ARP协议(address resolution protocol)地址解析协议(dest ip------dest mac)
首先自己的主机上也有很多ARP
具体可以
Win+r----cmd-----arp -a
进行查询,查看自己的主机上缓存的arp
网络管理:
R1如何管理R2:
网络管理-----网管
带内管理:---inbound 管理流量和数据流量走向相同的路径
有点:
简单,方便,成本低
缺点:
一旦业余中断,管理也中断
适用与小型、soho
带外管理:---outbound 管流量和数据(业务)流量走的路径不同
优点:
任何时候都可以管理到设备(不间断的管理设备)
缺点:
成本高
分类:
1、本地管理------------网络不可达
Console
初始化、升级、换板卡
2、远程管理--------前提:网络可达
Telnet/stelnet(ssh)(更加安全)/拨号-------CLI
Web----------------------------------------------------------------GUI
拨号----------比较早,用调制解调器将电话信号转换为网络
既然可以本地管理为什么要远程管理?首先本地管理在设备属于新机的时候可以进行管理,而且带外管理网也有可能会挂掉。
在模拟器上进行本地管理
这里注意波特率为9600,数据位为:8 奇偶位:无,停止位:1,流控:无
因为波特率的速率比较低,所以一般我们上传东西的时候决斗加一根网线
管理复杂的大型网络拓扑:
首先大型的数据中心他又MGMT;这个管理接口是连接带外管理(telnet、ssh)console口带内管理,AR上面安装很多板卡拉出来几根线连接到console上。这样就可以用一台交换机登录到AR上对所有设备进行管理这个AR我们称之为终端服务器(一般称之为堡垒机或者跳板机)进行反向telnet
远程管理网路-----telnet:
首先两边的路由要ping通
抓包详细:
但是如果我们直接telnet会显示失败
抓包详细:在这里我们可以看见TCP的三次握手
在这里我们复习一下:
首先我们telnet,首先查看路由表 有路由
Tcp sport xx dport 23 | sip 12.1.1.1 dip 12.1.1.2 | smac (发出telnet交换机的mac) dmac (由ARP可得知目的地址所对应的MAC地址)
当我们的R2收到的时候,首先先查看是不是我自己(这里采用的是单播),如果是我收到,如果不是丢弃
ip包:
分片字段:
MTU:MAX transport 最大传输单元:默认1500字节 这里我们是可以进行修改的
超过1500时进行分片(ej:当他属于2000字节时,我们就是1500自己字节+500字节)
收到分片后组合进行转发(那么为什么要有这么一个过程呢?提高传输效率 atm----信元(cell)因为他的大小是固定的,所以传输效率比较高,那么我们这里的ip就学习了这个优点这样网络的传输效率就比较稳定不会产生要中的抖动)
数据中心:现在默认的MTU值为9K 他的延时就会比较低,因为数据的吞吐量比较大,一般语音视频的MTYU值就比较小,因为我是实时的,那么我的转发怕频率就会比较快,基于特殊的应用他的MTU值要根据情况做出变化,那么当很多的应用在一起,他们的MTU值不一样的时候我们就会发现他的延迟就会比较大,那么这个时候就有一个技术出现了
MTU discovery:发现路径上最小的MTU值
解决分片所带来的效率降低问题,
1、为了提高ip包的转发效率,我们的MTU值出现了为1500
2、因为应用所需要的MTU值不同,导致了路径上的MTU不同(出现了分片和组合)效率低
3、MTU discovery(需要人工配置) 最低的MTC
如上图所示,当DF=0时可以分片,当DF=1时不可以分片
TTL:存活时间(物理防环)经过一个路由器-1 (为工程师排错留下时间)
中断了
1、那么为什么会中断?
