KL-EDU 網際網路教育訓練 D-Link Taiwan 友訊科技台灣分公司 TTSS 電信技術支援課 Name: Phone:02-66000123, Email:
Agenda 網站資源說明 D-Link交換器分類與介紹 初始連線設定 基本功能設定 L2功能說明 L3功能說明 監控與除錯 CWM功能介紹 Q&A
網站資源說明
產品說明 D-Link產品資訊 http://www.dlink.com.tw
手冊與韌體下載 D-Link產品手冊與韌體下載 http://tsd.dlink.com.tw
手冊與韌體下載 Ex:選擇DGS-3120
D-Link 交換器產品介紹
D-Link Switch命名規則 EX:DES-3528 (24 port 10/100M UTP+2 port 1G combo+ 2 1G UTP Port) 說明: (1)D-Link FastEthernet Switch:以10/100M為主要的Port,搭配2 or 4 1G uplink (2)3500系列的swith (5)28表示全部可同時使用的port為28個 EX:DGS-3420-28TC (20 port 10/100/1000 UTP+4 1G combo+4 10G Fiber) (1)D-Link GigiBit Switch:以1GM為主要的Port,搭配2 or 4 1G or 10G uplink (2)3420系列的swith
D-Link Switch命名規則 DES-3528 combo DGS-3420-28TC combo
D-Link 交換器產品分類 SW產品線區分以下6種類型 (1)Unmanaged Switches-無任何管理功能 EX:DGS-1000系列 (2)Smart Switches—可透過web進行功能常用功能設定 EX:DGS-1200系列 (3)Smart Pro Switches—可透過web進行功能常用功能設定與簡易CLI EX:DGS-1500系列 (4)Stackable SmartPro Switches-支援10G堆疊與console介面與完整的CLI指 令支援 EX:DGS-1510系列 (5)Standard Managed Switches—具備CLI指令設定能力,但功能較為低階 EX:DES-3000系列 (6)xStack Managed Switches--具備最完整功能的管理型交換器,屬於高階機種 EX:DGS-3120/3420/3620
D-Link Switch 分類 Feature P r i c e DGS-3120 series DGS-3000 series L2 Managed Switch Web Smart Switch SmartPro Switch DGS-3120 series L3 Managed Switch Multi-language GUI Compact CLIs SNMP v1/v2c/3 D-View ACL Green v3.0 PoE model Multi-language GUI Static Route Virtual stacking (SIM) 4K VLAN groups RPS for PoE model IPv6 Ready Logo Phase II Green v3.0 L3 Routing (EI/RI) Physical stacking Dual image Advanced security features OOB console Portable config/ image file Real time clock (RTC) OAM, ERPS RPS Support DC Power 6kV Surge & Lightning Protection External Alarm Port (26TC) L2PT Q-in-Q Outstanding Triple-play support DGS-1510 series Stackable SmartPro Switch 2 x 10 G SFP+ Full featured CLIs RJ-45 console port DoS Attack Prevention DGS-1500 series DGS-1210 series Feature P r i c e
Entry Level L2 GE Managed Switch 802.3at DGS-3120 Series 24TC/24SC/24SC-DC/24PC/48TC/48PC Release 2.0 D-Link Green 3.0 (SI) LBD v4.03 (SI) SMTP (SI) LLDP-MED (SI) L3 Control Packet Filtering (SI) DDM (EI) IMPB 3.91 (EI) 802.3ah Ethernet Link OAM (EI) WAC / JWAC for IPv6 (EI) DHCPv6 Client (EI) DHCPv6 Relay Agent (EI) Release 2.5 DLMS SNTP for IPv6 DLMS Ready DGS-3120 Series Rev.A2 EEE Support Layer 3 802.3af Phase Out DGS-3100 series replaced by DGS-3120 series Available In Development In Plan DGS-3100 Series 24/24P/48/48P Q4 / 2011 Q1/ 2012 Q2 / 2012 Q3 / 2012 12 12
