首页
统计信息
友情链接
壁纸
Search
1
【更新】CommentToMail typecho2017&v4.1& Mailer三版本,支持php5.6/7,插件详解
157,924 阅读
2
CentOS 7安装bbr教程
12,660 阅读
3
纯小白10分钟变身linux建站高手?宝塔linux面板全体验
12,295 阅读
4
深信服超融合架构测试介绍
11,335 阅读
5
优秀的个人博客系统,typecho从入门到精通
7,455 阅读
技术相关
ACG相关
胡言乱语
数码杂烩
登录
Search
标签搜索
进击的巨人
漫画
宝塔
php
typecho
diy
vps
折腾
动漫
优酷路由宝
ubuntu
路由器
QQ
KMS
王忘杰
累计撰写
256
篇文章
累计收到
179
条评论
首页
栏目
技术相关
ACG相关
胡言乱语
数码杂烩
页面
统计信息
友情链接
壁纸
搜索到
224
篇与
的结果
2024-01-30
1Panel docker容器版-1分钟部署图片放大、无损压缩在线平台 MAX Image Resolution Enhancer & Squoosh
一、介绍Squoosh体积压缩95%,图片质量几乎不变,由谷歌开发MAX Image Resolution Enhancer,使用神经网络将图片放大4倍,由IBM公司开发二、一键部署Squooshdocker run -d --name squoosh -p 8000:80 hausen1012/squoosh:latest MAX Image Resolution Enhancerdocker run -d --name maximage -p 5000:5000 codait/max-image-resolution-enhancer 三、使用登录对应端口即可使用http://x.x.x.x:xxxx/四、小结哈哈哈
2024年01月30日
101 阅读
0 评论
0 点赞
2024-01-30
windows PC/服务器使用技巧、经验记录
1、关闭“幽灵”和“熔断”漏洞防护可恢复部分性能,有风险:https://www.grc.com/inspectre.htm2、Chrome开启多线程下载在地址栏输入 chrome://flags/,然后在搜索框中输入 Parallel downloading,选择enabled,重启Chrome3、如何在 Windows 上查看 HEIC 格式照片?https://www.microsoft.com/en-us/p/heif-image-extensions/9pmmsr1cgpwg?activetab=pivot:overviewtab4、win10自动登陆账号打开“设置-账户-登录选项”;取消“需要通过Windows Hello登录Microsoft账户”前面的复选框;点击桌面左下角的搜索栏,输入“netplwiz”,然后右侧点击“以管理员身份运行”;取消“要使用本计算机,用户必须输入用户名和密码”前面的复选框,并根据提示输入正确的账号名和密码;5、关闭休眠文件使用管理员运行cmd,执行:powercfg -h off 6、win10企业版无法访问共享文件夹首先我们按“window R键”打开运行窗口。在该窗口文本输入处输入“gpedit.msc”,这样本地组策略编辑器就能被启动。进入编辑器页面后,找到并点击页面左侧列的“计算机配置”。4.接着点击计算机配置下的“管理模板”选项。然后在管理模板下,依次点开“网络”-“Lanman工作站”。打开“Lanman工作站”后,在页面右侧列找到“启用不安全的来宾登录”。7.双击该选项,并选择“已启用”,再点击“确定”即可。启动不安全的来宾登录7、WIN10 添加自动启动程序无效的解决方案将启动项目加入Hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run或放入开机启动目录 运行-shell:Common Startup8、WPS右键无新建doc、xls等快捷方式重置插件,重新注册9、使加域的计算机具备本地管理员权限使用本地管理员登录计算机,在本地管理员组中加入域用户10、win11右键管理员菜单样式j经典 reg add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve x新版 reg delete "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}" /f11、命令行禁用UACC:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f 0为禁用 1为默认12、win11任务栏展开https://github.com/valinet/ExplorerPatcher/releases13、windows查看wifi无线信号强度netsh wlan show interfaces14、解决FTP因windows防火墙拦截的方法防火墙放行 windows-system32-svchost.exe(windows服务主进程)15、windows远程桌面登录提示内部错误Error Code 0x4微软论坛搜索https://social.technet.microsoft.com/Forums/en-US/f7ed9049-36a5-4def-90f8-14ebb70e6671/error-code-0x4新建注册表项Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server MaxOutstandingConnections DWORD 300016、一键修改远程桌面端口、开放防火墙、开启ping回显REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Remote Assistance" /v "fAllowToGetHelp" reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v "PortNumber" /t REG_DWORD /d "0xf3b6" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber" /t REG_DWORD /d "0xf3b6" /f net stop TermService /y net start TermService /y netsh advfirewall firewall add rule name="secrdp" dir=in action=allow protocol=TCP localport=62390 netsh advfirewall firewall add rule name="_Ping" dir=in protocol=icmpv4 action=allow17、配置windows计划任务运行 任务计划程序常规-不管用户是否登录等要运行常规-使用最高权限运行每天每2分钟运行一次触发器操作-启动程序设置-如果此任务已经运行,以下规则适用:停止现有实例18、windows重置SIDC:\Windows\System32\Sysprep勾选通用,等待重启即可
2024年01月30日
442 阅读
0 评论
4 点赞
2024-01-30
1Panel docker容器版-1分钟部署WEB在线IT工具箱
一、介绍IT-Tools是一款开源的个人工具箱,专为IT从业人员打造,支持Docker私有化部署,包含众多实用的IT工具。其功能丰富多样,涵盖二维码生成、数据格式转换、MAC地址生成等,可满足用户多样化的需求。二、部署1、一键部署docker run -d --name it-tools --restart=always -p 8080:80 corentinth/it-tools:latest2、1Panel面板部署应用商店一键部署三、使用访问即可http://x.x.x.x:8080/四、小结好好好
2024年01月30日
158 阅读
0 评论
0 点赞
2024-01-30
1Panel docker容器版-1分钟部署WEB在线流程图软件Draw.io
一、介绍Draw.io是一款免费、开源、高质量的WEB在线流程图软件,无需注册登录,支持多种图表类型和元素,可在线编辑和导出。二、部署1、一键部署docker run -dit --name=drawio -p 8080:8080 \ -v drawiojs:/usr/local/tomcat/webapps/draw/js/ \ --restart=always jgraph/drawio2、1Panel面板部署应用商店安装三、使用通过网页http协议访问,使用中文打开 /?lang=zhhttp://x.x.x.x:8080/?lang=zh支持中文四、小结好好好
2024年01月30日
102 阅读
0 评论
0 点赞
2024-01-30
1Panel docker容器版-1分钟部署 WEB在线网页版Telnet SSH工具sshwifty
一、介绍 sshwifty是一款Web SSH & Telnet(WebSSH & WebTelnet 客户端工具。可以在客户机没有SSH&Telnet客户端的情况下方便的进行远程。二、部署 命令一键部署1、生成证书全程回车即可在当前目录生成证书openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 90 -out domain.crt2、一键运行在当前目录运行docker run --detach \ --restart always \ --publish 8182:8182 \ --env SSHWIFTY_DOCKER_TLSCERT="$(cat domain.crt)" \ --env SSHWIFTY_DOCKER_TLSCERTKEY="$(cat domain.key)" \ --name sshwifty \ niruix/sshwifty:latest3、查看状态三、使用 通过映射的8182端口,https协议访问如https://x.x.x.x:8182/选择ssh或telnet访问即可四、小结 好好好
2024年01月30日
142 阅读
0 评论
0 点赞
2024-01-29
搭建家庭服务器1-ESXi7安装、ALMA9安装、1Panel面板安装
一、安装ESXi7我使用的是联想M710Q I3-6100T 8G 240Gssd的小主机使用Ventoy U盘启动ESXi7的安装镜像修改虚拟内存大小,ESXi7默认使用120G硬盘做虚拟内存,我们改小点,我改成2G引导倒计时按Shift+O出现 cdromBoot runweasel输入autoPartitionOSDataSize=5120代表5G安装系统安装完成将F12将服务器关机,插到家里的路由器上,通过IP连接即可登陆成功二、ALMA9安装下载最小化安装镜像上传到ESXi7中新建系统并安装通过ssh远程登陆更新系统,安装open-vm-tools三、安装1Panel面板安装docker,看我站内文章安装1Panel安装一个uptime完成本期教程先到这里
2024年01月29日
150 阅读
0 评论
4 点赞
2024-01-29
1Panel docker容器版-1分钟部署Stirling-PDF内网在线多功能PDF工具箱
