OmniSwitch查看日志的命令是:
格式:show log swlog [timestamp start_time [end_time]]
show log swlog timestamp 05/21/2015 11:30 05/21/2015 12:30
发现私自添加路由器导致DHCP分发
确认路由器IP,查到MAC,交换机搜寻到MAC对应的端口,关闭此端口
搜寻此路由器位置,掌握其管理员账户和密码,关闭DHCP功能。
show configuration snapshot
show vlan rules
添加网管交换机,MAC地址绑定0网段,ARP绑定
aaa authentication default local #开启所有服务,默认是关需要console进去设置
aaa authentication http local #开启http服务,默认是关需要console进去设置
aaa authentication telnet local #开启telnet服务,默认是关需要console进去设置
aaa authentication ftp local #开启ftp服务,默认是关需要console进去设置
ip interface "vlan 1" address 10.6.0.143 mask 255.255.255.0 vlan 1 ifindex 1
vlan port mobile 2/38 bpdu ignore enable
MAC地址绑定
arp 10.6.0.136 00:e0:b1:d8:16:19
vlan no port mobile 1/21
vlan 100 port default 1/21
mac-address-table permanent 00:1b:82:ff:03:e5 1/21 100
no mac-address-table permanent 00:1b:82:ff:03:e5 1/21 100
policy condition c1 source vlan 1000 destination ip 10.6.0.0 mask 255.255.0.0
policy condition c2 source vlan 101 destination ip 10.6.0.100
policy condition c3 source vlan 1010 destination ip 10.6.0.0 mask 255.255.0.0
policy condition c4 source vlan 20 destination ip 10.6.100.0 mask 255.255.255.0
policy condition c5 source vlan 1020 destination ip 10.6.0.0 mask 255.255.0.0
policy condition c6 source vlan 30 destination ip 10.6.100.0 mask 255.255.255.0
policy action a1 disposition drop
policy action a2 maximum bandwidth 128K
policy action a3 disposition deny
policy action flowshape maximum bandwidth 128K
policy rule r1 condition c1 action a1
policy rule r2 condition c3 action a1
policy rule r3 condition c4 action a3
policy rule r4 condition c2 action a3
policy rule r5 condition c5 action a1
policy rule r6 condition c6 action a3
qos apply
policy condition source1 source ip 10.6.1.253 mask 255.255.255.255
policy condition dest1 destination ip 10.6.1.253 mask 255.255.255.255
policy action No disposition deny
policy action Yes disposition accept
policy rule permitRule precedence 300 condition source1 action Yes reflexive
policy rule denyRule condition dest1 action No
qos apply
只允许pc访问指定的pc
qos enable
policy condition iptest source ip 10.6.4.226
policy condition iptest2 source ip 10.6.4.226 destination ip 10.6.4.51 mask 255.255.255.255
policy action NO disposition deny
policy action YES disposition accept
policy rule r1 precedence 100 condition iptest action NO
-> policy rule r2 precedence 200 condition iptest2 action YES
-> qos apply
-> no policy rule r1
-> no policy rule r2
-> no policy condition iptest
-> no policy condition iptest2
policy condition host42 source ip 10.6.100.42
-> no policy condition host42
-> policy condition host42 source ip 10.6.100.42 destination ip 10.6.100.0 mask 255.255.254.0
-> policy rule tmpno42 precedence 200 condition host42 action a1
-> qos apply
policy condition host10 source ip 10.6.100.42 destination ip 10.6.1.0 mask 255.255.255.0
-> policy rule no10 precedence 200 condition host10 action a1
-> qos apply
-> no policy rule no10
-> no policy rule tmpno42
-> qos apply
policy condition ip1010 source ip 192.168.11.0 mask 255.255.255.0 destination ip 10.6.0.98 mask 255.255.255.255
policy action a4 disposition accept
policy rule r2 condition ip1010 action a4
policy condition c3 source vlan 1010 destination ip 10.6.0.0 mask 255.255.0.0
policy rule r11 condition c3 action a1
no policy rule r2
no policy rule r11
no policy action a4
no policy action YES
policy action a4 disposition accept
policy rule r2 condition ip1010 action a4
policy condition c3 source vlan 1010 destination ip 10.6.0.0 mask 255.255.0.0
policy rule r11 condition c3 action a1
no policy rule r2
no policy rule r11
no policy action a4
no policy action YES
qos apply
DHCP延迟最终解决
ip helper forward delay 0
查看直连设备的MAC地址
arp -a
snmp
-> user public password public read-write all no auth
-> snmp station 10.6.0.71 162 "public" v1 enable
snmpwalk -c public -v 2c 10.6.0.133
snmp community map "public" user "admin" on
snmp community map mode off
snmp security no security
aaa authentication snmp "local"
snmp station 10.6.0.71 162 "public" v1 enable
snmp authentication trap enable
user password-size min 5
snmp trap absorption enable
snmp trap to webview enable
ip helper no address 10.6.0.84 vlan 40
ip helper no address 10.6.0.84 vlan 1020
ip helper no address 10.6.0.73 vlan 10
ip helper no address 10.6.0.73 vlan 20
ip helper no address 10.6.0.73 vlan 30
ip helper no address 10.6.0.73 vlan 101
ip helper no address 10.6.0.73 vlan 1000
ip helper no address 10.6.0.73 vlan 1010
ip helper no address 10.6.0.73 vlan 1020
设置时区、时制、时间、日期、主机名、标书等:***************************************************
system timezone pst
system timezone zp8 (中国)
system daylight savings time enable
system time 18:35:00
system date 06/27/2002
