💥
スイッチの管理インターフェースの設定の練習
本エントリについて
Dynagen、Dynamips、vpcs を使って、スイッチの管理インターフェースの設定を練習します。
Dynagen、Dynamips、vpcs の利用環境はすでに整っているものとします。
参考
基本設定
https://zenn.dev/mnod/articles/a6004b3f8c0935 の練習をした環境を利用します。
VLAN1、VLAN10 の設定
VLAN1 はスイッチの管理インタフェース、VLAN10 は管理用デバイスのためのネットワークとします。
sw01 設定
sw01 の VLAN1 および VLAN10 にアドレスを割り当てます。
(VLAN10 のルーティングは sw01、または sw02 で行うこととして、sw11 では VLAN10 にはアドレスを割り当てません)
sw01(config)#int vlan 1
sw01(config-if)#ip addr 10.2.254.1 255.255.255.0
sw01(config)#int vlan 10
sw01(config-if)#ip addr 10.2.0.254 255.255.255.0
sw01#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up up
Vlan1 10.2.254.1 YES manual up up
Vlan10 10.2.0.252 YES manual up up
sw01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.0.0 is directly connected, Vlan10
C 10.2.254.0 is directly connected, Vlan1
sw11 設定
sw11 で、アクセスポートに VLAN10 を割り当てます。
sw11(config)#int range fa1/0 - 4
sw11(config-if-range)#switchport mode access
sw11(config-if-range)#switchport access vlan 10
sw11#show int status
Port Name Status Vlan Duplex Speed Type
Fa1/0 connected 10 a-full a-100 10/100BaseTX
Fa1/1 connected 10 a-full a-100 10/100BaseTX
Fa1/2 notconnect 10 auto auto 10/100BaseTX
Fa1/3 notconnect 10 auto auto 10/100BaseTX
Fa1/4 connected 10 a-full a-100 10/100BaseTX
Fa1/5 connected 1 a-full a-100 10/100BaseTX
Fa1/6 notconnect 1 auto auto 10/100BaseTX
Fa1/7 notconnect 1 auto auto 10/100BaseTX
Fa1/8 notconnect 1 auto auto 10/100BaseTX
Fa1/9 notconnect 1 auto auto 10/100BaseTX
Fa1/10 notconnect 1 auto auto 10/100BaseTX
Fa1/11 notconnect 1 auto auto 10/100BaseTX
Fa1/12 notconnect 1 auto auto 10/100BaseTX
Fa1/13 notconnect 1 auto auto 10/100BaseTX
Fa1/14 connected trunk a-full a-100 10/100BaseTX
Fa1/15 connected trunk a-full a-100 10/100BaseTX
sw11#
VLAN1にアドレスを割り当てます。
また、デフォルトゲートウェイの設定を追加します。
sw11(config)#int vlan 1
sw11(config-if)#ip addr 10.2.254.11 255.255.255.0
sw11(config)#ip route 0.0.0.0 0.0.0.0 10.2.254.1
sw11#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up up
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up up
FastEthernet1/5 unassigned YES unset up up
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up up
FastEthernet1/15 unassigned YES unset up up
Vlan1 10.2.254.11 YES manual up up
sw11#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.2.254.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.2.254.0 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 10.2.254.1
sw11 から疎通確認を実施します。
ルーティングは sw01 が行います。
10.2.0.1 は sw11 に直接接続されていますが、sw01 を経由して通信が行われています。
sw11#ping 10.2.254.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.254.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
sw11#ping 10.2.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms
sw11#ping 10.2.0.252
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.252, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/16 ms
sw11#ping 10.2.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/25/36 ms
sw11 の VLAN10 のアクセスポートに接続したデバイスから疎通確認を実施します。
ここでは、ルーティング設定は下記になっています。
admin@ip-10-0-0-73:~/zenn$ ip route
default via 10.0.0.1 dev ens5
10.0.0.0/24 dev ens5 proto kernel scope link src 10.0.0.73
10.2.0.0/24 dev br0 proto kernel scope link src 10.2.0.1
10.2.0.0/16 dev br0 scope link
admin@ip-10-0-0-73:~$ ping 10.2.0.252 -c 5
PING 10.2.0.252 (10.2.0.252) 56(84) bytes of data.
64 bytes from 10.2.0.252: icmp_seq=1 ttl=255 time=9.73 ms
64 bytes from 10.2.0.252: icmp_seq=2 ttl=255 time=4.27 ms
64 bytes from 10.2.0.252: icmp_seq=3 ttl=255 time=2.70 ms
64 bytes from 10.2.0.252: icmp_seq=4 ttl=255 time=8.76 ms
64 bytes from 10.2.0.252: icmp_seq=5 ttl=255 time=7.96 ms
--- 10.2.0.252 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 10ms
rtt min/avg/max/mdev = 2.703/6.684/9.726/2.716 ms
admin@ip-10-0-0-73:~$ ping 10.2.254.1 -c 5
PING 10.2.254.1 (10.2.254.1) 56(84) bytes of data.
