- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
一、实验环境9 U, f% F- H* B, q
g8 y0 E/ k e& Q4 R/ A
; q) S+ ]3 O! e; W r7 ~二、创建VLAN
3 v( L# ~! r: a[huawei]sy AC12 U. \2 d* l3 Y1 Z j! j. N6 n8 p
[AC1]un in en
$ u3 R3 q+ F7 S[AC1]vlan batch 100 101 102 800
, E3 H: Y# {% i0 D) P' e5 i1 B( f- x. _
interface GigabitEthernet0/0/3. p' W! d/ g8 p
port link-type access7 G8 g7 O. ~) W% R/ m$ [1 v I
port default vlan 800
6 W. e2 l" B& a" v! I q
1 ^( W0 @$ j t3 J2 p& Y
# {: x5 p: L. V# P. ointerface Vlanif800
. _5 t3 f: u- z7 D, K" K: e ip address 192.168.240.1 255.255.255.252
: E5 _/ [' \: { V7 ] q
% v5 e0 f$ t3 M7 ?" e0 l
0 D. V u! C3 L Y% N三、AP上线
, ^ \8 V/ r" t- D. }AP与AC之间打trunk。将管理vlan100设为trunk的本征vlan。
4 ]& g5 Z; f" k# j- S; n
) i8 n" {3 U$ k, |8 T4 [什么是本征vlan?$ e. B; O y# I
" s! r8 I* K- d: c( p/ U关于本征vlan的概念总是忘记,重新搜索了一下加深一下记忆,总结了几条:
, z! M( p* f0 O/ u! r, z; i5 r1、本征vlan默认是vlan1,并且是可以修改的,修改后,不加tag的帧全都送给本征vlan来在中继端口上传输;- S; Z0 \1 K, [' A/ u- L) p3 b, Z
2、交换机的access口是不存在本征vlan的概念的,这个概念只存在中继端口上;
% E% L: y; _6 C0 g: g& Y8 v1 C2 Q3、本来所有经过中继口上的帧都应该打上标记的,中继通过allow vlan *** 来放行相关vlan通行,但是交换机之间不管存在穿越帧,还存在交换机之间协商信息的帧,如果将这些帧打上tag,也就是那些交换机管理信息,那么这些信息传递到目的地,并不需要送往对应vlan中,而是让交换机接收的信息,那么这时候就需要本征vlan了,不打tag的帧全送到本征vlan进行传送;
) O1 [: _" a! v4、本征vlan收到带tag的帧是会丢弃的。
2 Y7 g3 `' w; a! W4 i+ X
1 I0 _# F2 a2 x0 o+ P5 I默认情况下,Trunk 端口的缺省VLAN 为VLAN1。对 Trunk 端口,执行undo vlan 命令删除端口的缺省VLAN 后,端口的缺省VLAN 配置不会改变的,即使用已经不存在的VLAN 作为缺省VLAN。1 m% x0 M3 A" h" R, T3 t
, x2 C' [. J( k5 p) \3 minterface GigabitEthernet0/0/18 d4 x9 h4 z" W* R4 E
port link-type trunk
A* B( e! o* _) h& ~ port trunk pvid vlan 100 #将vlan100配置为本征vlan% f9 w' t1 V+ b. Y
port trunk allow-pass vlan 100 to 101 #允许vlan100和vlan101通过0 ^* N) W8 D8 I' K9 c- m7 D
q
7 p1 B6 k" Q9 Q7 F
) o4 V$ ^; X2 [4 [1 y0 k+ finterface GigabitEthernet0/0/2( J4 l/ {9 ]' f+ a* i4 F3 O' ~
port link-type trunk# D1 t* E, o" V6 r6 ]% d0 G' }
port trunk pvid vlan 100 #将vlan100配置为本征vlan
7 t0 X( B5 u3 \1 W! Q$ f V+ W port trunk allow-pass vlan 100 to 102 #允许vlan100和vlan101通过
, m1 |4 m" v0 _6 D5 g/ K( a7 z q
) A. e p8 q" \- `. k. B! w" A& H6 {) r
注意事项:将vlan100配置为本征vlan,目的是使得AP发来的不打tag的DHCP请求报文,归为vlan100的流量,从而使得AP获取到IP地址。AP和AC之间交互的管理流量都是不打tag的。
$ r4 p: z% `' ^' } L, l- E6 Z# \& O! N* o" Z5 p7 a8 {
查看一下vlan接口信息
" J) g. U1 E( Z+ C7 g% O2 ^9 |3 F/ E* D- K
[AC1]dis port vlan) a7 f3 K# d* b/ f4 _ K, q3 u
Port Link Type PVID Trunk VLAN List
8 X+ I; X6 t' k6 }, i-------------------------------------------------------------------------------
/ m! o+ B" F; d! Z7 g& ~, DGigabitEthernet0/0/1 trunk 100 1 100-101
8 J' o) b% \ t8 L* fGigabitEthernet0/0/2 trunk 100 1 100-102
7 o* H2 ^4 K/ J& d8 G6 pGigabitEthernet0/0/3 access 800 - & @: s+ ?5 t: ?4 B
GigabitEthernet0/0/4 hybrid 1 -
, I+ x& ^) g- a/ hGigabitEthernet0/0/5 hybrid 1 - 8 e s7 }3 @) t+ b% j* c# l7 U- p
...
