- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
一、实验环境& N( ]: B5 r9 L+ Q( Z' M% W: R' n1 P
( b; A3 u- Q( M0 | {2 p6 J+ t
; ]- Q- S& Y5 g二、创建VLAN
1 a! U/ u' I+ @, q- J& ][huawei]sy AC1
# j% Y# s1 W& Z; R% T5 Z[AC1]un in en
/ x) M7 s. U* ]- b6 @[AC1]vlan batch 100 101 102 800
5 d0 L; d: Q0 i, J/ G$ P8 d% g' W8 r8 S, H" o$ o$ k y1 n+ u
interface GigabitEthernet0/0/3+ J! s8 K7 s8 J8 W
port link-type access
6 i, ~2 \6 v9 K4 c. M7 T, P: x# h9 m port default vlan 800" f# [0 w/ |2 J. P* b
q
$ c! D e* n7 j/ r
5 \5 j) h( Q' z+ q( A: q- @# W6 K( ^interface Vlanif800
' {5 b0 G( L) N5 }# q* g/ v- w ip address 192.168.240.1 255.255.255.2529 {" `3 R- M$ u R
q' l8 A' F, F1 x3 v
. ~9 t E8 m2 X! r! u3 n( w- u5 D" b
三、AP上线
0 [6 r7 J+ a% D$ {& OAP与AC之间打trunk。将管理vlan100设为trunk的本征vlan。6 k q0 k! G5 c) u: X
/ r: B; R7 e/ H- A( f! q1 I2 L g什么是本征vlan?
0 m) n, [2 k0 j( K D- ?; e/ C7 F. [! R
关于本征vlan的概念总是忘记,重新搜索了一下加深一下记忆,总结了几条:
2 k, [9 e) u- J5 u1、本征vlan默认是vlan1,并且是可以修改的,修改后,不加tag的帧全都送给本征vlan来在中继端口上传输;
& p- G) U$ `- K% F) ^7 Z2、交换机的access口是不存在本征vlan的概念的,这个概念只存在中继端口上;
& F# d9 [5 b7 j2 {0 o: b3、本来所有经过中继口上的帧都应该打上标记的,中继通过allow vlan *** 来放行相关vlan通行,但是交换机之间不管存在穿越帧,还存在交换机之间协商信息的帧,如果将这些帧打上tag,也就是那些交换机管理信息,那么这些信息传递到目的地,并不需要送往对应vlan中,而是让交换机接收的信息,那么这时候就需要本征vlan了,不打tag的帧全送到本征vlan进行传送;" H! Y* Z: y6 x# F; }- u7 {
4、本征vlan收到带tag的帧是会丢弃的。" D- G* ?6 A$ D- I. W
! B, N4 ?7 P1 L+ |# D- h% ?
默认情况下,Trunk 端口的缺省VLAN 为VLAN1。对 Trunk 端口,执行undo vlan 命令删除端口的缺省VLAN 后,端口的缺省VLAN 配置不会改变的,即使用已经不存在的VLAN 作为缺省VLAN。
$ M- q9 x$ k( f( ^4 {' N3 @% R8 s5 [( _# p7 d" [
interface GigabitEthernet0/0/1% _: y( }5 R& L4 b' X
port link-type trunk& ? O2 a& W9 A
port trunk pvid vlan 100 #将vlan100配置为本征vlan
& X) Z+ |: I; A* S) ~+ _ port trunk allow-pass vlan 100 to 101 #允许vlan100和vlan101通过
# H+ y# }8 [) P q! ~5 P' ]& h; h8 O! z
7 v( f. _5 l- w
interface GigabitEthernet0/0/2* R' r! D( f4 i7 ~* r4 a
port link-type trunk7 L6 v/ e' m. _$ z3 m! `. N' y
port trunk pvid vlan 100 #将vlan100配置为本征vlan( w/ e: z9 q$ R1 g' A' \
port trunk allow-pass vlan 100 to 102 #允许vlan100和vlan101通过* r' `% _% Z% _( @# J2 b5 J+ z
q! Q; N6 Y: K: e
0 i5 M( L" B& n: P4 w$ d注意事项:将vlan100配置为本征vlan,目的是使得AP发来的不打tag的DHCP请求报文,归为vlan100的流量,从而使得AP获取到IP地址。AP和AC之间交互的管理流量都是不打tag的。
2 b& m' t2 J+ p2 B' U/ I8 X4 f; l8 z* @5 j2 S7 b
查看一下vlan接口信息, }0 j ~6 y; d6 C4 L s/ r
6 j0 l, k7 f# f[AC1]dis port vlan3 g( a* y6 E2 f/ y6 b0 Q9 W
Port Link Type PVID Trunk VLAN List
+ ^! T, x' q% ^- m2 p-------------------------------------------------------------------------------
3 d1 f$ w! [- A' C+ jGigabitEthernet0/0/1 trunk 100 1 100-101
5 p; r t! k8 [$ MGigabitEthernet0/0/2 trunk 100 1 100-102) h/ G: }. E) o" O; H
GigabitEthernet0/0/3 access 800 - $ [1 Y* x" ~+ C/ F! k
GigabitEthernet0/0/4 hybrid 1 - / w! Y) V$ i1 \
GigabitEthernet0/0/5 hybrid 1 -