DGS-3120 SI & EI版本功能區分 Enhanced Image (EI) Standard Image (SI) Note1: 802.1D/1w/1s Spanning Tree Protocol LBD (LoopBack Detection) 802.3ad Link Aggregation Port Mirroring IGMP/MLD Snooping GVRP 802.1Q Port/MAC-based VLAN Voice VLAN Private VLAN 802.1p Bandwidth Control ACL Time-based ACL/PoE SSH/SSL Asymmetric VLAN Traffic Segmentation DHCP Server Screening ARP Spoofing Prevention BPDU Attack Protection Port/Host Based 802.1X Port/Host Based WAC/MAC1 Identity-driven security policy assignment Microsoft NAP Support SNMP, RMONv1/v2 LLDP DHCP Auto-configuration DHCP Relay IPv6 Ready Logo Multiple images/configurations Enhanced Image (EI) ERPS (Ethernet Ring Protection Switching) Q-in-Q Static Route ARP Proxy IPv6 Management IPv6 Neighbor Discovery (ND) CoS Based on IPv6 Traffic Class CoS Based on IPv6 Flow Label ACL (Ingress / Egress / VLAN-based ACL) ACL Based on IPv6 Traffic Class ACL Based on IPv6 Flow Label IP-MAC-Port Binding (IMPB) Compound Authentication sFlow ICMPv6 802.3ah Ethernet Link OAM 802.3ah D-Link Extension: D-link Unidirectional Link Detection (DULD) Note1: WAC: Web-based Access Control MAC: MAC-based Access Control 13
DGS-3120系列堆疊架構 堆疊原則: DGS-3120系列最多能堆疊6台同系列交換器 ※DGS-3120系列不含CX4堆疊線(另購),堆疊介面為10G
初始連線設定
Access Switch 登入D-Link交換器預設並沒有帳號密碼 Default IP: 10.90.90.90 255.0.0.0 Default Username : 空白 Default Password : 空白 可支援的連線方式: RS-232: baud rate 9600 or 115200 (新款交換器皆使用115200) Telnet SSH HTTP HTTPS
CLI方式登入畫面
Web方式登入畫面
指令語法說明 指令區分大小寫 TAB或是?可以輔助完成與提示指令 範例:使用?號—列出所有動作可以接的指令 DES-3700-28:admin#show ? Command: show Next possible completions: 802.1p 802.1x access_profile account accounting acct_client address_binding arp_spoofing_prevention arpentry attack_log 範例:使用TAB---逐項由數字與A-Z顯示可接的指令 DES-3700-28:admin#show 802.1p 指令執行完後,出現Success字眼代表指令成功且立刻生效 DES-3700-28:admin#? show v Command: ? show v show vdsl brief_status show vdsl line show vdsl pm_threshold show vdsl profile show vlan show vlan ports show vlan vlanid show vlan_counter statistics show vlan_counter utilization
輔助功能指令(1) show command_history <說明> 查看剛剛所執行的CLI內容,畫面越上面的越靠近現在,越下面時間 越遠
輔助功能指令(2) disable clipaging <說明> 一般顯示log或config都會一頁一頁顯示,此功能停止畫面截斷功能 ,可以用在要擷取文字檔時,一次輸出,執行完後再復原即可 復原:enable clipaging
輔助功能指令(3) enable command logging <說明> 復原:disable command logging
Multiple Page Display Control Keys 指令輔助功能鍵 Space 顯示下頁內容。 CTRL+c 在顯示多頁內容狀態下,停止顯示剩餘頁面內容。 ESC n 顯示下一頁。 p 顯示前一頁。 q 當要顯示多頁面的狀態下,停止剩餘頁面的顯示。 r 刷新當前顯示頁面。 a 顯示剩餘頁面,中間無需暫停。 Enter 顯示下一行或表格條目。 Multiple Page Display Control Keys 下完指令後,可以利用上述按鍵進行各種檢查指令動作。 Console 最下面亦有提示.
常用功能說明
帳號權限分類 Admin權限:為最高權限使用者,可執行所有功能 DES-3700-28:admin# (預設登入帳號權限) Operator權限:為次級權限使用者,無法新增帳號/認證方式/SNMP,其 餘皆可執行 DES-3700-28:oper# User權限:為最低限使用者,無法新增與修改參數,僅能瀏覽 DES-3700-28:user# 而Operator可以config IP address.
新建/移除帳號(CLI) create account [admin | operator | user] <username 15> delete account <username> show account <說明> 用戶名為1至15個字元,密碼為0至15個字元,最多可以創建8個用戶帳號。 範例: DES-3700-28:admin#create account admin dlink Command: create account admin dlink Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DES-3700-28:admin#delete account dlink Command: delete account dlink 原login account 可繼續用, 至logout後就要用新的進入.