因为远程的访问切法安全性,设备远程管理强制要求配置认证,如果没有配置,那么就拒绝连接
解决方案:配置远程访问的认证 telnet在本机上显示密文,但是传输过程中显示明文
user-interface vty 0 4
authentication-mode password
set authentication password cipher 123
抓包可以看见明文密码
所以一般使用ssh,因为telnet不安全
三次握手
---------->syn
syn+ack<----------
---------->ack
2、如果有人离职,那么就要更换密码,基于用户的认证
authentication-mode aaa
user-interface vty 16 20
[AAA:authentication authorization accounting -----认证,授权,审计]
认证:确定是否时合法的用户
认证元素:用户名(卡号、id)、密码、指纹、虹膜、声音、谜语
认证元素越多,认证强度越大
线下密码-----1个认证元素,密码
AAA----------基于用户的认证。2个认证元素,用户名和密码
aaa
local-user ajacksonz password cipher %$%$h%Tc-MuvVLLa-:@^%Wt%IOeX%$%$(123)
local-user zf password cipher %$%$/Mc#"w`!F&#\HI:3bVqLIP2t%$%$
强制使用ssh登录或者其他形式登录
AAA形式下,强制某一种密码只能使用某种形式认证
3、ajacksonz登陆上去但是不可以进行配置
因为远程配置的默认为0,没有进行授权
[AAA:authentication authorization accounting -----认证,授权,审计]
授权:不同的用户不允许做的事情
华为路由的授权是有级别的;默认的远程管理的级别时0
有两种授权方式:
1、线下直接授权
user-interface vty 0 4
authentication-mode aaa
user privilege level 1
等级为0时 (默认)用户
<R2>?
User view commands:
display Display information
hwtacacs-user HWTACACS user
local-user Add/Delete/Set user(s)
ping Ping function
quit Exit from current mode and enter prior mode
save Save file
super Modify super password parameters
telnet Open a telnet connection
tracert <Group> tracert command group
等级为1时,监控级
<R2>?
User view commands:
arp-ping ARP-ping
backup Backup information
clear Clear
cls Clear screen
debugging <Group> debugging command group
dialer Dialer
display Display information
help Description of the interactive help system
hwtacacs-user HWTACACS user
lldp Link Layer Discovery Protocol
local-user Add/Delete/Set user(s)
mtrace Trace route to multicast source
ping <Group> ping command group
quit Exit from current mode and enter prior mode
reboot Reboot system
reset <Group> reset command group
return Enter the privileged mode
save Save file
send Send information to other user terminal interfaces
super Modify super password parameters
telnet Open a telnet connection
terminal Set the terminal line characteristics
tracert <Group> tracert command group
undo Negate a command or set its defaults
xdsl Display board temperature
等级为2时 配置
<R2>?
User view commands:
arp-ping ARP-ping
autosave <Group> autosave command group
backup Backup information
clear <Group> clear command group
cls Clear screen
compare Compare configuration file
debugging <Group> debugging command group
dialer Dialer
display Display information
help Description of the interactive help system
hwtacacs-user HWTACACS user
lldp Link Layer Discovery Protocol
local-user Add/Delete/Set user(s)
mpls MPLS parameters
mtrace Trace route to multicast source
pad Establish one PAD connection
ping <Group> ping command group
quit Exit from current mode and enter prior mode
reboot Reboot system
refresh Do soft reset
reset <Group> reset command group
resource System resources(mem,message,cpu)
return Enter the privileged mode
save <Group> save command group
screen-length Set the number of lines displayed on a screen
send Send information to other user terminal interfaces
set Set
super Modify super password parameters
system-view SystemView from terminal
telnet Open a telnet connection
terminal Set the terminal line characteristics
test-aaa Accounts test
tracert <Group> tracert command group
undo Negate a command or set its defaults
upgrade Upgrade
xdsl Display board temperature
等级为3时 管理
<R2>?