一、介绍 这是一个强大的本地托管的基于 Web 的 PDF 操作工具,使用 docker,允许您对 PDF 文件执行各种操作,例如拆分、合并、转换、重组、添加图像、旋转、压缩等。这个本地托管的 Web 应用程序最初是 100% ChatGPT 制作的应用程序,现已发展到包含广泛的功能来满足您的所有 PDF 需求。Stirling PDF 不会为任何记录保存或跟踪进行呼出。所有文件和 PDF 要么仅存在于客户端,要么仅在任务执行期间驻留在服务器内存中,要么临时驻留在仅用于执行任务的文件中。届时,用户下载的任何文件都将从服务器中删除。二、部署 1、命令一键部署 docker run -d \ -p 8080:8080 \ -v /location/of/trainingData:/usr/share/tesseract-ocr/5/tessdata \ -v /location/of/extraConfigs:/configs \ -v /location/of/logs:/logs \ -e DOCKER_ENABLE_SECURITY=false \ --name stirling-pdf \ frooodle/s-pdf:latest2、1Panel面板部署暴露端口8080挂载卷pdfextraConfigs /configspdflogs /logspdftrainingData /usr/share/tesseract-ocr/5/tessdataCommand'java' '-Dfile.encoding=UTF-8' '-jar' '/app.jar'Entrypoint'/scripts/init.sh'重启规则 一直重启环境变量DOCKER_ENABLE_SECURITY=false PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOME=/home/stirlingpdfuser VERSION_TAG=0.20.1 JAVA_TOOL_OPTIONS= -XX:MaxRAMPercentage=75三、使用 访问容器映射的端口即可右上角选择语言,或着连接中增加语言,如:http://x.x.x.x:8080/?lang=zh_CN四、小结 狠狠的赋能!
2024年01月29日
198 阅读
0 评论
1 点赞
2024-01-25
1Panel docker容器版-1分钟部署wg-easy面板、wireguard可视化管理
一、介绍 1、两个客户端建立加密通道通过wireguard服务器对两个隔离的客户端建立加密通道2、建立VPN通道客户端连接服务端后,通过服务器连接外网3、其他用法二、部署 1、启动依赖的网络模块modprobe ip_tables && modprobe iptable-nat需要开机启动,需要将命令写入rc.local2、命令行启动容器docker run -d \ --name=wg-easy \ -e WG_HOST=YOUR_SERVER_IP \ -e PASSWORD=YOUR_ADMIN_PASSWOR \ -e WG_DEFAULT_ADDRESS=10.0.0.x \ -e WG_DEFAULT_DNS=114.114.114.114 \ -e WG_PERSISTENT_KEEPALIVE=30 \ -e WG_ALLOWED_IPS=10.0.0.0/24 \ -v ~/.wg-easy:/etc/wireguard \ -p 51820:51820/udp \ -p 51821:51821/tcp \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --sysctl="net.ipv4.ip_forward=1" \ --restart=always \ weejewel/wg-easy注释:name=容器名字WG_HOST=服务器IP,一般填写外网IPPASSWORD=wg-easy面板密码WG_DEFAULT_ADDRESS=10.0.0.x 客户端获取IP10.0.0.1-254WG_ALLOWED_IPS=10.0.0.0/24 通过WG访问的网段,如果要全部流量转发WG设置0.0.0.0/0,特定网段逗号间隔 192.168.0.0/24,192.168.1.0/24-v ~/.wg-easy:/etc/wireguard 持久化51820:51820/udp WG工作端口51821:51821/tcp wg-easy面板端口3、使用1Panel面板配置WG映射端口,挂载卷Command'/usr/bin/dumb-init' 'node' 'server.js'Entrypoint'docker-entrypoint.sh'环境变量WG_HOST=172.16.0.2 PASSWORD=passwd@123 WG_DEFAULT_ADDRESS=192.168.123.x WG_DEFAULT_DNS=114.114.114.114 WG_PERSISTENT_KEEPALIVE=30 WG_ALLOWED_IPS=192.168.1.0/24,192.168.2.0/24 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NODE_VERSION=14.18.1 YARN_VERSION=1.22.15 DEBUG=Server,WireGuard启动容器三、使用 1、登陆面板2、创建配置3、客户端导入配置4、连接后,查看IP为服务器IP四、小结 好好好
2024年01月25日
121 阅读
0 评论
1 点赞
2024-01-18
windows单域多站点部署、桥头服务器、DNS就近解析
一、系统架构 二、实验目的 总部在cn,在us成立分公司,部署内部专线,域数据实时同步浪费带宽,改为每15分钟同步一次,cn和us内部人员就近解析DNS。三、实验参数 windows2022系统域 90apt.comcn 172.16.13.0/24dc-cn-1 172.16.13.11 cn域控1 桥头服务器dc-cn-2 172.16.13.12 cn域控2cn-kehu DHCP获取IP cn客户机 自动获取IPus 172.16.14.0/24dc-us-1 172.16.14.11 us域控1 桥头服务器dc-us-2 172.16.14.12 us域控2us-kehu DHCP获取IP us客户机 自动获取IP四、部署过程 1、四台域控安装配置,加域90apt.com全部加域后,所有域控主机均在同一默认站点,互相复制2、创建两个新站点CN和US,将域控分别移动到对应的站点中3、新建子网,将对应子网分配给对应站点4、设置桥头服务器dc-cn-1和dc-us-15、设置跨站点复制时间默认180分钟6、调整复制对象如dc-cn-2为内部服务器,仅与dc-cn-1复制7、查看同步状态repadmin /replsummary五、验证 1、DNS解析顺序cn-kehu查看90apt的解析IPus-kehu查看90apt的解析IP2、AD复制验证1 同站点快速复制cn域控新建一个 "哈哈" 用户,新建用户或改密码等操作会快速复制,cn另一台域控查看用户同时建立2 跨站点定时复制立即在us域控查看,无此用户20分钟后再次刷新查看,"哈哈" 用户出现3 手动复制若要尽快进行跨站点同步,可以手动选择立即复制,注意,域控复制需要时间,数据越多越慢六、小结 好好好
2024年01月18日
180 阅读
0 评论
3 点赞
2024-01-18
windows域环境推送时间同步
一、域控新建策略计算机策略需要配置在计算机的OU中,不能放在用户组OU中二、编辑策略1、全局配置设置2、启用windows NTP客户端3、配置windows NTP客户端三、配置完成一段时间后,策略会同步到所有计算机上
2024年01月18日
48 阅读
0 评论
0 点赞
2024-01-18
H3C华三交换机学习笔记
软件名称:HCL_Setup_V5.9.0发布日期:2023/7/13 9:29:22{anote icon="" href="https://www.h3c.com/cn/Service/Document_Software/Software_Download/Other_Product/H3C_Cloud_Lab/Catalog/HCL/" type="secondary" content="下载地址"/} 模拟器bug注意!注意!不要调整模拟器内设备的内存,极易造成设备出bug,比如路由器内存调小后,自己ping自己都不通!https://zhiliao.h3c.com/questions/dispcont/8085“配置没问题,端口也up了,也ping不通自己,是因为hcl路由器或交换机的内存不能人为的调小于520M,调成350M就容易出问题”{dotted startColor="#ff6c6c" endColor="#1989fa"/}基础命令:进入系统视图<H3C>system-view 路由追踪[H3C]tracert 更改主机名[H3C]hostname Switch1 显示详细路由追踪信息 [H3C]ip ttl-expires enable [H3C]ip unreachables enable 保存[H3C]save 重启<H3C>reboot 查看接口信息[H3C]display interface brief 查看详细配置文件[H3c]display current-cohnfiguration 查看OSPF信息[SwitchA]display ospf peer verbose 查看SN序列号display device manuinfo display counters inbound interface display counters outbound interface 查询所有接口包速率 开启NTP时间同步,同步需要几分钟 [H3C]dis clock 04:06:38.180 UTC Sat 01/05/2013 [H3C]sntp enable [H3C]sntp unicast-server 172.16.21.246 [H3C]display sntp sessions SNTP server Stratum Version Last receive time 11.22.33.44 4 4 Sat, Jan 5 2013 4:07:40.856 查看交换机时间 [H3C]dis clock 08:11:36.223 UTC Mon 04/25/2022 关闭LLDP PVID检查 lldp ignore-pvid-inconsistency 打开LLDP PVID检查 undo lldp ignore-pvid-inconsistency 通过IP和MAC地址查找所在交换机1、查看本机IP和MAC地址以太网适配器 以太网: 描述. . . . . . . . . . . . . . . : Realtek PCIe GbE Family Controller 物理地址. . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX IPv4 地址 . . . . . . . . . . . . : 172.XX.X.XXX(首选)2、登录VLAN网关,查看IP和MAC地址查看IP MAC对应关系dis arp | include 172.XX.X.XXX 172.XX.X.XXX xxxx-xxxx-xxxx 18 BAGG1 852 D查看MAC所在接口dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned BAGG1 Y3、查看接口下联交换机IP查看接口与端口绑定关系dis cu查看接口下lldp信息dis lldp n v4、依次登录下层交换机,最终确定接口所在交换机dis mac-addr | include xxxx-xxxx-xxxx xxxx-xxxx-xxxx 18 Learned GE1/0/43 Y 查看接口STP报文数量,其中G1/0/5口异常 <H3C>display stp tc -------------- STP slot 1 TC or TCN count ------------- MST ID Port Receive Send 0 Bridge-Aggregation1 1 34537 0 Bridge-Aggregation2 109 9708 0 GigabitEthernet1/0/1 10 458 0 GigabitEthernet1/0/2 29 1580 0 GigabitEthernet1/0/3 0 18213 0 GigabitEthernet1/0/4 0 18243 0 GigabitEthernet1/0/5 1496 8417 0 GigabitEthernet1/0/6 0 18225 0 GigabitEthernet1/0/7 423 17148 0 GigabitEthernet1/0/8 3 3856 0 GigabitEthernet1/0/9 36 18298 0 GigabitEthernet1/0/10 0 18277 0 GigabitEthernet1/0/17 185 34206 0 GigabitEthernet1/0/18 0 34535 0 GigabitEthernet1/0/20 0 206 0 GigabitEthernet1/0/21 0 34535 0 GigabitEthernet1/0/23 0 34536 0 GigabitEthernet1/0/24 0 3306 查看交换机日志 <H3C>dis logbuffer 查看邻居信息 <H3C>dis lldp neighbor-information list Chassis ID : * -- -- Nearest nontpmr bridge neighbor # -- -- Nearest customer bridge neighbor Default -- -- Nearest bridge neighbor System Name Local Interface Chassis ID Port ID XX GE1/0/1 70c6-ddb5-905e 70c6-ddb5-9087 XX GE1/0/2 6ce5-f71b-0754 GigabitEthernet1/0/28 XX GE1/0/3 9ce8-955a-b540 GigabitEthernet1/0/28 XX GE1/0/4 1cab-3479-2220 1cab-3479-2220 XX GE1/0/5 6ce5-f71b-904c GigabitEthernet1/0/28 H3C GE1/0/6 3c8c-4010-1f3e GigabitEthernet1/0/26 查看邻居详细信息 <S-151-04>dis lldp neighbor-information verbose LLDP neighbor-information of port 1[GigabitEthernet1/0/1]: LLDP agent nearest-bridge: LLDP neighbor index : 1 Update time : 46 days, 6 hours, 59 minutes, 31 seconds Chassis type : MAC address Chassis ID : 70c6-ddb5-905e Port ID type : MAC address Port ID : 70c6-ddb5-9087 Time to live : 121 Port description : GigabitEthernet1/0/28 Interface System name : S-178-01 System description : H3C Comware Platform Software, Software Version 7.1.070, Release 6328P03 H3C S5130S-28P-HPWR-EI Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. Al l rights reserved. System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 169.254.144.94 Management address interface type : IfIndex Management address interface ID : 635 Management address OID : 0 dis process cpu 查看进程对于CPU的使用率。 dis process memory 查看进程对于内存使用率 dis cpu-usage 查看CPU使用率。 dis memory 查询内存使用率。 display fan 查看风扇 display power 查看电源 dis device 查看板卡状态 display logbuffer 查看设备日志 display environment 查看温度 dis counter rate inbound interface 查看接口进方向的使用率 dis counter rate outbound interface 查看接口出方向的使用率 dis int | inc rate 查看接口历史使用率 dis int | inc sec 查看接口历史使用率及出入方向的字节 dis int gi 1/0/1 查看接口最近300秒使用率 子接口配置,一个VLAN配置多个IP interface Vlan-interface X ip address 172.16.1.1 255.255.252.0 ip address 172.16.2.1 255.255.252.0 sub ip address 172.16.3.1 255.255.252.0 sub 包转发利用率 1.查看接口进方向的使用率:dis counter rate inbound interface 2.查看接口出方向的使用率:dis counter rate outbound interface 3.查看接口历史使用率:dis int | inc rate 4.查看接口历史使用率及出入方向的字节:dis int | inc sec 5、查看接口最近300秒使用率:dis int gi 1/0/1 修改风扇旋转反向 fan prefer-direction slot 1 port-to-power 查看风扇状态 dis fan 查看MAC地址震荡、环路排查 dis mac-address mac-move 典型环路状态 dis mac-address mac-move MAC address VLAN Current port Source port Last time Times f6f6-0002-17d7 19 GE1/0/5 GE1/0/2 2024-01-02 17:00:33 922161 f6f6-0004-1d53 19 GE1/0/7 GE1/0/3 2024-01-02 17:00:39 941803 f6f6-0002-17d7 19 GE1/0/2 GE1/0/5 2024-01-02 17:00:34 922342 f6f6-0004-1d53 19 GE1/0/3 GE1/0/7 2024-01-02 17:00:38 941803 查看STP接口状态 dis stp brief 配置STP边缘节点,只适用于三层接口,稳定STP网络 interface GigabitEthernet1/0/5 port access vlan 19 stp edged-port 配置STP主根桥,减少网STP收敛络震荡 stp instance 0 root primary 配置端口速率 interface GigabitEthernet1/0/13 port access vlan 21 speed 100 清除配置,恢复出厂 <H3C>reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y #选择Y确认 <H3C>reboot Start to check configuration with next startup configuration file, please wait.........DONE! Current configuration may be lost after the reboot, save current configuration? [Y/N]:n #N选择不保存 This command will reboot the device. Continue? [Y/N]:y #Y确认重启 关闭日志 关闭终端上下线日志分为以下几种情况 (1)通过console的方式登录时 info-center source STAMGR console deny info-center source WLANAUD console deny (2)通过telnet的方式登录时 info-center source STAMGR monitor deny info-center source WLANAUD monitor deny 以上两种情况互不影响。这两种方式只是在总控制台不显示用户上下线的日志信息,但设备的logbuffer里还是记录的,如果想要在logbuffer也不记录日志,需采取以下两种命令关闭: info-center source STAMGR logbuffer deny info-center source WLANAUD logbuffer deny 如关闭DHCP日志 info-center source DHCPS logbuffer deny 配置日志服务器 info-center loghost 172.16.21.111 {dotted startColor="#ff6c6c" endColor="#1989fa"/}环路检测排查 查看CPU使用率dis cpu查看MAC漂移dis mac-address mac-move查看STP接口状态dis stp brief查看lldp状态dis lldp neighbor-information list dis lldp neighbor-information verbose环路检测配置 https://www.h3c.com/cn/d_202308/1905729_30005_0.htm#_Ref470192304loopback-detection global enable vlan { vlan-id-list | all } 全局开启环路检测 interface interface-type interface-number 进入二层以太网接口/二层聚合接口视图 loopback-detection enable vlan { vlan-id-list | all } 在端口上开启环路检测功能 loopback-detection global action shutdown 全局配置环路检测的处理模式 interface interface-type interface-number 进入接口视图 loopback-detection action { block | no-learning | shutdown } 在端口上配置环路检测的处理模式 loopback-detection interval-time interval 配置检测间隔时间 display loopback-detection 显示环路检测的配置和运行情况查询AP上线离线掉线时间 网络-操作-无线配置-AP管理-详情基础配置-上线/离线/版本下载时间2023-07-15 13:23:29二层端口模式 参考链接:https://blog.51cto.com/shyln/2087240 a)access端口 发送(从交换机内部往外发送): 带有vlan tag:删除tag后,发送 不带vlan tag:不可能出现 接收: 带有vlan tag:若该tag等于该access端口的pvid,则可以接收,进入交换机内部 不带vlan tag:添加该access端口的pvid,进入交换机内部 b)trunk端口(允许发送native VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag:若tag等于该trunk端口的pvid,则删除tag后发送;否则保留tag直接发送 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该trunk端口的pvid,进入交换机内部 c)hybrid端口(允许发送多个VLAN数据的时候,可以不加tag) 发送(从交换机内部往外发送): 带有vlan tag: 是否带tag进行发送,取决于用户配置(用户可以配置tagged list,untagged list) 不带vlan tag:不可能出现 接收: 带有vlan tag:保留该tag,进入交换机内部 不带vlan tag:添加该hybrid端口的pvid,进入交换机内部{dotted startColor="#ff6c6c" endColor="#1989fa"/}模拟傻瓜交换机 思路,创建全部vlan,端口启用untag。