既有帳號的密碼調整 config account <username> <說明> 用戶名為1至15個字元,密碼為0至15個字元,系統會提示先 鍵入舊密碼,之後再建立新密碼 範例: DES-3700-28:admin#config account dlink Command: config account dlink Enter a old password:**** Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success.
交換器軟體功能狀態(CLI) show switch <說明> 此命令顯示交換機目前 (1)韌體版本(2)IP,Mask,GW (3)Web,Telnet,SSH,SSL等功能狀態 範例: Dual image不適用於控制download研在擇時開機!!
修改指令提示字眼 config command_prompt [<string 16> | username | default] <說明> <string 16> - 輸入一個不超過16個字元的字母數位元組合的字串來定義CLI 介面的命令提示。 username – 輸入該參數可以用交換機配置的登錄用戶名來替換當前的CLI命 令 default – 輸入該參數可以把命令提示變回出廠預設值。 範例: DES-3700-28:admin#config command_prompt TPS1-DTMC Command: config command_prompt TPS1-DTMC Success. TPS1-DTMC :admin#
IP位址配置(CLI) config ipif <ipif_name 12> [{ipaddress <network_address> |vlan <vlan_name 32> |state [ enable |disable]} show ipif <說明> 針對設備管理IP進行調整,注意ipif名稱有分大小寫,預設名稱為System create vlan mgmt tag 4092 config vlan mgmt add tag 27-28 config ipif System ipaddress 172.16.8.79/24 vlan mgmt Default 不用下”vlan”參數
新增預設閘設定(CLI) create iproute [default ] <ipaddr> {<metric 1-65535>} show iproute (顯示active可使用的routing) show iproute static (顯示static類型的routing) <說明> 建立一筆預設閘路由表 範例: DES-3700-28:admin#create iproute default 10.48.74.121 Command: create iproute default 10.48.74.121 Success. 移除Default route delete iproute default
移除預設閘設定(CLI) delete iproute default show iproute <說明> 移除一筆預設閘路由表 注意:若設定完default route後,使用show iproute要能夠顯示內容必須該ipif的 port是link up狀態 範例: DES-3700-28:admin#delete iproute default
存檔 save {[config | log | all]} <說明> config – 使用該參數保存當前的交換機配置到NV-RAM log – 指定保存當前log資料至NV-RAM。 all – 指定保存所有配置設置與log內容 範例: DES-3700-28:admin#save all Command: save all Saving configurations and logs to NV-RAM..... Done.. “save” = “save all” = save config and log.
重新開機(CLI) reboot {force_agree} <說明> force_agree 當指定force_agree時,不需要進一步確認立即執行重啟命令( 可不加此參數) 範例: DES-3700-28:admin#reboot Command: reboot Are you sure you want to proceed with the system reboot? (y/n)y Please wait, the switch is rebooting...
顯示設定檔內容(CLI) show config [ current_config | config_in_nvram ] show config current_config include “<string>” <說明> 可顯示設備目前設定資料,另外透過include功能可快速篩選設定內容,字串需要 加上雙引號 範例: show config current_config show config current_config include “vlan”
還原出廠預設(CLI) reset system <說明> 透過指令將設備還原成出廠預設值,設備會執行重開動作
升級韌體& 備份還原設定檔
開啟TFTP Server並指定檔案路徑
升級韌體 download firmware_fromTFTP 10.90.90.99 DES-3528_v10.had reboot
備份設定與還原 開啟TFTP Server,並指定好路徑 備份設定檔 upload cfg_toTFTP 192.168.1.1 dest_file des-3552.cfg 回復設定檔 download cfg_fromTFTP 10.90.90.1 src_file des-3552.cfg save reboot
基本功能設定
