Juniper SSG 520M/550M 教育訓練影片

[Juniper SSG 520M/550M 教育訓練影片]

http://www.juniper.net/us/en/training/elearning/ssg520_550.html

FB登入後無法正常顯示首頁內容

當電腦登入Facebook發現無法正常顯示FB首頁時,可能是電腦DNS有問題
此時可以試試將DNS清除
電腦左下角開始-->執行-->輸入cmd--->輸入 ipconfig /flushdns 即可
再重新登入FB帳號...

Extreme Download Upload Backup Command

Backup Configuration File

Selecting Active Image Files

Download a New Image File

Selecting Active Configuration Files

Restoring the Configuration

Downloading ASCII-formatted

Managing ASCII-formatted

Returning the Switch To Factory Defaults

Extreme EAPS LAB1

LAB1: 三台Summit X150-24T
EAPS Domain = EAPS1
Control Valn = CV1 tag 100 QP8
Protection Vlan =  P1 tag 101 , P2 tag 102 , P3 tag 103
-----------------------------------------------------------------------------
第一台當EAPS MASTER Mode
Step 1 

configure vlan default delete ports all  (將Default Vlan預設Port Delet)
configure vr VR-Default delete ports 1-26
configure vr VR-Default add ports 1-26
configure vlan default delete ports 1-26
create vlan "cv1"  (Control Vlan)
configure vlan cv1 tag 100
configure vlan cv1 qosprofile QP8
create vlan "p1"   (Protection Vlan)
configure vlan p1 tag 101
create vlan "p2"
configure vlan p2 tag 102
create vlan "p3"
configure vlan p3 tag 103
configure vlan cv1 add ports 1-2 tagged
configure vlan p1 add ports 1-2 tagged
configure vlan p1 add ports 3-5 untagged
configure vlan p2 add ports 1-2 tagged
configure vlan p2 add ports 6-8 untagged
configure vlan p3 add ports 1-2 tagged
configure vlan p3 add ports 9-11 untagged
configure vlan p1 ipaddress 192.168.0.1 255.255.255.0


Step2
configure eaps fast-convergence on
(如果架構中有一台並非設定eaps的Switch,此指令要下,事後下必須reboot Master Switch才會生效)



enable eaps
create eaps eaps1
configure eaps eaps1 mode master  (選其中一台為 Eaps Master其他為Transit)
configure eaps eaps1 primary port 1
configure eaps eaps1 secondary port 2
configure eaps eaps1 failtime expiry-action open-secondary-port
enable eaps eaps1
configure eaps eaps1 add control vlan cv1
configure eaps eaps1 add protected vlan p1
configure eaps eaps1 add protected vlan p2
configure eaps eaps1 add protected vlan p3

----------------------------------------------------------------------------------------------------------

第二台 EAPS 當 Transit Mode

Step 1


configure vlan default delete ports all
configure vr VR-Default delete ports 1-26
configure vr VR-Default add ports 1-26
configure vlan default delete ports 1-26
create vlan "cv1"
configure vlan cv1 tag 100
configure vlan cv1 qosprofile QP8
create vlan "p1"
configure vlan p1 tag 101
create vlan "p2"
configure vlan p2 tag 102
create vlan "p3"
configure vlan p3 tag 103
configure vlan cv1 add ports 1-2 tagged
configure vlan p1 add ports 1-2 tagged
configure vlan p1 add ports 3-5 untagged
configure vlan p2 add ports 1-2 tagged
configure vlan p2 add ports 6-8 untagged
configure vlan p3 add ports 1-2 tagged
configure vlan p3 add ports 9-11 untagged
configure vlan p1 ipaddress 192.168.0.2 255.255.255.0

