IT-Orz Network Emulator Blog

2010年8月31日星期二

DTP-Dymanic Trunking Protocol

DTP模式介紹
1. 手動指定
╠switchport mode access (手動指定為Access)
╠switchport mode trunk (手動指定為Trunk)
╚switchport nonegotiate (關閉協商)
2. 動態協商
╠switchport mode dynamic auto (被動協商) (預設值)
╚switchport mode dynamic desitable (主動協商)

注意
兩端點設備的" VTP Domain "需一致方能進行動態協商，手動指定則無此限制

DTP協商關係一覽表

	Dynamic Auto (自動協商) (被動)	Dynamic Desirable (自動協商) (主動)	Trunk (手動指定)	Access (手動指定)
Dynamic Auto (自動協商) (被動)	Access	Trunk	Trunk	Access
Dynamic Desirable (自動協商) (主動)	Trunk	Trunk	Trunk	Access
Trunk (手動指定)	Trunk	Trunk	Trunk	不建議
Access (手動指定)	Access	Access	不建議	Access

設定範例
DTP trunk mode in L3 Switch
1. 指定封裝模式

(conf-int)#switchport trunk encapsulation [do1q | isl ]
2. 指定DTP模式
(conf-int)#switchport mode trunk
3. 指定允許通過的VLAN

(conf-int)#switcgport trunk allow vlan 1-10
4. 指定不被允許通過的VLAN (除了…其他都允許)
(conf-int)#switchport trink allow vlan except 1-10

DTP trunk mode in L2 Switch
1. 指定DTP模式

(conf-int)#switchport mode trunk

DTP access mode

1. 指定DTP模式
(conf-int)#switchport mode access
2. 指定允許通過的VLAN
(conf-int)#switchport access vlan 10

DTP dynamic auto mode (被動協商) (預設值)
1. 指定DTP模式
(conf-int)#switchport mode dynamic auto

DTP dynamic desirable mode (主動協商)
1. 指定DTP模式
(conf-int)#switchport mode dynamic Desirable

DTP nonegotiate mode (關閉協商)
1. 指定DTP模式
(conf-int)#switchport mode dynamic Desirable

2010年7月27日星期二

透過esxcfg或vicfg指令集設定VMware ESXi 4.1 vSwitch & dvSwitch

Single vSwitch Topology

Single dvSwich Topology

Single Cisco Nexus 1000v Topology

Multiple dvSwitch Topology

Hybrid vSwitch & dvSwitch Topology

Hybrid vSwitch & Cisco Nexus 1000v Topology

顯示現有的網卡狀態
esxcfg-nics -l

顯示現有的vSwitch狀態
esxcfg-vswitch -l

顯示現有的vmknic狀態
esxcfg-vmknic -l

vSwitch設定
Step1 建立vSwitch
新增vSwitch
esxcfg-vswitch -a "vSwitch Name"
ex: esxcfg-vswitch -a vSwitch0

刪除vSwitch
esxcfg-vswitch -d "vSwitch Name"
ex: esxcfg-vswitch -d vSiwtch0

Step2 將實體網卡與vSwitch做連結
將vmnic0增加到vSwitch上
esxcfg-vswitch –L "網卡名稱" "vSwitch Name"
ex: esxcfg-vswitch -L vmnic0 vSwitch0

將vmnic0從vSwitch上移除
esxcfg-vswitch -U "網卡名稱" "vSwitch Name"
ex: esxcfg-vswitch -U vmnic0 vSwitch0

Step3 建立vSwitch上的Port Group
新增Port Group到vSwitch上
esxcfg-vswitch -A "vSwitch Port Group Name" "vSwitch Name"
ex: esxcfg-vswitch -A vSwitch-PG vSwitch0

刪除vSwitch上的Port Group
esxcfg-vswitch -D "vSwitch Port Group Name" "vSwitch Name"
ex: esxcfg-vswitch -D vSwitch-PG vSwitch0

Step4 新增IP到vSwitch上的Port Group
新增VMkernel的IP到vSwitch上
esxcfg-vmknic -a –i "IP位址" -n "子網路遮罩" "vSwitch Port Group Name"
ex: esxcfg-vmknic -a -i 192.168.1.1 -n 255.255.255.0 vSwitch-PG