vlan 2 to 4000 #批量创建vlan interface GigabitEthernet1/0/1 #进入接口 port link-type hybrid #接口类型hybrid port hybrid vlan 1 to 4000 untagged #撕掉vlan标签{dotted startColor="#ff6c6c" endColor="#1989fa"/}配置telnet参考链接https://jingyan.baidu.com/article/1876c852517425890b1376d2.html给VLAN1配置IP[H3C-Vlan-interface1]ip address 192.168.56.254 255.255.255.0 [H3C-Vlan-interface1]quit配置VTY(Virtual Teletype Terminal)虚拟终端接口的认证方式 [H3C]user-interface vty 0 4 [H3C-line-vty0-4]authentication-mode scheme //进行本地或远端用户名和口令认证。即AAA认证 //关于认证,一共有三种认证方式 //password 本地口令认证; //scheme 本地或远端用户名和口令认证; //none 不认证; [H3C-line-vty0-4]quit 本地用户的创建与配置 [H3C]local-user admin //设置创建本地认证的用户名 [H3C-luser-manage-admin]password simple 123456 //设置明文密码,使用命令查看当前配置时 //密码会以哈希加密后显示 图3 [H3C-luser-manage-admin]authorization-attribute user-role level-15 #开启最高权限或authorization-attribute user-role network-admin [H3C-luser-manage-admin]service-type telnet //用户作用于telnet服务 [H3C-luser-manage-admin]quit [H3C]telnet server enable //开启telnet 服务 [H3C]save //保存配置 {dotted startColor="#ff6c6c" endColor="#1989fa"/}静态路由[R1]int g0/0 #进入接口或者vlan [R1-GigabitEthernet0/0]ip add 192.168.1.1 24 #设置接口IP [R1]ip route-static 192.168.2.0 24 192.168.1.2 #为目标网段设置网关{dotted startColor="#ff6c6c" endColor="#1989fa"/}普通DHCP配置路由1<H3C>sys #系统视图 [H3C]int g0/0 #进入接口 [H3C-GigabitEthernet0/0]ip add 192.168.1.1 24 #配置IP [H3C-GigabitEthernet0/1]int g0/1 [H3C-GigabitEthernet0/1]ip add 192.168.2.1 24路由2<H3C>sys [H3C]int g0/0 [H3C-GigabitEthernet0/0]ip add 192.168.2.2 24路由1[route1]dhcp server ip-pool 1 #设置DHCP地址池 [route1-dhcp-pool-1]network 192.168.0.1 mask 255.255.255.0 #地址范围为192.168.0.0/24网段的ip地址 [route1-dhcp-pool-1]gateway-list 192.168.0.1 #网关地址为192.168.0.1 [route1-dhcp-pool-1]dns-list 192.168.0.1 #DNS服务器地址也为192.168.0.1 注意:这里设置的是一个网段的范围,在这个地址范围里可能这里面的某些地址不能够被分配出去。比如说网关的地址和一些指定的设备的ip地址。 [route1]dhcp server forbidden-ip 192.168.0.1 192.168.0.2 #不允许网关地址和DNS地址192.168.0.1分配被出去 [route1]dhcp enable #启动DHCP服务{dotted startColor="#ff6c6c" endColor="#1989fa"/}ospf配置:参考:https://blog.51cto.com/14219797/2402420配置接口IP:SwitchB<H3C>sys #进入系统视图 [H3C]hostname SwitchB #主机名重命名 [SwitchB]vlan 200 进入vlan200 [SwitchB-vlan100]port g 1/0/1 #指定vlan200端口 [SwitchB-vlan100]quit [SwitchB]vlan 300 进入vlan300 [SwitchB-vlan200]port g 1/0/2 #指定vlan300端口 [SwitchB-vlan200]quit [SwitchB]inter vlan 200 #进入vlan200 [SwitchB-Vlan-interface100]ip add 10.1.1.2 24 #设定IP [SwitchB-Vlan-interface100]quit [SwitchB]inter vlan 300 #进入vlan300 [SwitchB-Vlan-interface200]ip add 10.2.1.1 24 #设定IP [SwitchB-Vlan-interface200]quit配置OSPF协议:<SwitchB> system-view #进入系统视图 [SwitchB] router id 10.2.1.1 #设定唯一标识 [SwitchB] ospf #进入ospf设置 [SwitchB-ospf-1] area 0 #配置区域0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 #通告网络,子网掩码为反码 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 #配置区域 [SwitchB-ospf-1-area-0.0.0.2] network 10.2.1.0 0.0.0.255 #通告网络 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quitSwitchA 的 OSPF 邻居:[SwitchA]display ospf peer verbose OSPF Process 1 with Router ID 10.1.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface200)'s neighbors Router ID: 10.2.1.1 Address: 10.1.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 31 sec Neighbor is up for 00:37:39 Authentication sequence: [ 0 ] Neighbor state change count: 6 BFD status: Disabled Area 0.0.0.1 interface 10.3.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.2 Address: 10.3.1.2 GR state: Normal State: Full Mode: Nbr is master Priority: 1 DR: 10.3.1.1 BDR: 10.3.1.2 MTU: 0 Options is 0x42 (-|O|-|-|-|-|E|-) Dead timer due in 39 sec Neighbor is up for 00:36:50 Authentication sequence: [ 0 ] Neighbor state change count: 5 BFD status: DisabledSwitchA 的 OSPF 路由信息:[SwitchA]display ospf routing OSPF Process 1 with Router ID 10.1.1.1 Routing Table Topology base (MTID 0) Routing for network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 2 Inter 10.1.1.2 10.2.1.1 0.0.0.0 10.3.1.0/24 1 Transit 0.0.0.0 10.1.1.1 0.0.0.1 10.1.1.0/24 1 Transit 0.0.0.0 10.2.1.1 0.0.0.0 Total nets: 3 Intra area: 2 Inter area: 1 ASE: 0 NSSA: 0SwitchC到SwitchD进行测试连通性:[SwitchC]ping 10.2.1.2 Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.2.1.2: icmp_seq=0 ttl=253 time=1.651 ms 56 bytes from 10.2.1.2: icmp_seq=1 ttl=253 time=1.567 ms 56 bytes from 10.2.1.2: icmp_seq=2 ttl=253 time=1.465 ms 56 bytes from 10.2.1.2: icmp_seq=3 ttl=253 time=1.431 ms 56 bytes from 10.2.1.2: icmp_seq=4 ttl=253 time=2.635 msSwitchC到SwitchD进行路由追踪:[SwitchC]tracert 10.2.1.2 traceroute to 10.2.1.2 (10.2.1.