf成员id重命名为2 #quit #reboot #sys #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 2 priority 1 #配置当前irf成员id2的优先级为1 #irf-port 2/2 #进入irf端口2/2 #port group interface Ten-GigabitEthernet 2/0/49 #加入当前irf #port group interface Ten-GigabitEthernet 2/0/50 #port group interface Ten-GigabitEthernet 2/0/51 #port group interface Ten-GigabitEthernet 2/0/52 #quit #irf-port-configuration active #激活irf #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #undo shutdown #启动端口 #quit #save验证:[sw1]dis irf MemberID Role Priority CPU-Mac Description *+1 Master 32 30e7-b21f-0104 --- 2 Standby 1 30e7-bae6-0204 ---{dotted startColor="#ff6c6c" endColor="#1989fa"/}链路聚合原文链接:https://blog.csdn.net/VictoryKingLIU/article/details/79560157静态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose动态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]link-aggregation mode dynamic [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose{dotted startColor="#ff6c6c" endColor="#1989fa"/}pvid 不同VLAN间通讯SW1: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 100 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 100 port trunk pvid vlan 100 combo enable fiber # SW2: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 200 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 200 port trunk pvid vlan 200 combo enable fiber # {dotted startColor="#ff6c6c" endColor="#1989fa"/}ACL控制规则[H3C]acl basic 2000 #创建基础规则 [H3C-acl-ipv4-basic-2000]rule deny source 192.168.1.2 0 #编写规则内容,阻止来自192.168.1.2的包 [H3C-acl-ipv4-basic-2000]int g1/0/1 #进入接口 [H3C-GigabitEthernet1/0/1]packet-filter 2000 inbound #应用规则 inbound入站 outbound出站在本案例中,若要禁止192.168.1.1访问2,需要在G1/0/1应用 outbound出站规则,这样数据包在抵达2并返回到接口时会被阻止;要禁止全体访问2,则需要在G1/0/2应用inbound入站规则,这样数据包从2出发并经过接口时会被阻止。端口控制若要阻止vlan1所有telnet访问,则可以在vlan1中设置出站规则[H3C]acl advanced 3001 [H3C-acl-ipv4-adv-3001]rule 1 deny tcp source-port eq 23 [H3C-acl-ipv4-adv-3001]int vlan1 [H3C-Vlan-interface1]packet-filter 3001 outbound若仅要阻止1.5或网段的telnet访问,则可以设置入站规则[H3C-acl-ipv4-adv-3002]rule 1 deny tcp source 192.168.1.5 0 destination-port eq 23 [H3C-Vlan-interface1]packet-filter 3002 inbound{dotted startColor="#ff6c6c" endColor="#1989fa"/}端口隔离参考连接:https://blog.csdn.net/weixin_34110749/article/details/92738677(特别注明:模拟器中端口隔离功能不起作用)[H3C]port-isolate group 2 [H3C]int g1/0/1 [H3C-GigabitEthernet1/0/1]port-isolate enable group 2 [H3C-GigabitEthernet1/0/1]int g1/0/2 [H3C-GigabitEthernet1/0/2]port-isolate enable group 2 [H3C-GigabitEthernet1/0/2]quit [H3C]dis port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2{dotted startColor="#ff6c6c" endColor="#1989fa"/}IRF堆叠LACP-MAD检测参考链接:https://blog.csdn.net/qq_45662411/article/details/105983636开启前,堆叠线断开后两设备都成为master在线,影响网络运行;开启后,LACP-MAD协议会控制在线的成员关闭端口,只保留一个master,防止网络冲突。IRF设备配置: [master]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [master-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [master-Bridge-Aggregation2]mad enable #开启mad检测 [master-Bridge-Aggregation2]quit #退出接口视图 [master]int range g1/0/1 g2/0/1 #同时进入这两个接口 [master-if-range]port link-aggregation group 2 #将他们加入到这个接口组2中 下层配置: [H3C]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [H3C-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [H3C-Bridge-Aggregation2]quit #退出接口视图 [H3C]int range g1/0/1 g1/0/2 #进入到这两个接口 [H3C-if-range]port link-aggregation group 2 #将这两个端口组加入到接口组2中{dotted startColor="#ff6c6c" endColor="#1989fa"/}AP三层上线所属VLAN配置DHCP Option43option43格式简要说明: 80 07 00 00 01 02 02 02 02 80:固定值,不用改变; 07:长度字段,其后面所跟数据的字节长度; 00 00:固定值,不用改变; 01:表示后面的IP地址的个数,此处为一个IP地址; 02 02 02 02:IP地址转换工具https://tool.520101.com/wangluo/jinzhizhuanhuan/dhcp server ip-pool vlan5 gateway-list 192.168.1.1 network 192.168.1.0 mask 255.255.255.0 dns-list 114.114.114.114 option 43 hex 800700000103030302本地转发性能更高更灵活,通过AC管理。AP接口如果是access,则ap和客户端在同一个VLAN。AP接口如果是trunk,则可以分别配置VLAN。{dotted startColor="#ff6c6c" endColor="#1989fa"/}UEFI PXE网络启动dhcp server ip-pool test gateway-list 192.168.1.254 network 192.168.1.0 mask 255.255.255.0 bootfile-name \\Boot\\x64\\wdsmgfw.efi #传统引导为\\Boot\\x64\\wdsnbp.com dns-list 114.114.114.114 next-server 192.168.100.100 #WDS服务器学习实验 acl策略PVID路由口端口汇聚堆叠、汇聚、ospf静态路五机堆叠三机堆叠
