交换机配置

YesterdayxD
126 阅读4分钟

ssh配置

# 进入特权模式
en

# 进入配置模式
conf t
# 禁用dhcp
no management ip address dhcp
# 添加交换机的ip
management ip address 100.2.44.111/24
# 添加交换机的网关
management route add gateway  100.2.44.1
# 添加用户密码(admin 2021@inspur)
username admin password 2021@inspur
# 配置进入特权模式的密码
enable password 2021@inspur
# 配置用户的特权等级
username admin privilege 4 password 2021@inspur

# 这一段不知道干了啥
# 进入用户模式
line vty 0 7
# 设置验证模式
login local
# 设置连接服务器的协议类型(all全部:ssh telnet)
transport input all
# 退出用户模式
exit

# 退出配置模式
exit

#写入
write

交换机抓包

CPU镜像模式

Switch# configure terminal	进入配置模式
Switch(config)# monitor session 1 destination cpu	配置cpu 为session 1镜像目的口
Switch(config)# monitor session 1 source interface eth-0-1 both	配置eth-0-1为session 1 的镜像源,方向为both(缺省值也为both)
Switch(config)# monitor cpu set packet buffer 100	配置mirror cpu的内存存储空间大小为100个包,最多100个包。
Switch(config)# cpu-traffic-limit reason mirror-to-cpu rate 128	配置mirror 到cpu的包的速率为128pps
Switch#  exit	退出全局配置模式

2. 配置mirror cpu的抓包策略为drop,其中replace为默认值。
Switch(config)# monitor cpu capture strategy drop	配置mirror cpu的抓包策略为drop。(即:当内存空间写满之后,丢弃新包)
Switch(config)# monitor cpu capture strategy replace	配置mirror cpu的抓包策略为replace。(即:当内存空间写满之后,新包替换最旧包)



1.示例中创建了会话1用以监控源端口eth-0-1的流量,并通过show 命令查看mirror to cpu的报文。可以使用显示会话命令查看配置:
Switch# show monitor session 1
DUT1# show monitor session 1
Session   1
----------
Status             : Valid
Type               : Cpu Session
Source Ports       :
  Receive Only     : 
  Transmit Only    : 
  Both             : eth-0-1 
Source VLANs       :
  Receive Only     : 
  Transmit Only    : 
  Both             : 
Destination Port   : cpu
2. 查看报文mirror到 cpu后内存存储的包
DUT1# show monitor cpu packet all 
-----------------show all mirror to cpu packet info-----------------
packet: 1
Source port: eth-0-1
MACDA:264e.ad52.d800, MACSA:0000.0000.1111
vlan tag:100
IPv4 Packet, IP Protocol is 0
IPDA:3.3.3.3, IPSA: 10.0.0.2
Data length: 47
Data:    
 264e ad52 d800 0000 0000 1111 8100 0064    
 0800 4500 001d 0001 0000 4000 6ad9 0a00    
 0002 0303 0303 6365 6e74 6563 796f  75
3. 查看配置mirror cpu内存buffer大小
DUT1# show monitor cpu packet buffer 
--------------------show packet buffer size ---------------------
The mirror-to-cpu packet buffer size of user set is: 100
4. 查看配置mirror cpu的报文上cpu的速率
DUT1# show cpu traffic-limit | include mirror-to-cpu
mirror-to-cpu              128           0
5. 查看mirror cpu报文的存储文件
DUT1# ls flash:/mirror
Directory of flash:/mirror  
 
total 8
-rw-r-----  1 2287 Dec 23 01:16 MirCpuPkt-2016-12-23-01-15-54.txt
-rw-r-----  1 2568 Jan  3 11:41 MirCpuPkt-2017-01-03-11-41-33.txt
14.8T bytes total (7.9T bytes free)
DUT1# more flash:/mirror/ MirCpuPkt-2017-01-03-11-41-33.txt
sequence  srcPort
1          eth-0-1                         
++++++++1483443444:648884
8c 1d cd 93 51 00 00 00 00 00 11 11 08 00 45 00 
00 26 00 01 00 00 40 00 72 d0 01 01 01 01 03 03 
03 03 63 65 6e 74 65 63 79 6f 75 63 65 6e 74 65 
63 79 6f 75 
--------
sequence  srcPort
2          eth-0-1                         
++++++++1483443445:546440
8c 1d cd 93 51 00 00 00 00 00 11 11 08 00 45 00 
00 26 00 01 00 00 40 00 72 d0 01 01 01 01 03 03 
03 03 63 65 6e 74 65 63 79 6f 75 63 65 6e 74 65 
63 79 6f 75 
6.在转换成pcap 文件后,可以通过wireshark打开
DUT1#ls flash:/mirror
Directory of flash:/mirror  
 
total 12
-rw-r-----  1 2287 Dec 23 01:16 MirCpuPkt-2016-12-23-01-15-54.txt
-rw-r-----  1 2568 Jan  3 11:41 MirCpuPkt-2017-01-03-11-41-33.txt
-rw-r--r--  1  704 Jan  3 13:07 test.pcap
14.8T bytes total (7.9T bytes free)
7.查看mirror cpu的抓包策略
DUT1# show monitor cpu capture strategy 
The capture strategy of cpu mirror is: replace (add new packet and remove oldest
 packet when buffer is full
8.补充命令
如果没有生成相应的文件,通过这个命令启动
Switch# monitor cpu capture packet start 
copy flash:/mirror/文件名  mgmt-if tftp://10.69.65.59/文件名
pcap convert 文件A 文件B
tftp客户端用一个tftp.exe的文件在windows上启动即可
avatar
文章
阅读
粉丝