; G* l) X& }; k; J* U% _6 J
N$ e6 R6 v! f: i" e: u9 A创建AP地址池$ Z5 e( t6 [2 u$ R
这里是基于接口的DHCP配置,用于给AP分配IP地址。
/ W( c8 d" E$ ?6 x( K( z0 ~
* |6 s8 B: g0 h( e) x& {9 y: `dhcp enable8 A* b7 Z! u O% X- L
interface Vlanif1007 g+ b$ m4 p) Z* j
ip address 192.168.100.1 255.255.255.0
* }: Y( H: U6 | q- D" Z; ~" a. O dhcp select interface/ A! e! a& |+ l1 y& o B
dhcp server dns-list 114.114.114.114 8.8.8.8* ~3 H" ]; C( o7 E
/ x( G9 c& \+ ]! R' n" S
验证AP上线2 \, r9 K G4 H9 Q4 v
在AC上查看
; Y I4 T# K4 P( w8 i7 g: s- d! I" n. R- N" }* C
[AC1]dis ip pool interface Vlanif100 used , h( {& _3 S0 Q( U9 d
Pool-name : Vlanif100+ b/ Y$ F6 r8 ]9 F
Pool-No : 0
+ i5 ^% S0 q5 i, `. K Lease : 1 Days 0 Hours 0 Minutes/ k1 B* _$ }0 |# O8 {, e p: k
Domain-name : -1 J9 o+ j1 t \+ @$ ?- ]5 I8 P
DNS-server0 : 114.114.114.114
/ o8 ^4 p; s5 R7 e x DNS-server1 : 8.8.8.8 5 B4 Y, P: X- t
NBNS-server0 : -
) y' ?; g' l5 F+ e Netbios-type : -
5 x& ~5 t0 r1 z Position : Interface Status : Unlocked
6 m6 {! ?) k- `- b) j Gateway-0 : -
1 Z/ q2 O2 t& m' \! W Network : 192.168.100.0
; p: p( _. K7 [/ @9 c! t& Z: O2 B) C7 O Mask : 255.255.255.03 c4 Y+ ^7 {" \1 I! R! R
Logging : Disable
/ s9 c9 k( y' t" ~* K f/ F Conflicted address recycle interval: -4 l# k0 M D) P' u" C
Address Statistic: Total :254 Used :2 # q" h" K0 f' F; M4 f
Idle :252 Expired :0 4 {. o4 P* m6 e! d
Conflict :0 Disabled :0
5 D+ U3 g/ n3 V$ k
% J8 a# i7 L8 Z) [. L' P -------------------------------------------------------------------------------
% x- ]0 m7 z( x& }: U Network section
; J/ \# f1 ^' K) B Start End Total Used Idle(Expired) Conflict Disabled
2 l: K+ H# X9 _5 k l6 k( i -------------------------------------------------------------------------------7 J4 _& S) Z. g6 U) v1 x4 _
192.168.100.1 192.168.100.254 254 2 252(0) 0 0
6 l- W( Q/ s, E. } -------------------------------------------------------------------------------
- A7 t4 S }. t+ \4 J! n0 M: u V Client-ID format as follows: % z' M: K4 t: E |
DHCP : mac-address PPPoE : mac-address
5 U( v% b/ j, t) Y IPSec : user-id/portnumber/vrf PPP : interface index + I. G5 y, ^2 f P6 W. r, [) I
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
4 r7 }; _; P) C2 B- q' A -------------------------------------------------------------------------------( \; Q$ Q# h0 ^; X2 R" S. b
Index IP Client-ID Type Left Status $ q6 u" P; y/ T8 T: g
-------------------------------------------------------------------------------* `3 w' o* g. i! i
83 192.168.100.84 00e0-fc59-48f0 DHCP 85055 Used
/ l4 X+ t- G, ]; E- y0 B& w 156 192.168.100.157 00e0-fcd9-2cc0 DHCP 85055 Used 0 t1 D) g! K1 h a
-------------------------------------------------------------------------------; ] q4 m) f7 |* d0 ?
