r/Cisco - CBS 350: ungakukhubaza kanjani ukufinyelela kusixhumi esibonakalayo sewebhu yokuphatha kusuka kumachweba we-Ethernet avamile weswishi?

= I-CBS 350: ungakukhubaza kanjani ukufinyelela kusixhumi esibonakalayo sewebhu kusuka kumachweba avamile we-Ethernet weswishi? =

Ngithole iswishi ye-CBS350 yokuphatha ithrafikhi ye-Ethernet evela kumakhompyutha ahlukahlukene. Ukusethwa kwami ​​​​kwamanje kusebenzisa inethiwekhi ehlukaniswe ngokuphelele ukuze kunikeze ukufinyelela ku-IPMI yokuphatha isixhumi esibonakalayo samakhompyutha, futhi ngingathanda ukwenza okufanayo ekushintsheni kweCisco.

Iswishi ixhunywe ngembobo ye-OOB kunethiwekhi ye-IPMI, futhi ngiyakwazi ukufinyelela isixhumi esibonakalayo seWebhu kusuka kunoma iyiphi ikhompyutha kule nethiwekhi. Kubukeka sengathi i-CBS350 ngokwayo iphinde ithole ikheli le-IPv4 kuseva ye-DHCP exhunywe kunoma yimaphi amachweba avamile e-Ethernet, ukuze ikwazi ukuba nesiphakeli sewebhu sokuphatha sifinyeleleke kuleyo nethiwekhi.

Ngikucisha kanjani lokhu kuziphatha? Kungakhathaliseki ukuthi iseva ye-Web yokuphatha ivikeleke kangakanani, ngokushesha noma kamuva othile uzothola ubungozi bokuyisebenzisa. Ngifuna isixhumi esibonakalayo sokuphatha sitholakale kuphela ngembobo ye-OOB

Ngizamile izinsizakalo ze-IPv4, kodwa kubukeka sengathi ayikho indlela yokususa umthetho we-VLAN1. Into eseduze kakhulu engangingayenza kwakuwukuyimisa ukuze isebenzise ikheli le-IP elingashintshiwe

Khubaza iseva yewebhu = 'ayikho iseva ye-http'Uma ungafuni izimbobo ezifinyelela kunethiwekhi ye-vlan 1, unganiki lezo zimbobo ku-vlan 1. I-firewall noma i-ACL kufanele isetshenziselwe ukuvimbela umzila phakathi kwamanethiwekhi/abasingathi abangagunyaziwe.

Kulula ngempela

Lungiselela isixhumi esibonakalayo se-IPv4 ukuze sibe ku-VLAN ngaphandle kwe-VLAN 1 futhi usethe ikheli le-IP elimile. Susa nokufakiwe kwe-DHCP IPv4

Bese ulungisa imbobo yokushintsha oyikhethayo njengendawo yokufinyelela enaleyo VLAN oyilungise ngaphambilini, futhi manje usunembobo ye-OOB. Qiniseka ukuthi awuyivumeli leyo VLAN kuwo wonke ama-trunk

Kunethiwekhi yami ye-Cisco 9300's ngihambisa indiza yabaphathi ku-vrf futhi ngibophe lezi zinsizakalo ezilandelayo kuleyo vrf
I-TFTP
I-SSH
I-SNMP
I-SYSLOG
I-NTP