移除vSwitch上的VMkernel
esxcfg-vmknic –d "VMkernel網卡" "vSwitch Name"
ex: esxcfg-vmknic -d vmk0 vSwitch0

dvSwitch設定
Step1 透過vSphere Client連線到vCenter建立dvSwitch

Step2 透過vSphere Client連線到vCenter建立dvSwitch上的Port Group

Step3 透過vSphere Client連線到vCenter的Host上透過升級方式將vSwitch移轉到dvSwitch上

當設定錯誤導致無法連線時,可直接於Host透過下列指令對dvSwitch做調整
將實體網卡與vSwitch做連結
將vmnic0增加到dvSwitch上
esxcfg-vswitch -P "網卡名稱" "dvSwitch Name"
ex: esxcfg-vswitch –P vmnic0 dvSwitch0

將實體網卡從dvSwitch上移除
esxcfg-vswitch -Q "網卡名稱" -V "dvSwitch Port ID" "dvSwitch Name"
ex: esxcfg-vswitch -Q vmnic0 -V 100 dvSwitch0

新增IP到dvSwitch上的Port Group
新增VMkernel的IP到dvSwitch上
esxcfg-vmknic -a -i "IP位址" -n "子網路遮罩" -s "dvSwitch Name" -v "dvSwitch Port ID"
ex: esxcfg-vmknic -a -i 172.16.1.1 -n 255.255.255.0 -s dvSwitch0 -v 100

移除dvSwitch上的VMkernel
esxcfg-vmknic –d "VMKernel網卡名稱" -s "dvSwitch Name" -v "dvSwitch Port ID"
ex: esxcfg-vmknic -d vmk0 -s dvSwitch0 -v 100

參考文件 vSphere Command-Line Interface Installation and Scripting Guide

2010年7月8日星期四

Frame-Relay EEK & PPP over Frame-Relay

Topology

NET檔案

 CONFIG檔案

R1
!
!Basic Setting
conf t
hostname R1
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.1.1.1 255.255.255.0
no sh
!
int s 0/0
ip add 10.0.1.1 255.255.255.0
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
frame-relay interface-dlci 102
frame-relay interface-dlci 103
frame-relay map ip 10.0.1.1 102 broadcast
frame-relay map ip 10.0.1.2 102 broadcast
frame-relay map ip 10.0.1.3 103 broadcast
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

R2
!
!Basic Setting
conf t
hostname R2
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.2.2.2 255.255.255.0
no sh
!
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
no ip add
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0.201 point-to-point
ip add 10.0.1.2 255.255.255.0
no frame-relay inverse-arp
frame-relay interface-dlci 201
no sh
!
int s 0/0.203 point-to-point
no frame-relay inverse-arp
frame-relay interface-dlci 203
no sh
end
!
!Frame-Relay EEK Setting
conf t
map-class frame-relay EEK
frame-relay end-to-end keepalive mode bidirectional
end
!
conf t
int s 0/0.203 point-to-point
frame-relay interface-dlci 203
class EEK
end
!
!PPP Over Frame-Relay Setting
conf t
int s 0/0.203
frame-relay interface-dlci 203 ppp virtual-template 1
int virtual-template 1
ip add 10.0.23.2 255.255.255.0
no sh
!
!fix PPP over Frame-Relay IGP prefix error
conf t
int virtual-template 1
no peer neighbor-route
end
!
!fix ppp over Frame-Relay ping self error
conf t
int virtual-template 1
ppp multilink
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

R3
!
!Basic Setting
conf t
hostname R3
logging console
no ip domain-lookup
end
!
!Basic IP Setting
conf t
int lo 0
ip add 10.3.3.3 255.255.255.0
no sh
!
int s 0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
no ip add
no sh
end
!
!Frame-Relay Setting
conf t
int s 0/0.301 point-to-point
ip add 10.0.1.3 255.255.255.0
no frame-relay inverse-arp
frame-relay interface-dlci 301
no sh
!
int s 0/0.302 point-to-point
no frame-relay inverse-arp
frame-relay interface-dlci 302
no sh
end
!
!Frame-Relay EEK Setting
conf t
map-class frame-relay EEK
frame-relay end-to-end keepalive mode bidirectional
end
!
conf t
int s 0/0.302 point-to-point
frame-relay interface-dlci 302
class EEK
end
!
!PPP Over Frame-Relay Setting
conf t
int s 0/0.302
frame-relay interface-dlci 302 ppp virtual-template 1
int virtual-template 1
ip add 10.0.23.3 255.255.255.0
no sh
end
!
!fix PPP over Frame-Relay IGP prefix error
conf t
int virtual-template 1
no peer neighbor-route
end
!
!fix ppp over Frame-Relay ping self error
conf t
int virtual-template 1
ppp multilink
end
!
!Basic Dynamic Routing Setting
conf t
router eigrp 100
passive-interface lo 0
network 10.0.0.0
no auto
end