1 H; X* P X7 |9 h1 A% Z8 j
但是现在我们没法分清楚哪个是AP1、AP2,接下来我们可以到AP上分别去查看。: F" Y6 N. m+ L# @
. L& f, I* B/ r. `我们看到AP1拿到的地址是192.168.100.84
?) Z( p$ _7 I: y( y: r1 e! Q3 j! R0 F4 u/ T0 h; E9 a
#在AP1上查看
0 G1 V8 y' z: v3 G: [# D- m: D[Huawei]dis ip in b$ Q3 C: Z& \' E8 A& k
*down: administratively down3 g j( E9 n: G0 `
^down: standby# U6 ]+ J! z0 T+ {0 ~) J
(l): loopback2 A8 j" F6 j7 {9 ?: h4 L
(s): spoofing
: v1 A0 r7 z( n ?$ M(E): E-Trunk down
+ B! I" c5 Z1 t s; h/ xThe number of interface that is UP in Physical is 2
/ K) s& V, L. w& ?* S& nThe number of interface that is DOWN in Physical is 01 j3 ^" u- _7 i' p. I# m
The number of interface that is UP in Protocol is 29 G7 N, S: w' n2 P, u0 F7 ?4 d
The number of interface that is DOWN in Protocol is 0. x. z) \: z) P5 c' j4 q
1 c1 _! l0 k+ E
Interface IP Address/Mask Physical Protocol
* k- F# h% K6 [# QNULL0 unassigned up up(s)
( F$ A! N* Z0 i4 p3 ~" h/ Y: b4 [Vlanif1 192.168.100.84/24 up up3 A i8 y- n7 E1 k2 a8 d1 A
* y& v) d& ]+ u. Z$ G1 a
[Huawei]ping 192.168.100.1
8 @5 v8 u& t" F% ~, a- r' ~ PING 192.168.100.1: 56 data bytes, press CTRL_C to break6 U: Q2 S8 D. |! U
Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=255 time=110 ms
$ w* y4 _3 V* R8 E/ y. V% R: h6 a Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=255 time=1 ms
( I ] G3 @' k% \" M4 R Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=255 time=1 ms
3 E) S6 f/ W4 [8 ], ? Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=255 time=1 ms" }- }; v/ U X, ~8 n1 O
Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=255 time=10 ms& S. `" t. ~& i2 E6 d
$ T; `! s' W6 I9 V2 `, i
--- 192.168.100.1 ping statistics ---3 u, f3 @8 n, u! h
5 packet(s) transmitted, w; x' `- Q- }* {# F# w
5 packet(s) received5 a' B* D5 b' ^! e( u
0.00% packet loss2 S1 i: I' h3 `. Q! ~
round-trip min/avg/max = 1/24/110 ms
' D1 B, g D9 A/ ]' n! p9 H+ C
- Y# e% \5 K. O1 @8 NAP2拿到了192.168.100.157
% R, s8 b) t0 r4 y9 X% h3 ` S9 r& P- S6 v0 n3 C; `. u! y
在AP2上查看
i! W/ X0 S& j& @( W& g( a) B0 _3 ^<Huawei>dis ip in b2 t5 K3 b2 O8 D2 p) v( c3 m
*down: administratively down
% }( t9 V& t6 G( S8 e' c^down: standby! Z q8 n- A8 n- Z! I( b9 p
(l): loopback
$ B. U- f8 c3 y) |, F(s): spoofing6 S& R0 Y9 l; T% \5 g
(E): E-Trunk down
- n: d# s& {' R" T5 C. }7 v0 gThe number of interface that is UP in Physical is 2
6 T1 e9 b; D" Z! B+ QThe number of interface that is DOWN in Physical is 08 A9 J; E3 d" v2 `
The number of interface that is UP in Protocol is 2. w0 g; x+ `! J; U
The number of interface that is DOWN in Protocol is 0- r0 L4 l- A( v+ o; t2 p
8 R: J1 r6 y# \) E9 H3 V
Interface IP Address/Mask Physical Protocol
0 J3 ?6 _. ^- S1 K1 J& @. gNULL0 unassigned up up(s)
7 @$ V+ P5 o$ u, xVlanif1 192.168.100.157/24 up up % M- w& D: L k- \' S- f! m C$ {
