■Cisco 1812JでL2の基本動作の確認する 以下で管理アクセスを継続、いつでも復元可能な状態にした。 Debian WheezyからCisco1812-Jで遊んでみる。(シリアル/SSH設定、FTPバックアップ) http://labunix.hateblo.jp/entry/20140418/1397747497 Cisco 1812-Jのコンフィグの保存、初期化、復元とssh鍵の再作成 http://labunix.hateblo.jp/entry/20140422/1398175148 ■Debian Wheezyを2台、eth2にIPを設定して接続。 ルーティング設定なし。L2スイッチと同じサブネット。 $ sudo /sbin/ifconfig eth2 172.31.31.201/24 up $ env LANG=C /sbin/ifconfig eth2 | grep "inet " inet addr:172.31.31.201 Bcast:172.31.31.255 Mask:255.255.255.0 $ /sbin/route -n | grep 172.31 172.31.31.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 $ sudo /sbin/ifconfig eth2 172.31.31.202/24 up $ env LANG=C /sbin/ifconfig eth2 | grep "inet " inet addr:172.31.31.202 Bcast:172.31.31.255 Mask:255.255.255.0 $ /sbin/route -n | grep 172.31 172.31.31.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 ■debian Wheezyの3台、eth1にIPを設定。 「.200」は172.31.31.0/24に所属していないPC。 $ env LANG=C /sbin/ifconfig eth1 | grep "inet " inet addr:172.16.16.200 Bcast:172.16.16.255 Mask:255.255.255.0 $ env LANG=C /sbin/ifconfig eth1 | grep "inet " inet addr:172.16.16.201 Bcast:172.16.16.255 Mask:255.255.255.0 $ env LANG=C /sbin/ifconfig eth1 | grep "inet " inet addr:172.16.16.202 Bcast:172.16.16.255 Mask:255.255.255.0 ■イメージとしては以下の感じ。 172.16.0.0/12内において、 GWの172.16.16.200、172.31.31.201を通してL3通信 各GW配下はL2通信。 $ sudo apt-get install -y tree $ for n in `seq 200 202`;do \ mkdir -p "172.16.0.0.0-172.31.255.255_255.240.0.0/172.16.16.200/172.16.16.${n}"; \ mkdir -p "172.16.0.0.0-172.31.255.255_255.240.0.0/172.31.31.201/172.31.31.${n}"; \ done $ tree 172* 172.16.0.0.0-172.31.255.255_255.240.0.0 ├── 172.16.16.200 │ ├── 172.16.16.200 │ ├── 172.16.16.201 │ └── 172.16.16.202 └── 172.31.31.201 ├── 172.31.31.200 ├── 172.31.31.201 └── 172.31.31.202 8 directories, 0 files ■L2動作の確認 「ip routing」はL3なので、無効にするとL2動作。 「show ip route」でルーティング無し。 デフォルトのVLAN 1に所属しているのでポート間も通信可能。 R1>show hardware | include processor Cisco 1812-J (MPC8500) processor (revision 0x300) with 118784K/12288K bytes of memory. R1>enable Password: R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no ip routing R1(config)#interface vlan 1 R1(config-if)#ip address 172.31.31.200 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#end R1#show ip interface brief | include up.*up FastEthernet2 unassigned YES unset up up FastEthernet6 unassigned YES unset up up Vlan1 172.31.31.200 YES manual up up R1#show ip route Default gateway is not set Host Gateway Last Use Total Uses Interface ICMP redirect cache is empty R1#show vlan-switch | exclude 100[2-5] VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 Fa8, Fa9 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ R1# ■自身のNICを除くping チェック from debian $ for n in `seq 200 202`;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ traceroute -n 172.31.31.${n} | grep ms; \ done 1 172.31.31.200 1.047 ms * * inet addr:172.31.31.201 Bcast:172.31.31.255 Mask:255.255.255.0 1 172.31.31.202 0.259 ms 0.185 ms 0.153 ms $ for n in `seq 200 202`;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ traceroute -n 172.31.31.${n} | grep ms; \ done 1 172.31.31.200 0.507 ms * * 1 172.31.31.201 0.176 ms 0.143 ms 0.126 ms inet addr:172.31.31.202 Bcast:172.31.31.255 Mask:255.255.255.0 ■pingチェック from c1812J R1#ping ip 172.31.31.200 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#ping ip 172.31.31.201 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#ping ip 172.31.31.202 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.202, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 172.31.31.200 - 00xx.xxxx.xxxx ARPA Vlan1 Internet 172.31.31.201 0 00yy.yyyy.yyyy ARPA Vlan1 Internet 172.31.31.202 2 00zz.zzzz.zzzz ARPA Vlan1 R1#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 172.31.31.200 - 00xx.xxxx.xxxx ARPA Vlan1 Internet 172.31.31.201 1 00yy.yyyy.yyyy ARPA Vlan1 Internet 172.31.31.202 3 00zz.zzzz.zzzz ARPA Vlan1 ■L2でのデフォルトGWの設定 IPアドレスには、ルータなどのL3機器のIPを指定しないと意味が無い点に注意。 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip default-gateway 172.31.31.201 R1(config)#end R1#show ip route Default gateway is 172.16.16.201 Host Gateway Last Use Total Uses Interface ICMP redirect cache is empty ■Debian Wheezy側のルーティング設定 $ env LANG=c /sbin/ifconfig | grep 172.16.16. inet addr:172.16.16.200 Bcast:172.16.16.255 Mask:255.255.255.0 $ sudo route add -net 172.31.31.0/24 gw 172.16.16.201 $ /sbin/route -n | grep 172.31 172.31.31.0 172.16.16.201 255.255.255.0 UG 0 0 0 eth0 R1#ping 172.16.16.200 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#traceroute 172.16.16.200 Type escape sequence to abort. Tracing the route to 172.16.16.200 1 172.31.31.201 0 msec 0 msec 0 msec 2 172.16.16.200 0 msec 0 msec 0 msec R1# ■C1812JをL3のルーティングに変更 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip routing R1(config)#end Gateway of last resort is 172.31.31.201 to network 0.0.0.0 172.31.0.0/24 is subnetted, 1 subnets C 172.31.31.0 is directly connected, Vlan1 S* 0.0.0.0/0 [1/0] via 172.31.31.201 R1#ping 172.16.16.200 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1#traceroute 172.16.16.200 Type escape sequence to abort. Tracing the route to 172.16.16.200 1 172.31.31.201 0 msec 0 msec 0 msec 2 172.16.16.200 0 msec 0 msec 0 msec R1# ■L2をアクセス層、L3をコア/ディストリビューションとする準備が出来たので今日はここまで。 アクセス層としては、Catalyst 2970GはL2スイッチなので今回と同じように使えるはず。 L3はL3らしく使わないと面白味に欠ける。