FR
!
!Basic Setting
conf t
hostname FR
logging console
no ip domain-lookup
end
!
!Frame-Relay Switching Setting
conf t
frame-relay switching
int s 1/1
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface s 1/2 201
frame-relay route 103 interface s 1/3 301
no sh
int s 1/2
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface s 1/1 102
frame-relay route 203 interface s 1/3 302
no sh
int s 1/3
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 301 interface s 1/1 103
frame-relay route 302 interface s 1/2 203
no sh
end

show指令
show ip int brief
show frame-relay lmi
show frame-relay pvc
show frame-relay map
show frame-relay route
show frame-relay end-to-end keepalive
show interface virtual-access 1
show ip route
show ip eigrp neighbor
show interface s 0/0
show ip interface s 0/0

debug指令
debug ppp negotiation
debug frame-relay adjacency

參考文件
Troubleshooting: IP Addressing Tricks & Tips Using PPP

Frame Relay Switch Configuration

2010年7月5日星期一

透過AVG指令模式來替即時通訊/下載軟體掃毒

1. 安裝AVG Free防毒軟體主程式載點

2. 開啟文字編輯器並將下列程式碼貼上，另存檔案成AvgScan.bat
然後將該檔案存放到"C:\Program Files\AVG\AVG9\"下

@echo off
"C:\Program Files\AVG\AVG9\avgscanx.exe" /SCAN=%1 /HEUR /ARC /PUP /CLEAN

3. 開啟即時通訊軟體或下載軟體的防毒過濾設定頁面，並將指定透過下列路徑掃毒即可!!

範例
MSN
"C:\Program Files\AVG\AVG9\AvgScan.bat"

FlashGet
"C:\Program Files\AVG\AVG9\AvgScan.bat"

FireFox download statusbar
防毒軟體位置 "C:\Program Files\AVG\AVG9\avgscanx.exe"
參數 /SCAN=%1 /HEUR /ARC /PUP /CLEAN

2010年6月24日星期四

虛擬化版本與功能比較表

VMWare Vsphere

Citrix Xen Server

Citrix vs VMWare 版本與功能對應比較表

Citrix vs VMWare 價格比較表

範例一

範例二

2010年6月20日星期日

Lab 6-2 Using the AS_PATH Attribute

Topology

GNS檔案

SanJose
!
!Step 0: Basic Setting
conf t
hostname SanJose
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/0
ip add 192.168.1.5 255.255.255.252
no sh
int lo 0
ip add 201.0.0.1 255.255.255.0
no sh
end
!
!Step 2: Configure BGP
conf t
router bgp 100
neighbor 192.168.1.6 remote-as 300
network 201.0.0.0
end

ISP
!
!Step 0: Basic Setting
conf t
hostname ISP
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/0
ip add 192.168.1.6 255.255.255.252
no sh
int s 0/1
ip add 172.24.1.17 255.255.255.252
no sh
int lo 0
ip add 202.0.0.1 255.255.255.0
no sh
end
!
!Step 2: Configure BGP
conf t
router bgp 300
neighbor 192.168.1.5 remote-as 100
neighbor 172.24.1.18 remote-as 65000
network 202.0.0.0
end
!
!Step 3: Remove the Private AS
conf t
router bgp 300
neighbor 192.168.1.5 remove-private-as
end
!
!Step 4: Use the AS_PATH Attribute to Filter Routes
conf t
!過濾AS-Path字元為開始100結束
ip as-path access-list 1 deny ^100$
!允許AS-Path字元為一個字元+任意字元 = i 或 i xxx
ip as-path access-list 1 permit .*
end
!將產生好的as-path acl 套用到往172.24.1.18的更新上(OUT)
conf t
router bgp 300
neighbor 172.24.1.18 filter-list 1 out
end