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 10.3.1.1 (10.3.1.1) 1.438 ms 0.424 ms 0.418 ms 2 10.1.1.2 (10.1.1.2) 1.481 ms 1.221 ms 0.695 ms 3 10.2.1.2 (10.2.1.2) 1.073 ms 1.087 ms 0.923 ms{dotted startColor="#ff6c6c" endColor="#1989fa"/}VLAN隔离:参考链接:https://blog.51cto.com/14220513/2367688http://www.023wg.com/vlan/132.htmlhttp://www.h3c.com/cn/d_200809/615974_30005_0.htm配置SwitchA:<SwitchA> system-view #系统视图 [SwitchA] vlan 100 [SwitchA-vlan100] port ge1/0/2 #添加端口 [SwitchA-vlan100] quit [SwitchA] vlan 200 [SwitchA-vlan100] port ge1/0/3 #添加端口 [SwitchA-vlan100] quit [SwitchA] interface ge1/0/1 #进入端口 [SwitchA-GigabitEthernet1/0/1] port link-type trunk #设置trunk模式 [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 100 200 #允许VLAN100 200通过输入display vlan 100 和display vlan200 查看配置:[SwtichA]display vlan 100 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 [SwtichA]display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/3{dotted startColor="#ff6c6c" endColor="#1989fa"/}MSTP多生成树MSTP默认开启,可手动配置最佳路径参考链接:https://www.cnblogs.com/aqicheng/p/13824682.html每个交换机创建vlan10 vlan20[H3C]vlan 10 [H3C-vlan10]vlan 20 [H3C-vlan20]int g1/0/1 [H3C-GigabitEthernet1/0/1]port link-type trunk #所有接口设置trunk模式 [H3C-GigabitEthernet1/0/1]port trunk permit vlan all #允许所有vlan通过 [H3C-GigabitEthernet1/0/1]int g 1/0/2 [H3C-GigabitEthernet1/0/2]port link-type trunk [H3C-GigabitEthernet1/0/2]port trunk permit vlan all [H3C-GigabitEthernet1/0/2]quit [H3C]hostname sw3设置区域[sw3]stp region-configuration [sw3-mst-region]region-name h3c #区域命名 [sw3-mst-region]instance 1 vlan 10 #vlan10划入1组 [sw3-mst-region]instance 2 vlan 20 #vlan20划入2组 [sw3-mst-region]active region-configuration #激活配置 [sw3-mst-region]display this #查看以上配置 # stp region-configuration region-name h3c instance 1 vlan 10 instance 2 vlan 20 active region-configuration # return调整根桥[sw1]stp instance 1 root primary #sw1设置为组1的根桥 [sw2]stp instance 2 root primary #sw2设置为组2的根桥查看结果<sw1>display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 DESI FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/3 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 ROOT FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/3 DESI FORWARDING NONE [sw2]display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 1 GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 DESI FORWARDING NONE 2 GigabitEthernet1/0/1 DESI FORWARDING NONE 2 GigabitEthernet1/0/2 DESI FORWARDING NONE{dotted startColor="#ff6c6c" endColor="#1989fa"/}VRRP虚拟路由冗余协议参考链接:https://www.cnblogs.com/hukey/p/13071447.html配置心跳线双线冗余[SW1]int Bridge-Aggregation 1 #创建接口聚合 [SW1]int g1/0/2 [SW1-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW1-GigabitEthernet1/0/2]int g1/0/3 [SW1-GigabitEthernet1/0/3]port link-aggregation group 1 [SW1]int Bridge-Aggregation 1 [SW1-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW1-Bridge-Aggregation1]port trunk permit vlan all [SW2]int Bridge-Aggregation 1 #创建链路聚合 [SW2]int g1/0/2 [SW2-GigabitEthernet1/0/2]port link-aggregation group 1 #端口加入链路聚合 [SW2-GigabitEthernet1/0/2]int g1/0/3 [SW2-GigabitEthernet1/0/3]port link-aggregation group 1 [SW2]int Bridge-Aggregation 1 [SW2-Bridge-Aggregation1]port link-type trunk #端口允许所有vlan通过 [SW2-Bridge-Aggregation1]port trunk permit vlan all查看绑定状态[sw1]dis int Bridge-Aggregation bri Brief information on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 UP 2G(a) F(a) T 1配置vlanSW3对应SW2和SW1的两个端口配置trunk,对应客户机的端口配置vlan [SW3]vlan 10 [SW3-vlan10]port g1/0/1 [SW3]int range g1/0/2 to g1/0/3 [SW3-if-range]port link-type trunk [SW3-if-range]port trunk permit vlan 10 20 [SW1]vlan 10 #创建vlan [SW1-vlan10]vlan 20 #创建vlan [SW1-vlan0]int g1/0/1 [SW1-GigabitEthernet1/0/1]port link-type trunk [SW1-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW1-GigabitEthernet1/0/1]int vlan 10 #进入vlan10 [SW1-Vlan-interface10]ip add 10.0.10.253 24 #设置IP [SW1-Vlan-interface10]int v20 #进入vlan20 [SW1-Vlan-interface20]ip add 10.0.20.253 24 #设置IP [SW1]dis ip int bri [sw1]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.253 -- Vlan20 up up 10.0.20.253 -- [SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2-vlan20]int g1/0/1 [SW2-GigabitEthernet1/0/1]port link-type trunk [SW2-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW2-GigabitEthernet1/0/1]int v10 [SW2-Vlan-interface10]ip add 10.0.10.252 24 [SW2-Vlan-interface10]int v20 [SW2-Vlan-interface20]ip add 10.0.20.252 24 [SW2]dis ip int bri *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description MGE0/0/0 down down -- -- Vlan10 up up 10.0.10.252 -- Vlan20 up up 10.0.20.252 --配置VRRP配置vlan10的vrrp [SW1]int v10 #进入vlan10 [SW1-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 #配置虚拟地址 [SW1-Vlan-interface10]vrrp vrid 10 priority 105 # 配置vrrp权重,默认为100 如果要设置master则大于100即 [SW1]track 10 int Bridge-Aggregation 1 # 配置心跳线为聚合链路 [SW2]int v10 [SW2-Vlan-interface10]vrrp vrid 10 virtual-ip 10.0.10.254 [SW2]track 10 int Bridge-Aggregation 1 配置vlan20的vrrp [SW1]int v20 [SW1-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW1]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [SW2]int v20 [SW2-Vlan-interface20]vrrp vrid 20 virtual-ip 10.0.20.254 [SW2-Vlan-interface20]vrrp vrid 20 priority 105 #设置为vlan20的master [SW2]track 20 int Bridge-Aggregation 1 #配置心跳线为聚合链路 [sw1]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Master 105 100 None 10.0.10.254 Vlan20 20 Backup 100 100 None 10.0.20.254 [sw2]dis vrrp IPv4 virtual router information: Running mode : Standard Total number of virtual routers : 2 Interface VRID State Running Adver Auth Virtual pri timer(cs) type IP --------------------------------------------------------------------- Vlan10 10 Backup 100 100 None 10.0.10.254 Vlan20 20 Master 105 100 None 10.0.20.254{dotted