system contact "JSmith X477 js@company.com"
system name "Engineering Switch 3"
system location "NMS Lab--NE Corner Rack"
*********************************************************
重新启动:
***********************************************************
reload working no rollback-timeout(立即重新启动)
reload primary in 3:03(定时重新启动主模块)
reload primary at 20:00 june 30(定时重新启动主模块)
reload primary cancel (取消重新启动主模块)
reload secondary (重新启动备管理模块)
reload cancel(取消重新启动)
************************************************************
保存配置:
************************************************************
copy running-config working or write memory(保存到主模块内存)
copy working certified(保存到备配置文件)
copy certified working(恢复配置文件)
copy flash-synchro(把配置文件同步到备管理模块)
*************************************************************
VLAN配置:
*************************************************************
vlan port mobile 2/38 bpdu ignore enable
vlan 10 创建vlan 10
vlan 10 name bangonglou 给为vlan 10取名
vlan 10 router ip 172.16.32.1 mask 255.255.255.0 给vlan配Router ip
vlan 10 prot default 1/1 1/1端口分配到vlan 10
vlan 10 port default 2/32
vlan 2 802.1q 8/1 8/1端口打上vlan 2的802.1q tag
vlan 2 no port default 3/1-5 从vlan 2 删除3/1-5的
ip interface "vlan-1" address 192.168.0.254 mask 255.255.255.0 vlan 1 给vlan1配置route ip
*************************************************************
常用维护命令:
*************************************************************
show micrcode 查看软件信息
show running-directory 查看交换机运行模式
show configuration snapshot all 查看所有配置
show history parameters 查看history参数
show history 查看历史信息
show vlan 查看vlan信息
show chassis 查看交换机机箱信息 MAC
show module 查看模块信息
show ni 查看ni信息
show cmm 查看管理模块信息
show system 查看系统信息
show seesion config
show dns
show ntp server status
show ntp client server-list
show ntp client
show reload
show reload status
show user
show hardware info
***********************************************************
文件操作命令:
**********************************************************
rm *.img
install *.img
cd
pwd
ls
cp
mkdir
rm
vi
move
chmod
delete
freespace
fsck
newfs
*****************************************************************
ACL配置:
****************************************************************
只允许192.168.10.0/24网段可以访问任意,而192.168.10.0/24不让任意网络访问:
-> policy condition source1 source ip 192.168.10.0 mask 255.255.255.0
-> policy condition dest1 destination ip 192.168.10.0 mask 255.255.255.0
-> policy action No disposition deny
-> policy action Yes disposition accept
-> policy rule permitRule precedence 300 condition source1 action Yes reflexive
-> policy rule denyRule condition dest1 action No
-> qos apply
******************************************************************
Avlan配置:
****************************************************************
system name os6600
vlan 1 router ip 192.168.1.1
vlan 2 router ip 192.168.2.1
vlan 2 enable
vlan 2 authentication enable
vlan port mobile 8/3
vlan port 8/3 authentication enable
aaa radius-server “rad1” host 192.168.1.254 key switch auth-port 1812 acct-port 1813
aaa authentication vlan single-mode “rad1”
aaa accounting vlan rad1
ip helpr address 192.168.1.254
aaa avlan default dhcp 192.168.1.1
ip helper avlan only
avlan auth-ip 3 10.10.2.80
no aaa radius-server rad1
aaa vlan no
no aaa authentication vlan
no aaa accounting
********************************************************
SLB配置:
*******************************************************
ip slb admin enable
ip slb cluster zbslb vip 192.168.0.234
ip slb server ip 192.168.0.236 cluster zbslb
ip slb server ip 192.168.0.237 cluster zbslb
ip slb probe zbslb_probe1 ping
ip slb cluster zbslb probe zbslb_probe1
ip slb server ip 192.168.0.236 cluster zbslb probe zbslb_probe1
ip slb server ip 192.168.0.237 cluster zbslb probe zbslb_probe1
**********************************************************
dhcp relay配置
**********************************************************
ip udp relay
ip helper address 192.168.1.1
ip helper no address 192.168.1.1 (deletes one address)
ip helper no address (delete all address)
ip helper address 192.168.3.1 vlan 3
ip helper address 192.168.4.1 192.168.4.2 vlan 4
ip helper forward delay 15 (set forward delay timer for the bootip/dhcp relay)1-65535
ip helper maximum hops 3 (set the maximum hop count value)1-16
show ip helper
ip helper boot-up enable dhcp
ip helper boot-up enable bootp
show ip helper stats
show ip udp relay service
show ip udp relay statistics
show ip udp relay destination
**********************************************************
-> interfaces 1/1 duplex ?
^
HALF FULL AUTO
(Interface Command Set)
-> interfaces 1/23 speed 100
-> interfaces 1/23 speed auto
^
HALF FULL AUTO
(Interface Command Set)
-> interfaces 1/23 speed 100
-> interfaces 1/23 speed auto
-> interfaces 1/23 speed 100