SNTP Server (CLI) <說明> 設定SNTP Server校時功能 範例: config time_zone {operator [+ | -] | hour <gmt_hour 0-13> | min <minute 0-59>} config sntp {primary <ipaddr> | secondary <ipaddr> | poll-interval <int 30- 99999>} sec enable sntp <說明> 設定SNTP Server校時功能 範例: config time_zone operator + hour 8 min 0 config sntp primary 172.19.20.250 secondary 0.0.0.0 poll-interval 720 檢查設定 show sntp 720 / 60 = 12分鐘。
設定本地時間 (CLI) config time <date ddmmmyyyy> <time hh:mm:ss> <說明> 配置系統時間和日期設置。如果配置並啟用了SNTP,這些設置將被覆蓋。 date – 使用兩個數位字元來表示月份中的日期,三個字母字元表示月份,四個 數位字元表示年份。例如:03aug2003 範例: config time_zone operator + hour 8 min 0 config time 30oct2009 16:30:30 設備具備RTC(real time clock)功能,設備重新開機可以持續顯示正確西元時間 註:如果要手動設定目前時間,請務必將SNTP功能Disable。
顯示設備開機時間 (CLI) show time (System clock) <說明> 此指令可顯示設備最近一次開機的時間與目前的時間 範例: DES-3700-28:admin#show time Command: show time Current Time Source : System Clock Boot Time : 13 Oct 2009 21:25:47 Current Time : 13 Oct 2009 23:57:19 Time Zone : GMT +08:00 Daylight Saving Time : Disabled Offset In Minutes : 60 Repeating From : Apr 1st Sun 00:00 To : Oct last Sun 00:00 Annual From : 29 Apr 00:00 To : 12 Oct 00:00
顯示設備開機時間 (CLI) show time (SNTP) Down_3710-12C:5#show time <說明> 此指令可顯示設備最近一次開機的時間與目前的時間 範例: Down_3710-12C:5#show time Command: show time Current Time Source : Primary SNTP Server Boot Time : 13 May 2011 16:26:51 Current Time : 24 May 2011 14:02:00 Time Zone : GMT +08:00 Daylight Saving Time : Disabled Offset In Minutes : 60 Repeating From : Apr 1st Sun 00:00 To : Oct last Sun 00:00 Annual From : 29 Apr 00:00 To : 12 Oct 00:00
設定syslog Server (CLI) create syslog host <index 1-4> ipaddress <ipaddr> {severity [informational | warning | all] | facility [local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7] | udp_port <udp_port_number> | state [enable | disable] <說明> 藉由設定外部syslog server可將交換器發生事件導引至外部儲存備查,作為除 錯的資訊 可設定四組syslog server,並可依據不同的severity送至不同的server 範例: enable syslog create syslog host 1 ipaddress 172.17.10.100 state enable 檢查設定 show syslog show syslog host Syslog default disabled.
Log儲存設定(CLI) config log_save_timing [time_interval <min 1-65535> | on_demand | log_trigger] <說明> 交換器Log若不經過儲存的動作,設備重開後訊息將消失,透過 此功能可保全交換器log以利查測原因 Default為on_demand 範例: config log_save_timing time_interval 60 10 = 10 min Switch的log最大1000筆
Log儲存設定(WEB) 設定路徑:System Configuration / System Log Configuration 1 4.按下確定鍵. 2.選擇儲存模式為Time Interval 3.輸入時間單位(分鐘) 5.將設定存檔.
Ethernet介面設定(CLI) <說明> 針對Port調整速率與全半雙工或是用戶端描述 範例: config ports <GE_portlist> | all ] {medium_type[fiber|copper]} { speed [auto | 10_half | 10_full | 100_half | 100_full | 1000_full{master|slave}] | flow_control [enable | disable] | learning [enable | disable ]| state [enable | disable ] | [description <desc 1-32 > | clear_description]} show ports <說明> 針對Port調整速率與全半雙工或是用戶端描述 範例: DES-3700-28:admin#config ports 1 speed 100_full config ports <GE_portlist> => only Giga 25,26可設定.