Step 2

enable eaps

create eaps eaps1

configure eaps eaps1 mode transit

configure eaps eaps1 primary port 1

configure eaps eaps1 secondary port 2

enable eaps eaps1

configure eaps eaps1 add control vlan cv1

configure eaps eaps1 add protected vlan p1

configure eaps eaps1 add protected vlan p2

configure eaps eaps1 add protected vlan p3

------------------------------------------------------------------------

第三台 EAPS 當Transit Mode

Step1

enable eaps

create eaps eaps1

configure eaps eaps1 mode transit

configure eaps eaps1 primary port 1

configure eaps eaps1 secondary port 2

enable eaps eaps1

configure eaps eaps1 add control vlan cv1

configure eaps eaps1 add protected vlan p1

configure eaps eaps1 add protected vlan p2

configure eaps eaps1 add protected vlan p3

Step2

enable eaps

create eaps eaps1

configure eaps eaps1 mode transit

configure eaps eaps1 primary port 1

configure eaps eaps1 secondary port 2

enable eaps eaps1

configure eaps eaps1 add control vlan cv1

configure eaps eaps1 add protected vlan p1

configure eaps eaps1 add protected vlan p2

configure eaps eaps1 add protected vlan p3

------------------------------------------------------------------------------

Master Switch

Show eaps detail

EAPS Enabled: Yes

EAPS Fast-Convergence: On

EAPS Display Config Warnings: On

EAPS Multicast Add Ring Ports: Off

EAPS Multicast Send IGMP Query: On

EAPS Multicast Temporary Flooding: Off

EAPS Multicast Temporary Flooding Duration: 15 sec

Number of EAPS instances: 1

  Name: eaps1

  State: Complete                               Running: Yes

  Enabled: Yes    Mode: Master

  Primary port:   1             Port status: Up Tag status: Tagged

  Secondary port: 2             Port status: Blocked    Tag status: Tagged

  Hello Egress Port: Primary

  Hello timer interval: 1  sec  0  millisec

  Fail timer interval:  3  sec  0  millisec

  Fail Timer expiry action: Open secondary port

  Last update: From Master Id 00:04:96:51:d8:d9, at Tue Aug 16 15:08:39 2011

  EAPS Domain has following Controller Vlan:

    Vlan Name                    VID

    cv1                          100

  EAPS Domain has following Protected Vlan(s):

    Vlan Name                    VID

    p1                           101

    p2                           102

    p3                           103

  Number of Protected Vlans: 3

-------------------------------------------------------------------------------

Transit Switch
Show eaps detail

EAPS Enabled: Yes

EAPS Fast-Convergence: Off

EAPS Display Config Warnings: On

EAPS Multicast Add Ring Ports: Off

EAPS Multicast Send IGMP Query: On

EAPS Multicast Temporary Flooding: Off

EAPS Multicast Temporary Flooding Duration: 15 sec

Number of EAPS instances: 1

  Name: eaps1

  State: Links-Up                               Running: Yes

  Enabled: Yes    Mode: Transit

  Primary port:   1             Port status: Up Tag status: Tagged

  Secondary port: 2             Port status: Up Tag status: Tagged

  Hello timer interval: 1  sec  0  millisec

  Fail timer interval:  3  sec  0  millisec

  Preforwarding Timer interval: 15 sec

  Last update: From Master Id 00:04:96:51:d8:d9, at Tue Aug 16 15:10:08 2011

  EAPS Domain has following Controller Vlan:

    Vlan Name                    VID

    cv1                          100

  EAPS Domain has following Protected Vlan(s):

    Vlan Name                    VID

    p1                           101

    p2                           102

    p3                           103

  Number of Protected Vlans: 3

Extreme 回復出廠值

Extreme XOS沒辦法只回復password，下列的方式會讓所有的設定不見，請詳實告知user。

1. 重開機出現Running POST的時候按住空白鍵。

2. POST完成之後會進入boot rom模式。

3. 在提示符號下輸入：

4. Config abc 後按enter (abc指的是隨便一個檔名，目的在使系統找不到檔案後開機時load default)

5. 輸入Boot後按enter。

系統重開之後就回預設值，所有的設定都會不見。




将仿真终端接到设备的console口上
按住空格键启动设备电源
进入bootrom状态
选择D，恢复出厂缺省值 选择F，重新启动

Extreme 基本操作

cisco 指令

密碼加密
Router(config)#service password-encryption
Router(config)#no service password-encryption

把running-config備份到TFTP Server Router-1#copy running-config tftp:
Address or name of remote host []? 192.168.1.1 **指定TFTP Server 的位置
Destination filename [Router-1-confg]?

從TFTP Server還原running-config
Router-1#copy tftp: running-config Address or name of remote host []? 192.168.1.1
Source filename []? Router-1-confg
Destination filename [running-config]?

備份及還原startup-config Router-1#copy startup-config tftp:
Router-1#copy tftp: startup-config

查看目前IOS的版本 Router-1#show version Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(14)T7, RELEASE SOFTWARE (fc2) **目前載入的IOS版本
System image file is "flash:c1841-ipbase-mz.123-14.T7.bin" **目前IOS的作業系統檔名

顯示目前Flash 記憶體的內容 Router-1#show flash:

System flash directory:
File  Length   Name/status
  2   13832032 c1841-ipbase-mz.123-14.T7.bin
[13832032 bytes used, 50184352 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
**目前Flash 記憶體內容已使用了約13.8MB，還剩約50MB可以使用，總共可用空間為64MB。

備份IOS至TFTP Server
Router-1#copy flash: tftp: Source filename []? c1841-ipbase-mz.123-14.T7.bin **指定來源檔名
Address or name of remote host []? 192.168.1.1    **指定TFTP Server 位置
Destination filename [c1841-ipbase-mz.123-14.T7.bin]?  **指定存檔檔名

從TFTP Server 更新新版IOS Router-1#copy tftp: flash:
Address or name of remote host []? 192.168.1.1
Source filename []? c1841-advipservicesk9-mz.124-15.T1.bin
Destination filename [c1841-advipservicesk9-mz.124-15.T1.bin]?
可用指令 show flash: 來查看是否有存入flash，並用指令reload 來載入新的IOS。

重新載入IOS(重新開機)
Router-1#reload

刪除重新Flash 內的IOS Router#delete flash:c1841-ipbase-mz.123-14.T7.bin
**可用show flash 指令來查看flash 的內容 Delete filename [c1841-ipbase-mz.123-14.T7.bin]?