7 v3 T4 J, X3 l% r...; W4 K$ c; e/ e/ V* s# I1 ]
4 z7 B. L/ W, a
创建AP地址池
+ e0 D! m0 f6 d' t这里是基于接口的DHCP配置,用于给AP分配IP地址。' S2 i! i5 a3 Q9 a: a/ g0 X3 d
1 c% g0 }7 B5 S: d* P
dhcp enable' m% ?' u5 ]1 S t$ i
interface Vlanif100
) u& H( M' S; }1 Q9 h% Y' ]$ G ip address 192.168.100.1 255.255.255.0
- D* f! s7 ~+ U' j7 s dhcp select interface( ~& }) v6 n( Z; `' ]
dhcp server dns-list 114.114.114.114 8.8.8.8
$ _! Q- [' U. E/ n" M/ E7 b8 F6 A4 P0 ?5 N% N: _) ^; s# m% ? a4 I1 V4 i% U
验证AP上线, I8 T% Y* A2 O( ^
在AC上查看2 N7 X2 F9 V# G5 Q+ E
6 F- U2 z7 l. s+ a3 _4 b[AC1]dis ip pool interface Vlanif100 used # q, E. S& I" A5 j' P% ^! O: b
Pool-name : Vlanif100
2 Z. f1 W* |9 d/ d6 z Pool-No : 0
' X, o6 r- }& _8 f# @' e Lease : 1 Days 0 Hours 0 Minutes
! { r; D0 H) Q% n* ~( a4 F% T Domain-name : -
& I0 s" B1 d' {0 v E8 L1 [ DNS-server0 : 114.114.114.114
6 X. O+ q* X8 f0 w2 |" } DNS-server1 : 8.8.8.8 % t6 l8 N6 G$ F; D4 S) R
NBNS-server0 : -
- t2 F l- J Y- U+ L$ C* x* k( p Netbios-type : -
1 m' {% B7 }9 {: F( D6 G" L Position : Interface Status : Unlocked% t- R, x: i, I
Gateway-0 : -
: m' `- u* B# b% y Network : 192.168.100.09 p4 Y. ^) [& L& g* {1 Q3 t
Mask : 255.255.255.07 f7 ~/ d v5 `
Logging : Disable
. `9 Z0 {% O. Q) C$ z2 n Conflicted address recycle interval: -
. m5 Z8 H) ]' A Address Statistic: Total :254 Used :2 ( E0 {" B' W) m& X5 d4 O) y) M
Idle :252 Expired :0
( e' k5 y9 t/ V. d3 N* q5 F# c& x Conflict :0 Disabled :0 " \/ G& P9 @* Y
5 D$ i4 [; i N) ?
-------------------------------------------------------------------------------
) @* W- U' }2 `. N( U: v% K Network section 8 ~. g; @% a; b$ a. e v. L1 B
Start End Total Used Idle(Expired) Conflict Disabled5 b+ e# d" G" n. X, K
-------------------------------------------------------------------------------
! R' K* t* C# L2 [8 \/ W 192.168.100.1 192.168.100.254 254 2 252(0) 0 0( o! e# L! e) S# i) G( W4 F; D
-------------------------------------------------------------------------------$ T+ q6 a1 a1 l8 A3 e! ~) H
Client-ID format as follows: |8 C. Z' h2 i; P! y O* Q
DHCP : mac-address PPPoE : mac-address
. d a! K+ u, h3 T/ l; _& F) v IPSec : user-id/portnumber/vrf PPP : interface index
9 j, _ J! c. o L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id7 D7 S7 B- V/ D0 ~& \
-------------------------------------------------------------------------------
& s8 d, |. T5 K7 v+ ]/ h Index IP Client-ID Type Left Status
' S! g" {9 H+ I -------------------------------------------------------------------------------
' }9 \& h1 j- P+ A+ T 83 192.168.100.84 00e0-fc59-48f0 DHCP 85055 Used L" e4 k$ p; T
156 192.168.100.157 00e0-fcd9-2cc0 DHCP 85055 Used ( \% ]/ m3 ?* ]9 _4 _; u
-------------------------------------------------------------------------------+ ~* Q- `* Z9 E t! u7 r
+ Y% Z' e }. S2 F6 f6 u' ?
