The application of VLAN in network management
1. Preface The
computer network of Guangzhou Branch is part of the second phase of the "100 Networking" project of the Chinese Academy of Sciences. The network center equipment was installed and
operated in early 1998. With the development of user access and network applications, it is running, Encountered many problems in management. While there has been gradual improvement of network
distribution center equipment and servers and the establishment of appropriate management systems, some issues can be resolved and control, but to prevent a
few recalcitrant users often use unauthorized IP access problems can not be solved, network management personnel It takes a lot of energy for this. At that
time, I wanted to do IP-MAC binding on the border router, but because CSTNET considers the overall security of the network, the border router has the right to manage
Controlled by the hospital network center, Guangzhou branch network node is two, such as the IP-MAC binding on the border router, unfavorable
to network monitoring and management, a number of events that may occur can not respond quickly, so It is actually not feasible. Solving the
problem can only be started on the network center equipment of Guangzhou Branch.
Second, the network structure configuration and solution
Since 4500 is only equipped with high-speed port f0, the rest are asynchronous ports, so that the border routing Cisco 2514 can only access the Catalyst 3200,
and form a "flat structure" structure with all LANs, which causes inherent deficiencies to prevent IP theft problems .
From the analysis of the Catalyst 3200 virtual network function, it can be seen that in addition to the advantages of the virtual network function itself,
the high-speed ports of the Catalyst 3200 switch and Cisco 4500 router support ISL (InterSwitch Link) and VTP (VLAN TRUNK PROTOCOL),
which provides for enhanced network management. Strong technical guarantee. By setting the virtual network on the Catalyst 3200 port, and then according
to the principle of the physical location, working nature, and network communication load of the network users as much as possible, all network users are included in different
virtual subnets. Each subnet passes through the Catalyst 3200 and Cisco 4500. The high-speed port connection-routing, and then bind the IP-MAC to the
Cisco 4500 may achieve the intended purpose.
3. Configuration of virtual subnet VLAN
1) . Configuration of VLAN and VTP on Catalyst 3200 switch enters Catalyst 3200 console via hyper terminal
a). Set VLAN management domain and enter "SET VTP AND ...", select "VTP ADMINISTRATION"
CONFIGURATION "Set the VALN management domain name" GIETNET "; VTP mode is" SERVER ".
B). Set VLAN and TRUNK: Connect all subnet switches and HUBs to the 10MB or
100MB ports of the Catalyst 3200 , and assign VLANs according to the above principles , And divide these ports into virtual networks as follows:
This setting is to select "LOCAL VLAN PROT CONFIGURATION" from the CONFIGURATION of the console
, specify the VLAN and TRUNK port, and fill all 3 VLANs into the TRUNK port configuration sheet In the end, the
following is shown as
2). The setting of
the Cisco 4500 router "splits" the f0 port of the Cisco 4500 into the corresponding "sub-ports" according to the number of subnets. According to the ISL
(InterSwitch Link) number set by it , proceed with the corresponding subnet Logical connection. In this example, f0 is divided into f0.1,
f0.2, and f0.3 to connect to VLAN1, VLAN2, and VLAN3, and the configuration commands are as follows:
router # config t
router (config) #int f0.1
router (config-subif) #Description VLAN1_GIET
router (config-subif) #ip address 192.168.111.1 255.255.255.192
router (config-subif) #encapsulation isl 2
..
router (config) #int f0.2
router (config-subif) #Description VLAN2_gzbnic
router (config-subif) #ip addess 192.168.111.65 255.255.255.192
router (config-subif ) #encapsulation isl 3
..
Ctl Z
wr is
1. Preface The
computer network of Guangzhou Branch is part of the second phase of the "100 Networking" project of the Chinese Academy of Sciences. The network center equipment was installed and
operated in early 1998. With the development of user access and network applications, it is running, Encountered many problems in management. While there has been gradual improvement of network
distribution center equipment and servers and the establishment of appropriate management systems, some issues can be resolved and control, but to prevent a
few recalcitrant users often use unauthorized IP access problems can not be solved, network management personnel It takes a lot of energy for this. At that
time, I wanted to do IP-MAC binding on the border router, but because CSTNET considers the overall security of the network, the border router has the right to manage
Controlled by the hospital network center, Guangzhou branch network node is two, such as the IP-MAC binding on the border router, unfavorable
to network monitoring and management, a number of events that may occur can not respond quickly, so It is actually not feasible. Solving the
problem can only be started on the network center equipment of Guangzhou Branch.