802.1Q vlan原理說明
Port based vlan v10 v10
Port based vlan v10 v20 v30 v10 v20 v30 192.168.10.2/24 192.168.20.2/24 192.168.30.2/24 P1-8 P9-16 P17-24 v10 v20 v30 p1 p9 p17 p1 p9 p17 v10 v20 v30 P1-8 P9-16 P17-24 192.168.10.1/24 192.168.20.1/24 192.168.30.1/24
tag based vlan v10 v20 v30 v10 v20 v30 192.168.10.2/24 192.168.20.2/24 192.168.30.2/24 P1-8 P9-16 P17-24 v10 v20 v30 tag25 tag25 v10 v20 v30 P1-8 P9-16 P17-24 192.168.10.1/24 192.168.20.1/24 192.168.30.1/24
IEEE 802.1p/802.1q Frame Tagging The 32-bit field (VLAN Tag) in the frame header that identifies the frame as belonging to a specific VLAN/priority. The Max. size of a Tagged Ethernet Frame is 1522 Bytes (1518+ 4 bytes tagging). The frame without VLAN tag, we call it as Untagged Frame or Frame. DA SA Data CRC Regular frame (or untagged frame) DA SA Tagging Data CRC 802.1q/1p tagged frame 8100 Priority CFI VID 15 18 19 31 Priority (1p) has 3 bits, 0-7. VLAN (1q) has 12 bits, 0-4095
802.1p/1q Untagged Incoming Frame Assumed the PVID of port4 is 2 and default priority=0 The incoming untagged packet will be assigned to VLAN 2/priority=0 Port5 is tagged and port 7 is untagged egress member of VLAN 2 This packet will be forwarded to port5 and port7 with tagged and untagged respectively. Priority tagging (802.1p) follows the similar rule as 802.1q tagging.
802.1p/1q Untagged Incoming Frame The untagged packet is tagged as it leaves the switch through tagged port The VID is related to PVID of the incoming port The untagged packet is unchanged as it leaves the untagged port
802.1p/1q Untagged Incoming Frame Assumed tagged incoming packet having vid=2/priority=0 Port5 is a tagged and port 7 is an untagged egress member of VLAN 2 This packet will be forwarded to port5 and port7
802.1p/1q Untagged Incoming Frame The tagged packet remains unchanged The tagged packet is stripped as it leaves the switch through untagged port
802.1p/1q Tagging summary Ingress (incoming frame): If receiving untagged frame, add the tag into this frame with VID=PVID and priority= 802.1p default priority If receiving tagged frame, the VID/priority values are unchanged. Inside the Switch (all frames are tagged) For VLAN, based on the VID to lookup the VLAN table, and forward frame to member ports of this VLAN. For priority, based on the “Class of Service mapping” to process the frame with associated priority Queue. Egress (outgoing frame): Untagged egress port: Remove the tagging. Tagged Egress port: Un-change the tagging, so that the 1p/1q info can be carried to next 802.1p/q aware switch.
Loop detect
問題:網路迴圈 使用者以自備交換器連結網路,造成無法預期的迴圈。 迴圈導致封包風暴,癱瘓整個網路。 Packet Storm Loop
解決網路迴圈問題 D-Link解決方案:Loopback Detection ( LBD v4.04 ) STP (Spanning Tree Protocol) Independent 無網管型交換器不具備Spanning Tree Protocol功能。 D-Link交換器設計即使不開啟STP功能,亦可偵測出Loop。 LBD彈性設定,防止迴圈 Port-based VLAN-based V1 V2 V1 V2 PC1 Loop Loop PC2 2. VLAN-based LBD 依據發生迴圈的VLAN阻擋流量,該連接埠不關閉。 1. Port-based LBD - 連接埠關閉,無流量可通過。 62
LBD迴圈偵測情境 Status A Status B Status C Loop Loop Loop
Loopdetect-Topology1 Port based LBD PCB p7 SW1 p1 p5 Loop SW2 PCA
SW1 config CLI config loopdetect mode port-based config loopdetect ports 1-24 state enabled enable loopdetect config loopdetect interval 2 config loopdetect recover_timer 60 Check status show loopdetect ports all show log show ports
LBD config 設定內容,每隔2秒針測一次,問題發生阻斷60秒
LBD Status 問題Port顯示Loop! Port狀態會顯示Err-Disabled
LBD Status Log記錄LBD發生與復原的時間
Loopdetect-Topology2 Port based LBD PCB p7 SW1 p1 p3 p5 Loop SW2 PCA
LBD status 兩個Port會顯示Loop!
