読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

Cisco 1812JでL2の基本動作の確認する

■Cisco 1812JでL2の基本動作の確認する
 以下で管理アクセスを継続、いつでも復元可能な状態にした。

 Debian WheezyからCisco1812-Jで遊んでみる。(シリアル/SSH設定、FTPバックアップ)
 http://labunix.hateblo.jp/entry/20140418/1397747497

 Cisco 1812-Jのコンフィグの保存、初期化、復元とssh鍵の再作成
 http://labunix.hateblo.jp/entry/20140422/1398175148

■Debian Wheezyを2台、eth2にIPを設定して接続。
 ルーティング設定なし。L2スイッチと同じサブネット。

$ sudo /sbin/ifconfig eth2 172.31.31.201/24 up
$ env LANG=C /sbin/ifconfig eth2 | grep "inet "
          inet addr:172.31.31.201  Bcast:172.31.31.255  Mask:255.255.255.0
$ /sbin/route -n | grep 172.31
172.31.31.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2

$ sudo /sbin/ifconfig eth2 172.31.31.202/24 up
$ env LANG=C /sbin/ifconfig eth2 | grep "inet "
          inet addr:172.31.31.202  Bcast:172.31.31.255  Mask:255.255.255.0
$  /sbin/route -n | grep 172.31
172.31.31.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2

■debian Wheezyの3台、eth1にIPを設定。
 「.200」は172.31.31.0/24に所属していないPC。

$ env LANG=C /sbin/ifconfig eth1 | grep "inet "
          inet addr:172.16.16.200  Bcast:172.16.16.255  Mask:255.255.255.0

$ env LANG=C /sbin/ifconfig eth1 | grep "inet "
          inet addr:172.16.16.201  Bcast:172.16.16.255  Mask:255.255.255.0

$ env LANG=C /sbin/ifconfig eth1 | grep "inet "
          inet addr:172.16.16.202  Bcast:172.16.16.255  Mask:255.255.255.0

■イメージとしては以下の感じ。
 172.16.0.0/12内において、
 GWの172.16.16.200172.31.31.201を通してL3通信
 各GW配下はL2通信。

$ sudo apt-get install -y tree
$ for n in `seq 200 202`;do \
    mkdir -p "172.16.0.0.0-172.31.255.255_255.240.0.0/172.16.16.200/172.16.16.${n}"; \
    mkdir -p "172.16.0.0.0-172.31.255.255_255.240.0.0/172.31.31.201/172.31.31.${n}"; \
  done
$ tree 172*
172.16.0.0.0-172.31.255.255_255.240.0.0
├── 172.16.16.200
│   ├── 172.16.16.200
│   ├── 172.16.16.201
│   └── 172.16.16.202
└── 172.31.31.201
    ├── 172.31.31.200
    ├── 172.31.31.201
    └── 172.31.31.202

8 directories, 0 files

■L2動作の確認
 「ip routing」はL3なので、無効にするとL2動作。
 「show ip route」でルーティング無し。
 デフォルトのVLAN 1に所属しているのでポート間も通信可能。

R1>show hardware | include processor
Cisco 1812-J (MPC8500) processor (revision 0x300) with 118784K/12288K bytes of memory.
R1>enable 
Password: 
R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip routing
R1(config)#interface vlan 1
R1(config-if)#ip address 172.31.31.200 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#end
R1#show ip interface brief | include up.*up
FastEthernet2              unassigned      YES unset  up                    up      
FastEthernet6              unassigned      YES unset  up                    up      
Vlan1                      172.31.31.200   YES manual up                    up      
R1#show ip route     
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty
R1#show vlan-switch | exclude 100[2-5] 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa2, Fa3, Fa4, Fa5, Fa6, Fa7
                                                Fa8, Fa9

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
R1#

■自身のNICを除くping チェック from debian

$ for n in `seq 200 202`;do \
    env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
      traceroute -n 172.31.31.${n} | grep ms; \
  done
 1  172.31.31.200  1.047 ms * *
          inet addr:172.31.31.201  Bcast:172.31.31.255  Mask:255.255.255.0
 1  172.31.31.202  0.259 ms  0.185 ms  0.153 ms

$ for n in `seq 200 202`;do \
    env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
      traceroute -n 172.31.31.${n} | grep ms; \
  done
 1  172.31.31.200  0.507 ms * *
 1  172.31.31.201  0.176 ms  0.143 ms  0.126 ms
          inet addr:172.31.31.202  Bcast:172.31.31.255  Mask:255.255.255.0

■pingチェック from c1812J

R1#ping ip 172.31.31.200                  

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#ping ip 172.31.31.201

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#ping ip 172.31.31.202

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.202, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1#show arp 
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.31.31.200           -   00xx.xxxx.xxxx  ARPA   Vlan1
Internet  172.31.31.201           0   00yy.yyyy.yyyy  ARPA   Vlan1
Internet  172.31.31.202           2   00zz.zzzz.zzzz  ARPA   Vlan1

R1#show ip arp 
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.31.31.200           -   00xx.xxxx.xxxx  ARPA   Vlan1
Internet  172.31.31.201           1   00yy.yyyy.yyyy  ARPA   Vlan1
Internet  172.31.31.202           3   00zz.zzzz.zzzz  ARPA   Vlan1

■L2でのデフォルトGWの設定
 IPアドレスには、ルータなどのL3機器のIPを指定しないと意味が無い点に注意。

R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip default-gateway 172.31.31.201
R1(config)#end
R1#show ip route 
Default gateway is 172.16.16.201

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

■Debian Wheezy側のルーティング設定

$ env LANG=c /sbin/ifconfig | grep 172.16.16.
          inet addr:172.16.16.200 Bcast:172.16.16.255  Mask:255.255.255.0
$ sudo route add -net 172.31.31.0/24 gw 172.16.16.201
$ /sbin/route -n | grep 172.31
172.31.31.0     172.16.16.201   255.255.255.0   UG    0      0        0 eth0

R1#ping 172.16.16.200

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#traceroute 172.16.16.200

Type escape sequence to abort.
Tracing the route to 172.16.16.200

  1 172.31.31.201 0 msec 0 msec 0 msec
  2 172.16.16.200 0 msec 0 msec 0 msec
R1#

■C1812JをL3のルーティングに変更

R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip routing 
R1(config)#end
Gateway of last resort is 172.31.31.201 to network 0.0.0.0
     172.31.0.0/24 is subnetted, 1 subnets
C       172.31.31.0 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 172.31.31.201

R1#ping 172.16.16.200

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1#traceroute 172.16.16.200

Type escape sequence to abort.
Tracing the route to 172.16.16.200

  1 172.31.31.201 0 msec 0 msec 0 msec
  2 172.16.16.200 0 msec 0 msec 0 msec
R1#

■L2をアクセス層、L3をコア/ディストリビューションとする準備が出来たので今日はここまで。

 アクセス層としては、Catalyst 2970GはL2スイッチなので今回と同じように使えるはず。
 L3はL3らしく使わないと面白味に欠ける。