startColor="#ff6c6c" endColor="#1989fa"/}堆叠参考链接:CSDN博主「猫先生的早茶」的原创文章https://blog.csdn.net/qq_43017750/article/details/89323450注意!1、配置前必须移除两路由间连接线2、全部配置完成后,连线,次路由会自动重启master交换机#sys #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 1 priority 32 #配置irf成员优先级,32为最高,默认是1 #irf-port 1/1 #进入irf端口1/1 #port group interface Ten-GigabitEthernet 1/0/49 #加入当前irf端口 #port group interface Ten-GigabitEthernet 1/0/50 #port group interface Ten-GigabitEthernet 1/0/51 #port group interface Ten-GigabitEthernet 1/0/52 #quit #irf-port-configuration active #激活irf配置 #interface range Ten-GigabitEthernet 1/0/49 to Ten-GigabitEthernet 1/0/52 #批量管理端口 #undo shutdown #启动端口 #save #保存standby交换机的命令#sys #irf member 1 renumber 2 #当前irf成员id重命名为2 #quit #reboot #sys #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #shutdown #关闭端口 #quit #irf member 2 priority 1 #配置当前irf成员id2的优先级为1 #irf-port 2/2 #进入irf端口2/2 #port group interface Ten-GigabitEthernet 2/0/49 #加入当前irf #port group interface Ten-GigabitEthernet 2/0/50 #port group interface Ten-GigabitEthernet 2/0/51 #port group interface Ten-GigabitEthernet 2/0/52 #quit #irf-port-configuration active #激活irf #interface range Ten-GigabitEthernet 2/0/49 to Ten-GigabitEthernet 2/0/52 #批量管理端口 #undo shutdown #启动端口 #quit #save验证:[sw1]dis irf MemberID Role Priority CPU-Mac Description *+1 Master 32 30e7-b21f-0104 --- 2 Standby 1 30e7-bae6-0204 ---{dotted startColor="#ff6c6c" endColor="#1989fa"/}链路聚合原文链接:https://blog.csdn.net/VictoryKingLIU/article/details/79560157静态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose动态聚合模式<H3C>system-view [H3C]int Bridge-Aggregation 1 [H3C-Bridge-Aggregation1]link-aggregation mode dynamic [H3C-Bridge-Aggregation1]quit [H3C]int GigabitEthernet 1/0/1 [H3C-GigabitEthernet1/0/1]port link-aggregation group 1 [H3C-GigabitEthernet1/0/1]int GigabitEthernet 1/0/2 [H3C-GigabitEthernet1/0/2]port link-aggregation group 1 [H3C-GigabitEthernet1/0/2]int GigabitEthernet 1/0/3 [H3C-GigabitEthernet1/0/3]port link-aggregation group 1 [H3C]dis link-aggregation verbose{dotted startColor="#ff6c6c" endColor="#1989fa"/}pvid 不同VLAN间通讯SW1: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 100 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 100 port trunk pvid vlan 100 combo enable fiber # SW2: interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 200 combo enable fiber # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 200 port trunk pvid vlan 200 combo enable fiber # {dotted startColor="#ff6c6c" endColor="#1989fa"/}ACL控制规则[H3C]acl basic 2000 #创建基础规则 [H3C-acl-ipv4-basic-2000]rule deny source 192.168.1.2 0 #编写规则内容,阻止来自192.168.1.2的包 [H3C-acl-ipv4-basic-2000]int g1/0/1 #进入接口 [H3C-GigabitEthernet1/0/1]packet-filter 2000 inbound #应用规则 inbound入站 outbound出站在本案例中,若要禁止192.168.1.1访问2,需要在G1/0/1应用 outbound出站规则,这样数据包在抵达2并返回到接口时会被阻止;要禁止全体访问2,则需要在G1/0/2应用inbound入站规则,这样数据包从2出发并经过接口时会被阻止。端口控制若要阻止vlan1所有telnet访问,则可以在vlan1中设置出站规则[H3C]acl advanced 3001 [H3C-acl-ipv4-adv-3001]rule 1 deny tcp source-port eq 23 [H3C-acl-ipv4-adv-3001]int vlan1 [H3C-Vlan-interface1]packet-filter 3001 outbound若仅要阻止1.5或网段的telnet访问,则可以设置入站规则[H3C-acl-ipv4-adv-3002]rule 1 deny tcp source 192.168.1.5 0 destination-port eq 23 [H3C-Vlan-interface1]packet-filter 3002 inbound{dotted startColor="#ff6c6c" endColor="#1989fa"/}端口隔离参考连接:https://blog.csdn.net/weixin_34110749/article/details/92738677(特别注明:模拟器中端口隔离功能不起作用)[H3C]port-isolate group 2 [H3C]int g1/0/1 [H3C-GigabitEthernet1/0/1]port-isolate enable group 2 [H3C-GigabitEthernet1/0/1]int g1/0/2 [H3C-GigabitEthernet1/0/2]port-isolate enable group 2 [H3C-GigabitEthernet1/0/2]quit [H3C]dis port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2{dotted startColor="#ff6c6c" endColor="#1989fa"/}IRF堆叠LACP-MAD检测参考链接:https://blog.csdn.net/qq_45662411/article/details/105983636开启前,堆叠线断开后两设备都成为master在线,影响网络运行;开启后,LACP-MAD协议会控制在线的成员关闭端口,只保留一个master,防止网络冲突。IRF设备配置: [master]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [master-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [master-Bridge-Aggregation2]mad enable #开启mad检测 [master-Bridge-Aggregation2]quit #退出接口视图 [master]int range g1/0/1 g2/0/1 #同时进入这两个接口 [master-if-range]port link-aggregation group 2 #将他们加入到这个接口组2中 下层配置: [H3C]int Bridge-Aggregation 2 #创建一个名为2的聚合端口组 [H3C-Bridge-Aggregation2]link-aggregation mode dynamic #将此端口组的模式改为动态 [H3C-Bridge-Aggregation2]quit #退出接口视图 [H3C]int range g1/0/1 g1/0/2 #进入到这两个接口 [H3C-if-range]port link-aggregation group 2 #将这两个端口组加入到接口组2中{dotted startColor="#ff6c6c" endColor="#1989fa"/}AP三层上线所属VLAN配置DHCP Option43option43格式简要说明: 80 07 00 00 01 02 02 02 02 80:固定值,不用改变; 07:长度字段,其后面所跟数据的字节长度; 00 00:固定值,不用改变; 01:表示后面的IP地址的个数,此处为一个IP地址; 02 02 02 02:IP地址转换工具https://tool.520101.com/wangluo/jinzhizhuanhuan/dhcp server ip-pool vlan5 gateway-list 192.168.1.1 network 192.168.1.0 mask 255.255.255.0 dns-list 114.114.114.114 option 43 hex 800700000103030302本地转发性能更高更灵活,通过AC管理。AP接口如果是access,则ap和客户端在同一个VLAN。AP接口如果是trunk,则可以分别配置VLAN。{dotted startColor="#ff6c6c" endColor="#1989fa"/}UEFI PXE网络启动dhcp server ip-pool test gateway-list 192.168.1.254 network 192.168.1.0 mask 255.255.255.0 bootfile-name \\Boot\\x64\\wdsmgfw.efi #传统引导为\\Boot\\x64\\wdsnbp.com dns-list 114.114.114.114 next-server 192.168.100.100 #WDS服务器学习实验 acl策略PVID路由口端口汇聚堆叠、汇聚、ospf静态路五机堆叠三机堆叠