LBD status Port顯示Err-Disabled
LBD Status Log顯示內容
Loopdetect-Topology3 PCB 100.100.100.2 v20 SW1 p1 p1 SW2 p2 v10 v20 PCA 100.100.100.1
SW1 config create vlan v10 tag 10 create vlan v20 tag 20 config vlan default delete 1-24 config vlan v10 add untag 2-4 config vlan v20 add untag 5-8 config vlan v10 add tag 1 config vlan v20 add tag 1 config loopdetect mode vlan-based config loopdetect ports 1-24 state enabled enable loopdetect config loopdetect interval 2 config loopdetect recover_timer 60 save
SW2 config create vlan v10 tag 10 create vlan v20 tag 20 config vlan default delete 1-24 config vlan v10 add untag 2-4 config vlan v20 add untag 5-8 config vlan v10 add tag 1 config vlan v20 add tag 1 save
LBD status 採用vlan based,會顯示異常的vlan id資訊
LBD Status Port 1依然會顯示Err-Disabled,但沒有將實體Port關閉
LBD Status Log顯示特定vlan發生LBD問題
LBD Status 異常的port1持續收到100%的上行流量,此為vlan10造成
LBD Status Vlan20的兩台PCB ping PCA,正常沒有影響
Layer3功能設定
IP Routing Behavior 1.FDB Table: Record the VLAN, Port and MAC address mapping information. Uses for Layer 2 hardware forwarding. 2.ARP Table: Record the Local Host IP and MAC address mapping information. Uses to communicate with Local Host. 3.Routing Table: Record the Routing information from other networks. Uses for remote networks IP hardware routing . Objective: PC1 to Server PC1 sends an ARP request to query its default gateway and adds it to ARP table PC1 sends the ICMP echo packet directly to its default gateway. Layer 3 switch will start to do the following things, while it receives the packets from PC1: ARP stage: Learn the PC1’s MAC address into fdb table Learn the PC1’s IP/MAC address into the ARP table Send the ARP reply to PC1 Routing Stage: (receive the ICMP echo from PC1) Layer 3 switch will first check if the destination IP address is in the ipfdb table Layer 3 switch will then check if the destination ip sunbet is in the routing table
Table比對順序(p1) PC發送封包的檢查順序 Routing table-ARP Table
Table比對順序(p2) Switch接收到封包後,要轉送的檢查順序 Routing Table--> ARP Table - FDB Table Routing table
Table比對順序(p2) Switch接收到封包要轉送的檢查順序 Routing Table--> ARP Table - FDB Table ARP table
Table比對順序(p2) Switch接收到封包要轉送的檢查順序 Routing Table--> ARP Table - FDB Table FDB table
Layer 2 ARP Operations Host A need access Host B. 87 Layer 2 ARP Operations Host A need access Host B. Host A broadcasts an Address Resolution Protocol (ARP) request. If Host B is in the broadcast domain it responds with its MAC address. 1 Host A Network 10.0.0.0/24 Host B Destination MAC Address Broadcast Source MAC Address "A" Source Host IP Address "A" Destination IP Host Address "B" Host A to Host B 2 Destination IP Host Address "A" Source Host IP Address "B" Source MAC Address "B" Destination MAC Address "A" Host B to Host A 3 Slide 87
Layer 3 Routing Operations (1) 88 Layer 3 Routing Operations (1) Host A need access Host B and host A check it’s routing table and arp table Host A broadcasts an Address Resolution Protocol (ARP) request to L3 ipif_10. L3 ipif_10 responds ARP with its MAC address. 2 Ipif_10 10.0.0.254/24 Host A 3 Ipif_20 20.0.0.254/24 Host B Destination MAC Address Broadcast Source MAC Address "A" Source Host IP Address "A" Destination IP Host Address “ipif_10" ARP request 2 Destination IP Host Address "A" Source Host IP Address “ipif_10" Source MAC Address “mac_10" Destination MAC Address "A" ARP response 3 Slide 88