Kusohlwini olungezansi amazwibela afingqiwe futhi ahlanzekile emiyalo efanele: ! inguqulo 17.6! vrf definition Mgmt-vrf ikheli-umndeni ipv4 ukuphuma-ikheli-umndeni ! shintsha ukunikezwa okungu-1 c9300-48t ! esibonakalayo GigabitEthernet0/0 vrf ukudlulisela Mgmt-vrf ikheli le-IP 10.2.10.247 255.255.255.0 ip ukufinyelela-iqembu 103 in! akukho ip http iseva ip http ikilasi lokufinyelela-ipv4 11 ip http ubuqiniso bendawo akukho ip http evikelekile-iseva ip http evikelekile-iseva ip http evikelekile-ciphersuite rsa-aes-gcm-sha2 ip http ama-max-connections 1 ip http umthombo weklayenti-isixhumi esibonakalayo GigabitEthernet0/0 ip tftp umthombo-interface GigabitEthernet0/0 ip tftp blocksize 1482 ip umzila vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.2.10.246 ip ssh maxstartups 2 ip ssh isikhathi-kuphuma 60 ip ssh bit source-interface 0/0 Gibela umlando wokugawulwa kwemithi izaziso zogibe lokungena ngemvume umsuka-id yegama lomethuleli yokungena umthombo-isixhumi esibonakalayo GigabitEthernet0/0 vrf Mgmt-vrf ukuloga umsingathi wolwazi wokugawula we-snmp-trap 192.168.10.252 vrf Mgmt-vrf ! i-ip yohlu lokufinyelela izinga 10 10 ukuphawula Hlunga I-SSH Imizamo 20 imvume 192.168.10.248 0.0.0.7 log 30 imvume 10.2.10.248 0.0.0.7 log 40 yenqaba noma iyiphi i-log log access-list standard 11 10 HTTP access remark -uhlu olujwayelekile 20 10 ukuphawula Hlunga I-NTP Imizamo 10 imvume 192.168.10.101 20 yenqaba noma iyiphi i-log ip yokufinyelela-uhlu standard 30 10 ukuphawula Vumela SNMP Connections 20 imvume 192.168.10.251 30 imvume 192 40. Ukuphawula kuvimbela ithrafikhi ku-Router Management 10 Imvume ye-UDP 192.168.10.248 0.0.0.7 Host 10.2.168.10.7 Host 10.2.10.247 vumela udp 192.168.10.248 0.0.0.7 umsingathi 10.2.10.247 eq tftp 50 imvume icmp 192.168.10.248 0.0.0.7 umsingathi 10.2.10.247 60 deny1. iqembu le-snmp-server SOLAR v3 priv umongo vlan-10 funda ukufinyelela kwe-MGMT 30 snmp-server trap-source GigabitEthernet0/0 snmp-server host 192.168.10.252 vrf Mgmt-vrf inguqulo 3 priv SOLAR ! ntp ukungena ngemvume kwe-ntp-ukhiye wokuqinisekisa 1 md5 ntp authenticatentp-ukhiye othembekile 1 umthombo we-ntp GigabitEthernet0/0 ntp yokufinyelela-iqembu kontanga 20 ntp iseva vrf Mgmt-vrf 192.168.10.101 ! umugqa vty 0 1 iseshini-isikhathi sokuvala 10 ikilasi lokufinyelela-10 ngegama le-vrfname I-Mgmt-vrf ukugawulwa kwemithi okuvumelanayo khipha usayizi womlando wesitembu sesikhathi esisheshayo 100 ezokuthutha ezikhethwayo okokufaka okokuthutha kwe-ssh ssh! Isexwayiso esisodwa ukuthi ukuhlolwa kwe-Netflow ezimbobeni zendiza yedatha ngeke kudlule endizeni yokuphatha
Lawa maswishi asendlini, isixhumi esibonakalayo sokuphatha siyatholakala kuwo wonke ama-vlan alungiselelwe ngesendlalelo sesi-3 futhi awukwazi ukukuvala. Uzodinga ukushintsha i-vlan 1 ukuze ube nekheli le-IP elimile bese udala ama-ACL ukuze uvimbele ukufinyelela kumanethiwekhi okungafanele awafinyelele nawo.

isixhumi esibonakalayo sokuphatha siyatholakala kuwo wonke ama-vlan amisiwe
Kwehluke kanjani lokho kunanoma iyiphi enye i-l3 switch? Udinga ukudala imithetho ukuze uvimbele lokhu.