但是现在我们没法分清楚哪个是AP1、AP2,接下来我们可以到AP上分别去查看。" P' W- N, j; P5 E
6 r' ^5 C$ k. w$ J3 T6 c' |7 R: p我们看到AP1拿到的地址是192.168.100.84
/ R* x% K; s" T" k# k1 z* n$ s9 u( W- W8 ?7 b. ? w7 E
#在AP1上查看. s& B3 M* p$ R9 W2 ^
[Huawei]dis ip in b! i" c: u# q" m3 I
*down: administratively down
; g& g( B8 v3 \" @, E% l/ P^down: standby: |- b# f3 O- n3 C6 a K8 g
(l): loopback
% r1 ? X [/ b6 J: o+ ^(s): spoofing9 a6 [4 M& F" [, `
(E): E-Trunk down e8 Q7 m2 C% w0 x9 H; }. L
The number of interface that is UP in Physical is 2
8 I W ~/ o( z9 E" k3 \The number of interface that is DOWN in Physical is 0; o5 r/ J7 n# Z5 U# s7 u
The number of interface that is UP in Protocol is 27 n2 }& q0 k- O- T/ S" X
The number of interface that is DOWN in Protocol is 0
5 ?9 [ ]" c% m3 N7 P: w
4 |- U/ u/ k! I6 |9 F" G5 W$ IInterface IP Address/Mask Physical Protocol
# N+ i. {, ^6 YNULL0 unassigned up up(s)
) [. n7 e/ _6 ?8 d" mVlanif1 192.168.100.84/24 up up' z- H. b& _, F3 O- ^( P
' K: N8 g. p& `9 n8 i1 y
[Huawei]ping 192.168.100.1
- t0 b/ S5 U. L" T @; v* x PING 192.168.100.1: 56 data bytes, press CTRL_C to break5 Z; \4 D& |- ~/ O# v
Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=255 time=110 ms# ^# s6 v7 A* y; H
Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=255 time=1 ms( A" e1 F) t" L- G) W* W) i
Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=255 time=1 ms) @8 A9 Z/ A: C8 l' m- b7 |
Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=255 time=1 ms" C% n# E+ c9 @, w4 {9 r1 O; U4 Z- b8 ^
Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=255 time=10 ms5 C9 P0 E3 T5 q: b$ ]
6 ~ X3 ^) ~! _) ]- _ y
--- 192.168.100.1 ping statistics ---. J/ R6 w1 i/ i5 B! N: d
5 packet(s) transmitted* @9 \/ Y& ~3 K3 C( e6 h+ S
5 packet(s) received! Z8 ?% {6 O& V
0.00% packet loss
$ j t. Q7 d0 @/ P1 K round-trip min/avg/max = 1/24/110 ms0 \# G* L8 G t% y b% C$ h, _
' O7 Q x7 U( P; Q% E/ z
AP2拿到了192.168.100.157
# c# r/ ~2 M) |# T6 [2 E7 [: q% O7 O K+ p- q* V. E
在AP2上查看
1 e: O. C& ]2 K<Huawei>dis ip in b$ P1 e! X, L2 b
*down: administratively down; @- ?) y. @7 c6 s8 R
^down: standby8 J( X W- V% F
(l): loopback
/ d. G" d0 Z" x4 K& N(s): spoofing
1 ` [1 T w" A1 T: a4 d, k(E): E-Trunk down
! J- I8 V9 j& U) d8 F; X ]* x$ ^The number of interface that is UP in Physical is 2
L% D- x8 z' R7 I: Y' TThe number of interface that is DOWN in Physical is 0% @/ ^ e- z8 _( Z* |( Y
The number of interface that is UP in Protocol is 2& k, d% W) B8 B8 U% ~
The number of interface that is DOWN in Protocol is 0
3 K: U* g- u9 s# @1 M/ V' S7 P2 j3 Q: c0 w
Interface IP Address/Mask Physical Protocol
& H8 C ^7 h. G" J) U" `NULL0 unassigned up up(s)
1 \0 ]' Y8 Z6 T# U/ }Vlanif1 192.168.100.157/24 up up
u- M9 Z' d( V) r. H$ b" M8 A