Layer 3 Routing Operations (2) 89 Layer 3 Routing Operations (2) Host A send icmp packet to host B and the dest mac is mac_10 L3 check the packet with it’s routing table and check it has the arp entry or not L3 ipif_20 broadcasts an Address Resolution Protocol (ARP) request to host B Ipif_10 10.0.0.254/24 4 Host A 5 Ipif_20 20.0.0.254/24 6 Host B Destination MAC Address “mac_10” Source MAC Address "A" Source Host IP Address "A" Destination IP Host Address “Host B" Host A to Host B 4 Destination IP Host Address “B" Source Host IP Address “ipif_20" Source MAC Address “mac_20" Destination MAC Address “B" ARP request 6 Slide 89
Layer 3 Routing Operations (3) 90 Layer 3 Routing Operations (3) Host B L3 responds ARP with its MAC address. L3 ipif_20 send icmp packet to Host B. Ipif_10 10.0.0.254/24 Host A Ipif_20 20.0.0.254/24 7 8 Host B Destination MAC Address “mac_10” Source MAC Address "A" Source Host IP Address "A" Destination IP Host Address “Host B" ARP response 7 Destination IP Host Address “B" Source Host IP Address “A" Source MAC Address “mac_20" Destination MAC Address “B" Host A to Host B 8 Slide 90
Local IP Routing Objective: Net1 Net2 Net3 Net4 D-Link L3 switch .254 .254 .254 .254 Server 192.168.4.1/24 Gw192.168.4.254 PC 1 192.168.1.1/24 Gw192.168.1.254 PC2 192.168.2.1/24 Gw192.168.2.254 PC3 192.168.3.1/24 Gw192.168.3.254 Objective: Different IP Interface can routed in a stand alone device without any Layer 3 protocol Enable. Principle: L3 switch will create 4 local routes in the Routing table. Packets to the different subnet will be routed based on the routing table. Objective: PC1 to Server PC1 sends an ARP request to query its default gateway and adds it to ARP table PC1 sends the ICMP echo packet directly to its default gateway. Layer 3 switch will start to do the following things, while it receives the packets from PC1: ARP stage: Learn the PC1’s MAC address into fdb table Learn the PC1’s IP/MAC address into the ARP table Send the ARP reply to PC1 Routing Stage: (receive the ICMP echo from PC1) Layer 3 switch will first check if the destination IP address is in the ipfdb table Layer 3 switch will then check if the destination ip sunbet is in the routing table
Local IP Routing範例說明 PROCDEURE: 1. Delete ports from default vlan for other vlan use. config vlan default delete 1-24 2. Create VLAN, add ports into it, and then create IP interface for the VLAN. create vlan v101 tag 101 config vlan v101 add untagged 1-6 create ipif net1 192.168.1.254/24 v101 state enable create vlan v102 tag 102 config vlan v102 add untagged 7-12 create ipif net2 192.168.2.254/24 v102 state enabled create vlan v103 tag 103 config vlan v103 add untagged 13-18 create ipif net3 192.168.3.254/24 v103 state enabled create vlan v104 tag 104 config vlan v104 add untagged 19-24 create ipif net4 192.168.4.254/24 v104 state enabled save 3. Check if IP interfaces are correctly configured. show vlan show ipif At Client PC Manually configure IP address, mask, for the associated IP Network. Gateway = L3 switch’s Interface IP
跨設備的IP Routing—static route 192.168.5.254/24 192.168.5.253/24 SW1 192.168.1.253/24 192.168.1.254/24 SW2 SW1 .254 .254 .254 .254 Objective: PC1 to Server PC1 sends an ARP request to query its default gateway and adds it to ARP table PC1 sends the ICMP echo packet directly to its default gateway. Layer 3 switch will start to do the following things, while it receives the packets from PC1: ARP stage: Learn the PC1’s MAC address into fdb table Learn the PC1’s IP/MAC address into the ARP table Send the ARP reply to PC1 Routing Stage: (receive the ICMP echo from PC1) Layer 3 switch will first check if the destination IP address is in the ipfdb table Layer 3 switch will then check if the destination ip sunbet is in the routing table PC 1 192.168.1.1/24 Gw192.168.1.254 PC2 192.168.2.1/24 Gw192.168.2.254 PC3 192.168.3.1/24 Gw192.168.3.254 Server 192.168.4.1/24 Gw192.168.4.254