CustRtr
!
!Step 0: Basic Setting
conf t
hostname CustRtr
no ip domain-lookup
end
!
!Step 1: IP Addressing
conf t
int s 0/1
ip add 172.24.1.18 255.255.255.252
no sh
int lo 0
ip add 203.0.0.1 255.255.255.0
no sh
!
!Step 2: Configure BGP
conf t
router bgp 65000
neighbor 172.24.1.17 remote-as 300
network 203.0.0.0
end

show指令
show ip route
show ip bgp
show ip bgp neighbor
show ip bgp regexp ^100$

clear指令
clear ip bgp *
clear ip bgp 192.168.1.5 soft out
clear ip bgp 172.24.1.18 soft out

參考文件
Removing Private Autonomous System Numbers in BGP

Using Regular Expressions in BGP

Lab 6-1 Configuring BGP with Default Routing

Topology

GNS檔案

SanJose
!
!Step 0: Basic Setting
conf t
hostname SanJose
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/0
ip add 10.0.0.2 255.255.255.252
no sh
int s 0/1
ip add 172.16.0.2 255.255.255.252
no sh
int lo0
ip add 192.168.0.1 255.255.255.0
no sh
int lo1
ip add 192.168.1.1 255.255.255.0
no sh
end
!
!Step 3: Configure SanJose BGP
conf t
router bgp 100
neighbor 10.0.0.1 remote-as 200
neighbor 172.16.0.1 remote-as 300
network 192.168.0.0
network 192.168.1.0
end
!
!Step 4: Verify BGP on the SanJose Router
show ip bgp
!
!針對ISP1的lo0介面做shutdown
show ip bgp
show ip bgp neighbor
!
!Step 5: Filter Routes
conf t
access-list 192.168.0.0 0.0.1.255
end
!
conf t
router bgp 100
neighbor 10.0.0.1 distribute-list 1 out
neighbor 172.16.0.1 distribute-list 1 out
end
!
!Hardware Update BGP Session Out
clear ip bgp *
!
!Soft Update BGP Session Out
clear ip bgp 100 soft out
!
!Step 6: Configure the Primary and Backup Routes Using Floating Static Routes
conf t
ip route 0.0.0.0 0.0.0.0 10.0.0.1 210
ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end
!啟用extend ping (TargetIP 210.210.210.1, SourceIP 192.168.1.1)
ping
!
!Step 7: Configure Primary and Backup Routes Using Static Routes
conf t
no ip route 0.0.0.0 0.0.0.0 10.0.0.1 210
no ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end
!
!使用ip default-network指令來送出Default Gateway(Primary)
conf t
ip default-network 210.210.210.0
end
!設定Backup default route至172.16.0.1(Secondary)
conf t
ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
end

ISP1
!
!Step 0: Basic Setting
conf t
hostname ISP1
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/0
ip add 10.0.0.1 255.255.255.252
no sh
int lo0
ip add 12.0.1.1 255.255.255.0
no sh
end
!
!Step 2: Configure the ISPs
conf t
router bgp 200
neighbor 10.0.0.2 remote-as 100
network 12.0.1.0 mask 255.255.255.0
end
!
!Step 6: Configure the Primary and Backup Routes Using Floating Static Routes
conf t
int lo 100
ip add 210.210.210.1 255.255.255.0
no sh
end
Step 7: Configure Primary and Backup Routes Using Static Routes
conf t
router bgp 200
network 210.210.210.0
end
clear ip bgp 10.0.0.2

ISP2
!
!Step 0: Basic Setting
conf t
hostname ISP2
no ip domain-lookup
end
!
!Step 1: Assign IP Addresses
conf t
int s 0/1
ip add 172.16.0.1 255.255.255.252
no sh
int lo0
ip add 172.16.1.1 255.255.255.0
no sh
end
!
!Step 2: Configure the ISPs
conf t
router bgp 300
neighbor 172.16.0.2 remote-as 100
network 172.16.1.0 mask 255.255.255.0
end

show指令
show ip int brief
show ip route
show ip route bgp
show ip bgp

clear指令
clear ip bgp *
clear ip bgp 10.0.0.1 soft out
clear ip bgp 172.16.0.1 soft out

參考文件
Sample Configuration for BGP with Two Different Service Providers (Multihoming)

BGP Soft Reset Enhancement

訂閱：文章 (Atom)

2010年8月31日 星期二

2010年7月27日 星期二

2010年7月8日 星期四

2010年7月5日 星期一

2010年6月24日 星期四

2010年6月20日 星期日