2 ~/ A- E- l+ D" L2 ^9 c我们看到AP1拿到的地址是192.168.100.84,现在我们可以在AC上ping一下
# z7 m8 A0 g) ]6 }; Z4 h; W
" z8 ?0 T# I- t% y, H, ^[AC1]ping 192.168.100.841 b4 _" B6 p j8 n
PING 192.168.100.84: 56 data bytes, press CTRL_C to break& N9 x3 q% }' N M, U6 f
Reply from 192.168.100.84: bytes=56 Sequence=1 ttl=255 time=1 ms- D$ e4 c7 B7 [# b7 t% H
Reply from 192.168.100.84: bytes=56 Sequence=2 ttl=255 time=1 ms: l5 s# n# h) K+ A
Reply from 192.168.100.84: bytes=56 Sequence=3 ttl=255 time=10 ms
. {+ s3 d# v; X( V. d, v Reply from 192.168.100.84: bytes=56 Sequence=4 ttl=255 time=1 ms
. {+ q |* v' {* x) C Reply from 192.168.100.84: bytes=56 Sequence=5 ttl=255 time=1 ms
: o* @! u. ~$ a& `
3 b3 S7 |# g; p; m% n --- 192.168.100.84 ping statistics ---5 c& B8 b: D" Z+ X; H n1 z
5 packet(s) transmitted
- i8 K* @ A; l+ n$ f3 l$ B 5 packet(s) received' d9 w% O# F; D- m# I
0.00% packet loss# Z% o& ?! G) C
round-trip min/avg/max = 1/2/10 ms3 G8 L; x9 N- C6 C6 b
* @" c7 D8 H. H
[AC1]ping 192.168.100.157
( i! M) u; f. f- M+ K: N R PING 192.168.100.157: 56 data bytes, press CTRL_C to break& W* k/ [5 H2 \2 t$ M5 Z; P2 E
Reply from 192.168.100.157: bytes=56 Sequence=1 ttl=255 time=1 ms' S6 \, r" W4 F
Reply from 192.168.100.157: bytes=56 Sequence=2 ttl=255 time=1 ms
. |9 I( L2 e/ z$ O5 r Reply from 192.168.100.157: bytes=56 Sequence=3 ttl=255 time=1 ms
. K/ Z" j& m; Q @" a+ u7 t Reply from 192.168.100.157: bytes=56 Sequence=4 ttl=255 time=10 ms$ Q! \; q1 K+ U. z- G
Reply from 192.168.100.157: bytes=56 Sequence=5 ttl=255 time=1 ms9 k: d! F* \, `) ?( n: c$ e
9 Z* S) p- G; s0 i
--- 192.168.100.157 ping statistics ---3 F8 B* q+ Q) i- d+ m5 J
5 packet(s) transmitted/ c8 C* s; R) L0 Y Z; {3 j Z7 X* d
5 packet(s) received5 C! n% A7 @! _0 K
0.00% packet loss
9 m5 S8 F3 c+ ~( [ round-trip min/avg/max = 1/2/10 ms
% J# J i, y" W- v+ o2 d) Z% _2 I7 u& F
, N7 R5 f3 O# R7 s* d7 Q# w; i, Y# B
四、创建用户群地址池
; z. e2 t) a2 x5 V4 n/ ^0 c l3 F, y用户群A的DHCP+ z( B" s& n: o& ^9 t
用于给用户群A分配IP地址0 g) z. ` ?) V
: H0 E2 f: Z+ \! ~/ A& }
interface Vlanif101# B2 o8 y7 o+ o% Y
ip address 192.168.101.1 255.255.255.0/ B4 ~' y: h# b7 s X% v( W; ?
dhcp select interface' F8 G" P L6 e7 k5 O+ i( i+ L
dhcp server dns-list 114.114.114.114 8.8.8.84 j0 y* J9 f$ a7 p) b5 \% V
5 P& N1 D* z9 `7 Q( W6 i W, D用户群B的DHCP
8 n( W: k" }. r2 E# @. H) m' m* T3 G用于给用户群A分配IP地址
, l9 u$ K$ Z# c# } J0 `5 A- P6 h# H) @5 G- D% U* i0 U
interface Vlanif1026 K: _1 I* E/ f. G' V
ip address 192.168.102.1 255.255.255.0
# L# H% y3 `( E0 Y& B5 U dhcp select interface) J. S% b j$ Q7 J
dhcp server dns-list 114.114.114.114 8.8.8.8 X- \+ Q+ }; U( A6 V! j& K. Y4 P7 l6 Z
* k9 u& ?( a( B; q
! z; S7 ?( Q( I$ A! M9 n; h c* @. R2 Z# p! m: s- K
|
|
/4 
窥视卡
雷达卡
发表于 2022-3-16 10:00:02
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