2023年08月17日
840 阅读
0 评论
4 点赞
2023-08-08
0基础上手python3编程,多进程交换机配置自动备份软件
架构图 通过多线程telnet备份交换机配置并企业微信通知备份结果,生成log日志,速度飞快;配置文件均通过json定义预览 系统组成 由两个文件组成 swnetmiko.py swnetmiko.jsonnetmiko项目主页http://ktbyers.github.io/netmiko/如H3C交换机telnet代码为"device_type" : "hp_comware_telnet"代码 swnetmiko.pyfrom multiprocessing import Pool import os,json,time,requests,redis,multiprocessing,codecs from netmiko import ConnectHandler def get_config(): config = json.loads(open("swnetmiko.json", encoding='utf-8').read()) #读取配置文件 return config def post_weixin(stats): #发送微信 url = swnetmiko_config['weixin']['url'] body = { "msgtype": "news", "news": { "articles": [ { "title": swnetmiko_config['weixin']['title'], "description": tianqi()+yiyan()+stats, "url": swnetmiko_config['weixin']['url2'], "picurl": swnetmiko_config['weixin']['picurl'] } ] }} response = requests.post(url, json=body) print(response.text) print(response.status_code) def yiyan(): try: url = 'https://v1.hitokoto.cn/?c=d&c=k' response = requests.get(url) res = json.loads(response.text) text1 = res['hitokoto'] if res['from'] == None: text2 = "" else: text2 = res['from'] if res['from_who'] == None: text3 = "" else: text3 = res['from_who'] return text1 + " " + text2 + " " + text3 + "\n\n" except: return "一言API故障\n\n" def tianqi(): try: response2 = requests.get(swnetmiko_config['weatherapi']) data1 = json.loads(response2.text) data2 = json.dumps(data1['now']) data2 = json.loads(data2) data3 = "环境温度" + data2['temp'] + " 体感温度" + data2['feelsLike'] + " 天气状况 " + data2[ 'text'] + "\n风向 " + data2['windDir'] + " 风力等级" + data2['windScale'] + " 风速" + data2[ 'windSpeed'] + " 湿度" + data2['humidity'] + " 能见度" + data2['vis'] + "公里\n\n" return data3 except: return "天气API故障\n\n" dirpath = os.path.abspath('.') # 配置运行目录为当前目录 nowtime = time.strftime("%Y%m%d", time.localtime()) # 获取当前日期 try: os.mkdir(dirpath + "/" + nowtime) print("创建当日目录") except: print("当日目录已存在") nowdir = (dirpath + "/" + nowtime) print(nowdir) swnetmiko_config = get_config() # 读取配置文件 readredis = redis.Redis(connection_pool=redis.ConnectionPool(host=swnetmiko_config['redis']['host'], port=swnetmiko_config['redis']['port'], password=swnetmiko_config['redis']['password'], decode_responses=swnetmiko_config['redis']['decode'])) def sw_save(swconfig): #保存交换机配置 try: net_connect = ConnectHandler(**swconfig) output = net_connect.send_command("dis cu") print(swconfig['ip']+" OK") readredis.set(swconfig['ip'], "success") saveconfig = codecs.open(nowdir +'/'+ swconfig['ip'] +".conf", 'w+', encoding='utf-8') saveconfig.write(output) saveconfig.close() except: print(swconfig['ip'] + " NO") readredis.set(swconfig['ip'], "fail") if __name__ == '__main__': total = 0 fail = 0 weixindata = "" readredis.flushall() print("初始化redis数据库") #multiprocessing.freeze_support() #防止windows无限创建进程 multi_process = int(swnetmiko_config["multi-process"]) with Pool(multi_process) as p: p.map(sw_save, swnetmiko_config["data"]) for key in swnetmiko_config["data"]: if readredis.get(key["ip"]) == "fail": weixindata = weixindata + (key["ip"]+" 网络或账号密码错误\n") fail = fail + 1 total = total + 1 weixinpost = "总计巡检:"+str(total)+"台"+",故障交换机:"+str(fail)+"台\n"+weixindata post_weixin(weixinpost) flog = codecs.open(nowdir + "/" + nowtime + ".log", 'w', encoding='utf-8') flog.write(weixinpost) flog.close() print("程序执行完成")config.json{ "multi-process" : "4", "weatherapi" : "qweather.com申请api", "weixin" : { "url" : "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用自己的", "title": "交换机巡检多线程版", "url2": "90apt.com", "picurl": "用自己的图片" }, "redis" : { "host": "自己的redis数据库IP", "port": "端口", "password": "密码", "decode": "True" }, "data" : [ {"device_type" : "hp_comware_telnet" , "ip" : "172.16.1.1" , "username" : "admin" , "password" : "passwd" , "port" : "23"}, {"device_type" : "hp_comware_telnet" , "ip" : "172.16.1.2" , "username" : "admin" , "password" : "passwd" , "port" : "23"} ] }配置定时任务crontab 每天早上7:30巡检30 7 * * * cd /root/swbackup/;python3.11 /root/swbackup/swnetmiko.py总结 简单
2023年08月08日
129 阅读
0 评论
0 点赞
1
2
...
16