|
|
1. IP和MAC地址绑定
网上资料很多,但多是转载。访问控制列表有点复杂,而端口绑定对我们又没必要,我们只是想防止别人盗用他人有外网权限的IP地址上网,所以我们只是用了以下命令:
6509-1(config)# arp [ ip地址] [mac地址] arpa(arpa是一种arp协议类型)
测试:1)两台电脑A和B,A的IP开通外网并做IP和MAC绑定,B的未开通且不做绑定,
将A网线拔出,并将A的IP设置在B上,B还是无法上外网
2)两台电脑A和B,A和B的IP均开通外网并做IP和MAC绑定
将A网线拔出,并将A的IP设置在B上,B依然可以上外网
结论:虽然该方法无法绝对阻止非外网用户盗用IP,但是非外网用户设置外网IP后还是不能上外网,一定程度上可以减少IP盗用现象。
如果是外网用户,盗用其他外网IP是可以上网的,但是自己本身的IP已经能上外网了,没必要盗用,除非是设置错误。
所以,这一条命令对我们来说还是有作用的。
2.查看下面接了些什么设备
#show cdp neighbors
例如:
6509-1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac>
Device> cm8fe1 Gig 1/1/29 162 S I WS-C2960G Gig 0/45
cm9fe1 Gig 1/1/34 175 S I WS-C2960G Gig 0/45
cm8fe2 Gig 1/1/23 130 S I WS-C2960G Gig 0/45
cm4fe1 Gig 1/1/9 148 S I WS-C2960G Gig 0/45
cm7fe2 Gig 1/1/24 126 S I WS-C2960G Gig 0/45
Cisco_10:10:e3 Gig 1/1/48 166 H AIR-WLC44 Gig 0/0/1
CM-SDH Gig 1/3/45 166 R 7206VXR Gig 0/1
3.查看IP和MAC地址对应表
6509-1#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.17.121 118 f0de.f1e5.01c7 ARPA Vlan17
Internet 192.168.112.24 168 6cfd.b924.8002 ARPA Vlan112
如果后面不加参数,就显示所有的IP和MAC的对应信息
常用参数一般有以下三种:IP地址,MAC地址,VLAN> 1)加IP地址,就会显示该IP地址相关的信息,例如:
6509-1#show ip arp 192.168.17.121
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.17.121 122 f0de.f1e5.01c7 ARPA Vlan17
2)加MAC地址,就会显示该MAC地址相关信息,例如:
6509-1#show ip arp f0de.f1e5.01c7
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.17.121 125 f0de.f1e5.01c7 ARPA Vlan17
3) 加VLAN> 6509-1#show ip arp vlan 17
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.17.121 133 f0de.f1e5.01c7 ARPA Vlan17
Internet 192.168.17.120 5 0011.5b1c.d1b3 ARPA Vlan17
Internet 192.168.17.123 3 0006.0a0d.312f ARPA Vlan17
Internet 192.168.17.125 5 0011.5b1c.f518 ARPA Vlan17
4.查看MAC地址表
6509-1#show mac-address-table vlan 17
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
Supervisor switch 1 Module 5
* 17 14fe.b5c4.95e0 dynamic Yes 0 Gi1/3/1
* 17 0040.3636.818d dynamic Yes 0 Gi1/3/1
show mac-address-table 后面如果不加任何参数,则会显示所有的信息,一般我们常用vlan> 5.查看交换机所有端口开启和关闭情况(以cisco 2960为例)
命令 #show ip interface brief
例如:
cm6fw1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.26 YES NVRAM up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset up up
GigabitEthernet0/5 unassigned YES unset up up
GigabitEthernet0/6 unassigned YES unset up up
GigabitEthernet0/7 unassigned YES unset up up
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset up up
GigabitEthernet0/10 unassigned YES unset up up
GigabitEthernet0/11 unassigned YES unset up up
GigabitEthernet0/12 unassigned YES unset up up
GigabitEthernet0/13 unassigned YES unset up up
GigabitEthernet0/14 unassigned YES unset up up
GigabitEthernet0/15 unassigned YES unset down down
GigabitEthernet0/16 unassigned YES unset up up
6.查看交换机负载情况,CPU和内存
命令: #show process cpu history, #show process cpu
例如:
#show processes cpu history
11111
8877777888887777788888999955555888888888888888888887777777
100
90
80
70
60
50
40
30
20 *****
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
1111111111111111111111111111191111111111111111111111111112
5454546354554555555556455455514337477541455662653555551523
100
90 *
80 *
70 *
60 *
50 *
40 *
30 *
20 * * * * * ** ********* ** ***# * *** **** ** ***** * *
10 ##########################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
9222233432542422333826253333326552732124352252464332235343333343474254
1886747505513759105071948496491379776963772006608223868735484931072202
100
90 *
80 * * * *
70 * * * *
60 * * * * * * * * * * *
50 * * * * * * * *** * * * *** * * *
40 * ** ** * ** * ** ** *** ** *** * *** ***** * ** *** **
30 ************ ************************ **** ******* *************** **
20 **********************************************************************
10 ######################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU% |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-17 09:13:41
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