2024年01月18日
1,191 阅读
0 评论
4 点赞
2024-01-11
ESP32-wifi MPython dth11 activeMQ MQTT温湿度采集 嵌入式开发 物联网 边缘计算
一、介绍 本项目采用ESP32开发板,每X秒采集一次DTH11温湿度传感器数据,通过ESP32自带WIFI,经MQTT协议传送给ActiveMQ中间件,便于后续开发和使用。二、材料介绍 ESP32 CP2102 带WIFI 22元DTH11 4元透明防水塑料壳 8元MicroUSB电源线 5元三、ActiveMQ服务器配置 我这里使用docker一键部署ActiveMQ,并将MQTT端口映射到1883端口四、硬件安装 将DTH11的正负连接ESP32的3.3V和GND针脚,数据连接至D13针脚五、代码开发 1、ESP32刷写为MPython开发环境2、新建main.py,此脚本ESP32上电即会自动运行main.py 主程序import random from machine import Pin, SPI import time,machine import dht11,network,mrequests from umqtt.simple import MQTTClient import ujson MQTT_CLIENT_ID = f'python-mqtt-{random.randint(0, 1000)}' MQTT_BROKER = "10.0.10.129" MQTT_USER = "" MQTT_PASSWORD = "" MQTT_TOPIC = "mqtt001" wlan = network.WLAN(network.STA_IF) wlan.active(True) dht = dht11.DHT11(Pin(13)) print("Connecting to MQTT server... ", end="") client = MQTTClient(MQTT_CLIENT_ID, MQTT_BROKER, user=MQTT_USER, password=MQTT_PASSWORD) print("Connected!") while True: if wlan.isconnected() == False: print("connect WiFi") try: wlan.connect('WiFissid','wifipassword') except: print("wifi false") #pass else: dht.measure() try: client.connect() message = ujson.dumps({ "temp": dht.temperature(), "humidity": dht.humidity(), }) #print("Reporting to MQTT topic {}: {}".format(MQTT_TOPIC, message)) client.publish(MQTT_TOPIC, message) print("mqtt push ok") client.disconnect() except: print("mqtt push not ok") #pass time.sleep(3)dth11.py DTH11传感器支持库 # DHT11/DHT22 driver for MicroPython on ESP8266 # MIT license; Copyright (c) 2016 Damien P. George try: from esp import dht_readinto except: from pyb import dht_readinto class DHTBase: def __init__(self, pin): self.pin = pin self.buf = bytearray(5) def measure(self): buf = self.buf dht_readinto(self.pin, buf) if (buf[0] + buf[1] + buf[2] + buf[3]) & 0xff != buf[4]: raise Exception("checksum error") class DHT11(DHTBase): def humidity(self): return self.buf[0] def temperature(self): return self.buf[2] class DHT22(DHTBase): def humidity(self): return (self.buf[0] << 8 | self.buf[1]) * 0.1 def temperature(self): t = ((self.buf[2] & 0x7f) << 8 | self.buf[3]) * 0.1 if self.buf[2] & 0x80: t = -t return t mrequests.py 一个比自带的requests更好用的网络库"""A HTTP client module for MicroPython with an API similar to requests.""" import sys try: import socket except ImportError: import usocket as socket MICROPY = sys.implementation.name == "micropython" MAX_READ_SIZE = 4 * 1024 def encode_basic_auth(user, password): from ubinascii import b2a_base64 auth_encoded = b2a_base64(b"%s:%s" % (user, password)).rstrip(b"\n") return {b"Authorization": b"Basic %s" % auth_encoded} def head(url, **kw): return request("HEAD", url, **kw) def get(url, **kw): return request("GET", url, **kw) def post(url, **kw): return request("POST", url, **kw) def put(url, **kw): return request("PUT", url, **kw) def patch(url, **kw): return request("PATCH", url, **kw) def delete(url, **kw): return request("DELETE", url, **kw) def parse_url(url): port = None host = None # str.partition() would be handy here, # but it's not supported on the esp8266 port delim = url.find("//") if delim >= 0: scheme, loc = url[:delim].rstrip(':'), url[delim+2:] else: loc = url scheme = "" psep = loc.find("/") if psep == -1: if scheme: host = loc path = "/" else: path = loc elif psep == 0: path = loc else: path = loc[psep:] host = loc[:psep] if host: hsep = host.rfind(":") if hsep > 0: port = int(host[hsep + 1 :]) host = host[:hsep] return scheme or None, host, port, path class RequestContext: def __init__(self, url, method=None): self.redirect = False self.method = method or "GET" self.scheme, self.host, self._port, self.path = parse_url(url) if not self.scheme or not self.host: raise ValueError("An absolute URL is required.") @property def port(self): return self._port if self._port is not None else 443 if self.scheme == "https" else 80 @property def url(self): return "%s://%s%s" % ( self.scheme, self.host if self._port is None else ("%s:%s" % (self.host, self.port)), self.path, ) def set_location(self, status, location): if status in (301, 302, 307, 308): self.redirect = True elif status == 303 and self.method != "GET": self.redirect = True if self.redirect: scheme, host, port, path = parse_url(location) if scheme and self.scheme == "https" and scheme != "https": self.redirect = False return if status not in (307, 308) and self.method != "HEAD": self.method = "GET" if scheme: self.scheme = scheme if host: self.host = host self._port = port if path.startswith("/"): self.path = path else: self.path = self.path.rsplit("/", 1)[0] + "/" + path class Response: def __init__(self, sock, sockfile, save_headers=False): self.sock = sock self.sf = sockfile self.encoding = "utf-8" self._cached = None self._chunk_size = 0 self._content_size = 0 self.chunked = False self.status_code = None self.reason = "" self.headers = [] if save_headers else None def read(self, size=MAX_READ_SIZE): if self.chunked: if self._chunk_size == 0: l = self.sf.readline() # print("Chunk line:", l) # ignore chunk extensions l = l.split(b";", 1)[0] self._chunk_size = int(l, 16) # print("Chunk size:", self._chunk_size) if self._chunk_size == 0: # End of message sep = sf.read(2) if sep != b"\r\n": raise ValueError("Expected