64 bytes from 10.2.254.1: icmp_seq=1 ttl=255 time=5.30 ms
64 bytes from 10.2.254.1: icmp_seq=2 ttl=255 time=8.02 ms
64 bytes from 10.2.254.1: icmp_seq=3 ttl=255 time=1.11 ms
64 bytes from 10.2.254.1: icmp_seq=4 ttl=255 time=10.2 ms
64 bytes from 10.2.254.1: icmp_seq=5 ttl=255 time=8.60 ms
--- 10.2.254.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.114/6.635/10.153/3.175 ms
admin@ip-10-0-0-73:~$ ping 10.2.254.11 -c 5
PING 10.2.254.11 (10.2.254.11) 56(84) bytes of data.
64 bytes from 10.2.254.11: icmp_seq=1 ttl=254 time=30.1 ms
64 bytes from 10.2.254.11: icmp_seq=2 ttl=254 time=28.6 ms
64 bytes from 10.2.254.11: icmp_seq=3 ttl=254 time=24.8 ms
64 bytes from 10.2.254.11: icmp_seq=4 ttl=254 time=23.3 ms
64 bytes from 10.2.254.11: icmp_seq=5 ttl=254 time=30.5 ms
--- 10.2.254.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 23.348/27.461/30.472/2.886 ms
sw02 の追加
sw02 の VLAN1 および VLAN10 にアドレスを割り当てます。
sw02(config)#int vlan 1
sw02(config-if)#ip addr 10.2.254.2 255.255.255.0
sw02(config-if)#int vlan 10
sw02(config-if)#ip address 10.2.0.253 255.255.255.0
sw02#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up up
Vlan1 10.2.254.2 YES manual up up
Vlan10 10.2.0.253 YES manual up up
sw02#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.2.0.0 is directly connected, Vlan10
C 10.2.254.0 is directly connected, Vlan1
sw02 から疎通確認を実施します。
sw02#ping 10.2.0.252
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.252, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 16/24/40 ms
sw02#ping 10.2.254.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.254.11, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 12/19/24 ms
sw02#ping 10.2.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:
!!!!!
VLAN11 の追加
sw11 の設定
sw11 のアクセスポートにVLAN11を割り当てます。
sw11(config)#int range fa1/4 - 7
sw11(config-if-range)#switchport mode access
sw11(config-if-range)#switchport access vlan 11
sw11#show int status
Port Name Status Vlan Duplex Speed Type
Fa1/0 connected 10 a-full a-100 10/100BaseTX
Fa1/1 connected 10 a-full a-100 10/100BaseTX
Fa1/2 notconnect 10 auto auto 10/100BaseTX
Fa1/3 notconnect 10 auto auto 10/100BaseTX
Fa1/4 connected 11 a-full a-100 10/100BaseTX
Fa1/5 connected 11 a-full a-100 10/100BaseTX
Fa1/6 notconnect 11 auto auto 10/100BaseTX
Fa1/7 notconnect 11 auto auto 10/100BaseTX
Fa1/8 notconnect 1 auto auto 10/100BaseTX
Fa1/9 notconnect 1 auto auto 10/100BaseTX
Fa1/10 notconnect 1 auto auto 10/100BaseTX
Fa1/11 notconnect 1 auto auto 10/100BaseTX
Fa1/12 notconnect 1 auto auto 10/100BaseTX
Fa1/13 notconnect 1 auto auto 10/100BaseTX
Fa1/14 connected trunk a-full a-100 10/100BaseTX
Fa1/15 connected trunk a-full a-100 10/100BaseTX
sw11#
VLAN11 についてもルーティングは sw01 または sw02 で行うこととして、sw11 では VLAN11 にはアドレスを割り当てません。
sw01 の設定
sw01のVLAN11にアドレスを割り当てます。
sw01(config)#int vlan 11
sw01(config-if)#ip addr 10.2.1.252 255.255.255.0
sw01#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up up
Vlan1 10.2.254.1 YES manual up up
Vlan10 10.2.0.252 YES manual up up
Vlan11 10.2.1.252 YES manual up up
sw01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.2.0.0 is directly connected, Vlan10
C 10.2.1.0 is directly connected, Vlan11
C 10.2.254.0 is directly connected, Vlan1
sw11 の VLAN11 のアクセスポートに接続した機器から sw01 経由の疎通を確認します。
VPCS[2]> ip 10.2.1.1 10.2.1.252 /24
Checking for duplicate address...