. u6 p$ @( c8 a" W% u, f我们看到AP1拿到的地址是192.168.100.84,现在我们可以在AC上ping一下
% ~+ ?3 ^. M4 p8 s" `4 L1 u; N2 o
# V1 o3 L+ L/ J9 e7 X+ d* G[AC1]ping 192.168.100.84
* m- H& }& h2 e8 O PING 192.168.100.84: 56 data bytes, press CTRL_C to break
0 T% g" z) t# a/ _. k Reply from 192.168.100.84: bytes=56 Sequence=1 ttl=255 time=1 ms) t. ]7 O5 {& r3 C, R) d5 n
Reply from 192.168.100.84: bytes=56 Sequence=2 ttl=255 time=1 ms
; L1 O, G! H- N Reply from 192.168.100.84: bytes=56 Sequence=3 ttl=255 time=10 ms
& p; _* \! Y0 O Reply from 192.168.100.84: bytes=56 Sequence=4 ttl=255 time=1 ms3 G1 D& V! _/ j7 v# q
Reply from 192.168.100.84: bytes=56 Sequence=5 ttl=255 time=1 ms
9 |% H5 f1 a! j. [: ^$ o5 ]
; y' c S/ G. B+ b: s4 H, J --- 192.168.100.84 ping statistics ---* J7 ]& V; h T
5 packet(s) transmitted
; a; \5 y) {" L; y 5 packet(s) received: x# E$ b" q7 A3 d( b' ]+ f) i* _
0.00% packet loss1 @( K1 {" x% ^ e" A6 Y$ Y
round-trip min/avg/max = 1/2/10 ms& i# b' \3 n. s
8 o% k/ [8 F+ n) M[AC1]ping 192.168.100.157
# s6 a; y z: x1 r7 v PING 192.168.100.157: 56 data bytes, press CTRL_C to break [8 I0 Q" X' }( q# f- ?
Reply from 192.168.100.157: bytes=56 Sequence=1 ttl=255 time=1 ms' K+ r# J, B8 ?! u( o, w
Reply from 192.168.100.157: bytes=56 Sequence=2 ttl=255 time=1 ms+ K2 }. i1 K- J, X) H( h; c# V5 o
Reply from 192.168.100.157: bytes=56 Sequence=3 ttl=255 time=1 ms' p; U( Y) t$ A& M( {
Reply from 192.168.100.157: bytes=56 Sequence=4 ttl=255 time=10 ms
" I1 W3 C- |& [3 T Reply from 192.168.100.157: bytes=56 Sequence=5 ttl=255 time=1 ms
8 |0 [( g( m" q* O( p
4 a! B5 _" X6 A+ ` --- 192.168.100.157 ping statistics ---* u6 p# S- R2 f, z: l, Y7 N: l1 M6 b
5 packet(s) transmitted# {4 v* l: X0 |
5 packet(s) received$ ~5 Q* b9 B5 [7 W: }$ ~! _
0.00% packet loss$ \4 k" _ M9 I; b7 k9 `. t
round-trip min/avg/max = 1/2/10 ms, {9 n/ E2 S% h5 z% ?+ ?6 m
) Y, n1 s# i7 j& G
4 F+ C1 ^0 c6 Z5 O8 z4 _- k四、创建用户群地址池: x% J% g, }2 X( F/ e( g
用户群A的DHCP
0 U! F7 l' K! T" Z O* K- h3 w用于给用户群A分配IP地址9 `" `. K m: F5 E" d% X
0 J0 U! O$ ?) L$ d2 Ointerface Vlanif101
0 O& M; \5 p- K- [ ip address 192.168.101.1 255.255.255.09 x9 w; Z0 q* _6 j' k
dhcp select interface
9 g G3 a# a; h dhcp server dns-list 114.114.114.114 8.8.8.8
9 R- ]: N0 @% W7 v- g7 ^ x& n x. [$ d' |+ B _" `
用户群B的DHCP7 j# [6 C' V& n) k! n5 W0 e
用于给用户群A分配IP地址! p- |$ z2 q0 V% F& Y
" k6 ]( D# ?% e5 O1 _ p' ^
interface Vlanif102
7 Q/ v% P" g% ~$ c3 z ip address 192.168.102.1 255.255.255.04 x, E4 P0 T$ V: I: j* @
dhcp select interface2 Z) {# @5 V K
dhcp server dns-list 114.114.114.114 8.8.8.8
2 C' U% ~! M8 z) S( r
' h7 M, t7 X/ |
% B- ?4 `9 a; H% M: h' s& g i; ~- r2 e5 h! ]
|
|
/4 
窥视卡
雷达卡
发表于 2022-3-16 10:00:02
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