final chunk separator, read %r instead." % sep) return b"" data = self.sf.read(min(size, self._chunk_size)) self._chunk_size -= len(data) if self._chunk_size == 0: sep = self.sf.read(2) if sep != b"\r\n": raise ValueError("Expected chunk separator, read %r instead." % sep) return data else: if size: return self.sf.read(size) else: return self.sf.read(self._content_size) def save(self, fn, chunk_size=1024): read = 0 with open(fn, "wb") as fp: while True: remain = self._content_size - read if remain <= 0: break chunk = self.read(min(chunk_size, remain)) read += len(chunk) if not chunk: break fp.write(chunk) self.close() def _parse_header(self, data): if data[:18].lower() == b"transfer-encoding:" and b"chunked" in data[18:]: self.chunked = True # print("Chunked response detected.") elif data[:15].lower() == b"content-length:": self._content_size = int(data.split(b":", 1)[1]) # print("Content length: %i" % self._content_size) # overwrite this method, if you want to process/store headers differently def add_header(self, data): self._parse_header(data) if self.headers is not None: self.headers.append(data) def close(self): if not MICROPY: self.sf.close() self.sf = None if self.sock: self.sock.close() self.sock = None self._cached = None @property def content(self): if self._cached is None: try: self._cached = self.read(size=None) finally: self.sock.close() self.sock = None return self._cached @property def text(self): return str(self.content, self.encoding) def json(self): import ujson return ujson.loads(self.content) def request( method, url, data=None, json=None, headers={}, auth=None, encoding=None, response_class=Response, save_headers=False, max_redirects=1, timeout=None, ): if auth: headers.update(auth if callable(auth) else encode_basic_auth(auth[0], auth[1])) if json is not None: assert data is None import ujson data = ujson.dumps(json) ctx = RequestContext(url, method) while True: if ctx.scheme not in ("http", "https"): raise ValueError("Protocol scheme %s not supported." % ctx.scheme) ctx.redirect = False # print("Resolving host address...") ai = socket.getaddrinfo(ctx.host, ctx.port, 0, socket.SOCK_STREAM) ai = ai[0] # print("Creating socket...") sock = socket.socket(ai[0], ai[1], ai[2]) sock.settimeout(timeout) try: # print("Connecting to %s:%i..." % (ctx.host, ctx.port)) sock.connect(ai[-1]) if ctx.scheme == "https": try: import ssl except ImportError: import ussl as ssl # print("Wrapping socket with SSL") create_ctx = getattr(ssl, 'create_default_context', None) if create_ctx: sock = create_ctx().wrap_socket(sock, server_hostname=ctx.host) else: sock = ssl.wrap_socket(sock, server_hostname=ctx.host) sf = sock if MICROPY else sock.makefile("rwb") sf.write(b"%s %s HTTP/1.1\r\n" % (ctx.method.encode("ascii"), ctx.path.encode("ascii"))) if not b"Host" in headers: sf.write(b"Host: %s\r\n" % ctx.host.encode()) for k, val in headers.items(): sf.write(k if isinstance(k, bytes) else k.encode('ascii')) sf.write(b": ") sf.write(val if isinstance(val, bytes) else val.encode('ascii')) sf.write(b"\r\n") if data and ctx.method not in ("GET", "HEAD"): if json is not None: sf.write(b"Content-Type: application/json") if encoding: sf.write(b"; charset=%s" % encoding.encode()) sf.write(b"\r\n") sf.write(b"Content-Length: %d\r\n" % len(data)) sf.write(b"Connection: close\r\n\r\n") if data and ctx.method not in ("GET", "HEAD"): sf.write(data if isinstance(data, bytes) else data.encode(encoding or "utf-8")) if not MICROPY: sf.flush() resp = response_class(sock, sf, save_headers=save_headers) l = b"" i = 0 while True: l += sf.read(1) i += 1 if l.endswith(b"\r\n") or i > MAX_READ_SIZE: break # print("Response: %s" % l.decode("ascii")) l = l.split(None, 2) resp.status_code = int(l[1]) if len(l) > 2: resp.reason = l[2].rstrip() while True: l = sf.readline() if not l or l == b"\r\n": break if l.startswith(b"Location:"): ctx.set_location(resp.status_code, l[9:].strip().decode("ascii")) # print("Header: %r" % l) resp.add_header(l) except OSError: sock.close() raise if ctx.redirect: # print("Redirect to: %s" % ctx.url) sock.close() max_redirects -= 1 if max_redirects < 0: raise ValueError("Maximum redirection count exceeded.") else: break return resp 六、运行程序 上电直接运行,注意,代码可以去掉终端输出的print,防止ESP32内存溢出七、监测程序 登录ActiveMQ查看mqttserver.py 在任意电脑上订阅数据# python3.6 import random import time from paho.mqtt import client as mqtt_client broker = '10.0.10.129' port = 1883 topic = "mqtt001" # generate client ID with pub prefix randomly client_id = f'python-mqtt-{random.randint(0, 100)}' def connect_mqtt() -> mqtt_client: def on_connect(client, userdata, flags, rc): if rc == 0: print("Connected to MQTT Broker!") else: print("Failed to connect, return code %d\n", rc) client = mqtt_client.Client(client_id) client.on_connect = on_connect client.connect(broker, port) return client def subscribe(client: mqtt_client): def on_message(client, userdata, msg): print(f"Received `{msg.payload.decode()}` from `{msg.topic}` topic "+time.asctime()) client.subscribe(topic) client.on_message = on_message def run(): client = connect_mqtt() subscribe(client) client.loop_forever() if __name__ == '__main__': run()八、小结 ESP32 MPython太强大了!
2024年01月11日
119 阅读
0 评论
0 点赞
1
2
3
...
19