PC2 : 10.2.1.1 255.255.255.0 gateway 10.2.1.252
VPCS[2]> show ip
NAME : VPCS[2]
IP/MASK : 10.2.1.1/24
GATEWAY : 10.2.1.252
DNS :
MAC : 00:50:79:66:68:01
LPORT : 20001
RHOST:PORT : 127.0.0.1:30001
MTU: : 1500
VPCS[2]> ping 10.2.1.252
10.2.1.252 icmp_seq=1 ttl=255 time=5.626 ms
10.2.1.252 icmp_seq=2 ttl=255 time=5.371 ms
10.2.1.252 icmp_seq=3 ttl=255 time=4.949 ms
10.2.1.252 icmp_seq=4 ttl=255 time=7.453 ms
10.2.1.252 icmp_seq=5 ttl=255 time=6.406 ms
VPCS[2]> ping 10.2.0.252
10.2.0.252 icmp_seq=1 ttl=255 time=5.235 ms
10.2.0.252 icmp_seq=2 ttl=255 time=8.323 ms
10.2.0.252 icmp_seq=3 ttl=255 time=6.197 ms
10.2.0.252 icmp_seq=4 ttl=255 time=8.155 ms
10.2.0.252 icmp_seq=5 ttl=255 time=7.417 ms
VPCS[2]> ping 10.2.0.1
10.2.0.1 icmp_seq=1 ttl=63 time=24.651 ms
10.2.0.1 icmp_seq=2 ttl=63 time=16.766 ms
10.2.0.1 icmp_seq=3 ttl=63 time=11.570 ms
10.2.0.1 icmp_seq=4 ttl=63 time=17.296 ms
10.2.0.1 icmp_seq=5 ttl=63 time=16.473 ms
sw02 の追加
sw02 のVLAN11にアドレスを割り当てます。
sw02(config)#int vlan 11
sw02(config-if)#ip addr 10.2.1.253 255.255.255.0
sw02#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up up
Vlan1 10.2.254.2 YES manual up up
Vlan10 10.2.0.253 YES manual up up
Vlan11 10.2.1.253 YES manual up up
sw02#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.2.0.0 is directly connected, Vlan10
C 10.2.1.0 is directly connected, Vlan11
C 10.2.254.0 is directly connected, Vlan1
sw11 の VLAN11 のアクセスポートに接続した機器から sw02 経由の疎通を確認します。
VPCS[2]> ip 10.2.1.1 10.2.1.253 /24
Checking for duplicate address...
PC2 : 10.2.1.1 255.255.255.0 gateway 10.2.1.253
VPCS[2]> show ip
NAME : VPCS[2]
IP/MASK : 10.2.1.1/24
GATEWAY : 10.2.1.253
DNS :
MAC : 00:50:79:66:68:01
LPORT : 20001
RHOST:PORT : 127.0.0.1:30001
MTU: : 1500
VPCS[2]> ping 10.2.1.253
10.2.1.253 icmp_seq=1 ttl=255 time=10.033 ms
10.2.1.253 icmp_seq=2 ttl=255 time=6.289 ms
10.2.1.253 icmp_seq=3 ttl=255 time=6.318 ms
10.2.1.253 icmp_seq=4 ttl=255 time=6.107 ms
10.2.1.253 icmp_seq=5 ttl=255 time=6.113 ms
VPCS[2]> ping 10.2.0.253
10.2.0.253 icmp_seq=1 ttl=255 time=9.623 ms
10.2.0.253 icmp_seq=2 ttl=255 time=4.928 ms
10.2.0.253 icmp_seq=3 ttl=255 time=3.998 ms
10.2.0.253 icmp_seq=4 ttl=255 time=10.307 ms
10.2.0.253 icmp_seq=5 ttl=255 time=9.945 ms
VPCS[2]> ping 10.2.0.1
10.2.0.1 icmp_seq=1 ttl=63 time=14.635 ms
10.2.0.1 icmp_seq=2 ttl=63 time=16.755 ms
10.2.0.1 icmp_seq=3 ttl=63 time=16.875 ms
10.2.0.1 icmp_seq=4 ttl=63 time=11.120 ms
10.2.0.1 icmp_seq=5 ttl=63 time=16.261 ms
まとめ
Dynagen、Dynamips、vpcs を使って、スイッチの管理インターフェースの設定を練習しました。
sw11 自体には VLAN10、VLAN11のアドレスは設定していませんが、sw01、sw02 でルーティングを行うことによって VLAN1のアドレスに対して telnet などの管理向けの通信ができます。
Discussion