設備的IP Routing---static route SW1 create iproute default 192.168.5.254 create iproute 192.168.2.0/24 192.168.1.254 create iproute 192.168.3.0/24 192.168.1.254 create iproute 192.168.4.0/24 192.168.1.254 save SW2 create iproute default 192.168.1.253
Troubleshooting
顯示埠使用率(CLI) <說明> 顯示交換器每個Port的使用率,單位為packets/sec 範例: show utilization ports <說明> 顯示交換器每個Port的使用率,單位為packets/sec 範例:
Port status show ports <說明> 查看設備Port的速率與全半雙工狀態 p1 p1
Error status show error ports 1 <說明> 檢視每個Port在ethernet端的錯誤封包統計 Half mode這端會因為流量多時而出現collision統計 Full mode這端會有CRC產生 Half mode port p1 p1
顯示封包數量(CLI) show packet ports <portlist> <說明> 可顯示每個Port的Tx/Rx資料 範例:
顯示CPU使用率(CLI) <說明> 顯示交換器CPU每5秒/1分鐘/5分鐘使用率 範例: DES-3700-28:admin#show utilization cpu
Layer 2 Data link layer 第二層除錯 1.Vlan的port配置錯誤/untag/tag測試錯誤 2.Vlan id設定錯誤 3.Spanning tree封鎖 4.Protocol vlan配置錯誤 show fdb show vlan show port dot1v show stp ports show vlan_counter
檢視MAC位址(CLI) 範例: show fdb show fdb {port <port> | vlan <vlan_name 32> | mac_address <macaddr> | static | aging_time} <說明> port <port> 與目的MAC目的地址相對應的埠號。 <vlan_name 32> MAC地址所在的VLAN名稱。 <macaddr> 轉發資料庫表中顯示的MAC位址。 static 顯示靜態MAC位址條目。 aging_time 顯示MAC位址轉發資料庫的存在時間。 範例: show fdb
Vlan狀態 show vlan <說明> 檢視valn id, port untag/tag是否正確
顯示Log (1) <說明> 越新的Log在越上面顯示,index id數值越大越新產生 show log {index <value_list> | severity | module} <說明> 越新的Log在越上面顯示,index id數值越大越新產生 可加上index id直接查看該筆資訊,不加則顯示全部
顯示Log (2) 範例: show log severity critical <說明> show log severity [module | emergency | alert |critical |error | warning | notice |informational debug] <說明> 在log相當多的情況下,可以透過severity的功能先查看是否有嚴重性的Log出現,以及 出現的時間來對照問題發生的時間點 範例: show log severity critical
ARP狀態說明 show arpentry <說明> 透過arp資料可以查驗ip與mac的對應關係,但前提是交換器在該vlan上有設定IP,且需 與client之間有封包間的互動,例如ping,以L2 Switch而言,因為client端的GW IP並不 是Layer2 Switch,一般L2 Switch不會記錄ARP 如果show arp沒有該IP的資料,可以先用SW ping該client IP,再執行show即可
Mirror功能(CLI) <說明> Mirror功能可複製特定port的雙向流量,導出目的Port以分析封包內容除錯 範例: config mirror port <port> {[add | delete] source ports <portlist> [rx | tx | both]} enable mirror <說明> Mirror功能可複製特定port的雙向流量,導出目的Port以分析封包內容除錯 範例: 將port 2-5雙向的流量送至Port 1內的分析軟體 config mirror port 1 add source ports 2-5 both
可檢視設備硬體狀況 show environment
Device check show device
CWM
Login Page http://210.240.1.119
CWM Add Site
CWM Add Site Network Name
Configuration dlinkTaiwan Add SSID
設定2.4GHz Primary SSID名稱及加密方式
設定5GHz Primary SSID名稱及加密方式
設定AP的管理者帳號及密碼
設定2.4GHz SSID1 WPA2-Enterprise
設定5GHz SSID1 WPA2-Enterprise
匯出AP設的設定檔
pctool 使用方式 internet CWM Server 220.135.83.30 DFL-260E 192.168.1.1/24 Switch L2 NB AP1 AP2
變更其中一台AP IP為192.168.1.12 變更中… 如果全部要一起變更,請全選再一起設定IP,其它AP IP會依序加1
批次同時更改多台AP IP位置
同時匯入設定檔到AP中 選好所有AP後,再點選Set GroupInfo ,並選好設定檔好,按OK,進行套 用到所用AP上,設定好後,AP就可以主動連線到Central WiFiManager 伺服器上 同時寫入中
已上線的AP,第一次並未套用profile下去,
手動套用profile 到已納管的AP中
套用profile 到已納管的AP中 套用設定到AP群組中 伺服器端可以看到AP連線進來取設定檔
套用profile 到已納管的AP中 已套用profile 成功
遠端確定設定檔是否有寫入AP
RF Optimization
Online Client IP Alias
利用report查詢用戶的連線資訊(filter by Alias) Key Words 是有區分大小寫
點選Station 可以查詢連線到此AP的用戶資訊
Undefine AP加入到其它Profile
Q&A Thank you