Delete flash:/c1841-ipbase-mz.123-14.T7.bin? [confirm]

設定VTP(Vlan Trunking Protocol)

VTP（VLAN Trunking Protocol）：是VLAN中繼協議，也被稱為虛擬局域網幹道協議。它是思科私有協議。作用是十幾台交換機在企業網中，配置VLAN工作量大，可以使用VTP協議，把一台交換機配置成VTP Server, 其餘交換機配置成VTP Client,這樣他們可以自動學習到server 上的VLAN 信息。

分類: CISCO,資訊相關 — noahchou @ 17:50:22 

VTP模式有3種 服務器模式（Server）客戶端模式（Client）透明模式（Transparent）
服務器模式（Server）
提供VTP消息：包括VLAN ID和名字信息
學習相同域名的VTP消息
轉發相同域名的VTP消息
可以添加、刪除和更改VLAN VLAN信息寫入NVRAM
客戶端模式（Client）
請求VTP消息
學習相同域名的VTP消息
轉發相同域名的VTP消息
不可以添加、刪除和更改VLAN VLAN信息不會寫入NVRAM
透明模式（Transparent）
不提供VTP消息
不學習VTP消息
轉發VTP消息
可以添加、刪除和更改VLAN，只在本地有效 VLAN信息寫入NVRAM
新交換機出廠時的預設配置是預配置為VLAN1，VTP 模式為服務器。

設定VTP-Server及指定VTP Domain

VTP-Server(config)#vtp domain vivotek
Changing VTP domain name from NULL to vivotek

VTP-Server(config)#vtp mode server
Device mode already VTP SERVER.

設定VTP-Client

VTP-Client1(config)#vtp domain vivotek
Changing VTP domain name from NULL to vivotek

VTP-Client1(config)#vtp mode client
Setting device to VTP CLIENT mode.

設定VTP-Transparent

VTP-Trans1(config)#vtp domain vivotek
Changing VTP domain name from NULL to vivotek

VTP-Trans1(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.

查看目前VTP 狀況

VTP-Server#sh vtp statu VTP Version                     : 2
Configuration Revision          : 4
Maximum VLANs supported locally : 255
Number of existing VLANs        : 9
VTP Operating Mode              : Server
VTP Domain Name                 : vivotek VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0×33 0×54 0×73 0xB3 0×27 0xC4 0x0C 0×48
Configuration last modified by 0.0.0.0 at 3-1-93 00:13:57
Local updater ID is 0.0.0.0 (no valid interface found)

設定VLAN

說明如何新增VLAN

Switch#show vlan 顯示目前VLan狀態

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Switch(config)#vlan 10
Switch(config-vlan)#vlan 20

新增vlan 10，vlan 20

Switch#sh vlan

已新增vlan 10，vlan 20但未有Port 加入

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2 10   VLAN0010                         active 
20   VLAN0020                         active    1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Switch(config)#int range fastEthernet 0/1-2
Switch(config-if-range)#switchport access vlan 10 
Switch(config-if-range)#int range fastEthernet 0/3-4
Switch(config-if-range)#switchport access vlan 20

將fastEthernet 0/1-2加入vlan 10，fastEthernet 0/3-4加入vlan 20

Switch#sh vlan

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2 10   VLAN0010                         active    Fa0/1, Fa0/2
20   VLAN0020                         active    Fa0/3, Fa0/4 1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

設定port-security 功能

cisco 的 port-security功能是用來限制一個 port 只能學習到的指定數量的 MAC 位址，以防止下列情況發生。

• 使用者帶她自己的 router, switch, hub 來產生自己的小網路。
• 使用者自己帶一台任意筆記電腦，插入公司的 port 來存取公司網路。
• 非經許可的安裝 virtual machine 產生多個 mac 使用網路。

設定：port-security
Switch(config)#int range fastEthernet 0/1-24
Switch(config-if-range)#switchport mode access
將Port 運作模式設定為Access Port,作為接末端設備使用
Switch(config-if-range)#switchport port-security
啟動port-security 機制
Switch(config-if-range)#switchport port-security mac-address sticky
設定為自動學習MAC Address,這樣就可以不用手動輸入
Switch(config-if-range)#switchport port-security maximum 1
記錄的MAC Address的數量上限為1筆
switchport port-security violation shutdown
一旦偵測到違反政策時，關閉該Port

重新啟動介面
Switch#clear port-security all
清除port-security資料
Switch(config)#int fastEthernet 0/1
Switch(config-if)#sh
Switch(config-if)#no sh