Second, the network structure configuration and solution
Since 4500 is only equipped with high-speed port f0, the rest are asynchronous ports, so that the border routing Cisco 2514 can only access the Catalyst 3200,
and form a "flat structure" structure with all LANs, which causes inherent deficiencies to prevent IP theft problems .
From the analysis of the Catalyst 3200 virtual network function, it can be seen that in addition to the advantages of the virtual network function itself,
the high-speed ports of the Catalyst 3200 switch and Cisco 4500 router support ISL (InterSwitch Link) and VTP (VLAN TRUNK PROTOCOL),
which provides for enhanced network management. Strong technical guarantee. By setting the virtual network on the Catalyst 3200 port, and then according
to the principle of the physical location, working nature, and network communication load of the network users as much as possible, all network users are included in different
virtual subnets. Each subnet passes through the Catalyst 3200 and Cisco 4500. The high-speed port connection-routing, and then bind the IP-MAC to the
Cisco 4500 may achieve the intended purpose.
3. Configuration of virtual subnet VLAN
1) . Configuration of VLAN and VTP on Catalyst 3200 switch enters Catalyst 3200 console via hyper terminal
a). Set VLAN management domain and enter "SET VTP AND ...", select "VTP ADMINISTRATION"
CONFIGURATION "Set the VALN management domain name" GIETNET "; VTP mode is" SERVER ".
B). Set VLAN and TRUNK: Connect all subnet switches and HUBs to the 10MB or
100MB ports of the Catalyst 3200 , and assign VLANs according to the above principles , And divide these ports into virtual networks as follows:
This setting is to select "LOCAL VLAN PROT CONFIGURATION" from the CONFIGURATION of the console
, specify the VLAN and TRUNK port, and fill all 3 VLANs into the TRUNK port configuration sheet In the end, the
following is shown as
2). The setting of
the Cisco 4500 router "splits" the f0 port of the Cisco 4500 into the corresponding "sub-ports" according to the number of subnets. According to the ISL
(InterSwitch Link) number set by it , proceed with the corresponding subnet Logical connection. In this example, f0 is divided into f0.1,
f0.2, and f0.3 to connect to VLAN1, VLAN2, and VLAN3, and the configuration commands are as follows:
router # config t
router (config) #int f0.1
router (config-subif) #Description VLAN1_GIET
router (config-subif) #ip address 192.168.111.1 255.255.255.192
router (config-subif) #encapsulation isl 2
..
router (config) #int f0.2
router (config-subif) #Description VLAN2_gzbnic
router (config-subif) #ip addess 192.168.111.65 255.255.255.192
router (config-subif ) #encapsulation isl 3
..
Ctl Z
wr is
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ COMMON FTP ERROR CODES
#Description
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message.On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed. Logged out if appropriate.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information
421 Service not available, closing control connection.This may be a reply to any command if the service knows it must shut down.
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken.
451 Requested action aborted. Local error in processing.
452 Requested action not taken. Insufficient storage space in system.File unavailable (e.g., file busy).
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted. Page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ COMMON FTP ERROR CODES
#Description
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message.On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed. Logged out if appropriate.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information
421 Service not available, closing control connection.This may be a reply to any command if the service knows it must shut down.
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken.
451 Requested action aborted. Local error in processing.
452 Requested action not taken. Insufficient storage space in system.File unavailable (e.g., file busy).
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted. Page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APACHE CONFIGURATION :
[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd
#!/bin/sh
#description:Apache is a World Wide Web server
[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@promote local]# cd /usr/local/httpd/conf
[root@promote conf]# vim httpd.conf
Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //
[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /
/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running
[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APACHE CONFIGURATION :
[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd
#!/bin/sh
#description:Apache is a World Wide Web server
[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@promote local]# cd /usr/local/httpd/conf
[root@promote conf]# vim httpd.conf
Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //
[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /
/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running
[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β