User view commands:
arp-ping ARP-ping
autosave <Group> autosave command group
backup Backup information
cd Change current directory
clear <Group> clear command group
clock Specify the system clock
cls Clear screen
compare Compare configuration file
copy Copy from one file to another
debugging <Group> debugging command group
delete Delete a file
dialer Dialer
dir List files on a filesystem
display Display information
factory-configuration Factory configuration
fixdisk Try to restory disk
format Format file system
free Release a user terminal interface
ftp Establish an FTP connection
help Description of the interactive help system
hwtacacs-user HWTACACS user
license <Group> license command group
lldp Link Layer Discovery Protocol
local-user Add/Delete/Set user(s)
lock Lock the current user terminal interface
mkdir Create a new directory
more Display the contents of a file
move Move from one file to another
mpls MPLS parameters
mtrace Trace route to multicast source
pad Establish one PAD connection
patch Patch operation
ping <Group> ping command group
power Power on or off operate
pwd Display current working directory
quit Exit from current mode and enter prior mode
reboot Reboot system
refresh Do soft reset
rename Rename a file or directory
reset <Group> reset command group
resource System resources(mem,message,cpu)
return Enter the privileged mode
rmdir Remove an existing directory
rollback Active/standby mainboard rollback command
save <Group> save command group
schedule Schedule system task
screen-length Set the number of lines displayed on a screen
send Send information to other user terminal interfaces
set <Group> set command group
sslvpn Sslvpn
startup Config parameter for system to startup
super Modify super password parameters
system-view SystemView from terminal
telnet Open a telnet connection
terminal Set the terminal line characteristics
test-aaa Accounts test
tftp Establish a TFTP connection
tracert <Group> tracert command group
undelete Restore deleted files or directory
undo Negate a command or set its defaults
unzip Unzip files or directory
upgrade Upgrade
xdsl Display board temperature
zip Zip files or directory
二级无法做文件管理,但是三级可以
华为路由器权限级别:
0 | 用户---最小的命令集 |
1 | 监控---包含上述所有命令,可以查看更多 |
2 | 配置---包含上述所有命令,允许进入配置模式 |
3-15 | 管理---包含上述所有命令,并且允许文件管理 |
2、基于用户的授权:
前提是:基于AAA的认证
R2:
local-user zf password cipher %$%$/Mc#"w`!F&#\HI:3bVqLIP2t%$%$
local-user zf privilege level 3
local-user ajacksonz password cipher %$%$h%Tc-MuvVLLa-:@^%Wt%IOeX%$%$
local-user ajacksonz privilege level 0
可以区分每一个用户的级别,但是上述的线下直接授权,会导致所有人的级别相同
配置保存:
1、current-configuration-----存储在内存中,掉电丢失
相当思科的running config
当前正在运行的配置文件:
Dis cu---所有
Dis this-----当前模块下的配置
2、startup-configuration-------存储在外部存储中,掉电不丢失
相当于思科的startup config
如何让保存?
1、默认保存
<R2>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
<R2>dir
Directory of flash:/------闪存(这里我们可以理解为U盘)
Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Sep 28 2022 16:08:44 dhcp
1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
2 -rw- 2,263 Sep 28 2022 16:08:39 statemach.efs
3 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip
4 -rw- 267 Sep 28 2022 16:32:22 private-data.txt
5 -rw- 729 Sep 28 2022 16:32:21 vrpcfg.zip-------刚才保存的配置文件
1,090,732 KB total (784,452 KB free)
2、自定义保存
<R2>save ajacksonz.cfg
Are you sure to save the configuration to ajacksonz.cfg? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
<R2>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Sep 28 2022 16:08:44 dhcp
1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
2 -rw- 1,300 Sep 28 2022 16:35:30 ajacksonz.cfg----------我刚才保存的
3 -rw- 2,263 Sep 28 2022 16:08:39 statemach.efs
4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip
5 -rw- 267 Sep 28 2022 16:32:22 private-data.txt
6 -rw- 729 Sep 28 2022 16:32:21 vrpcfg.zip
1,090,732 KB total (784,448 KB free)
在这里我们可以使用more ajacksonz.cfg进行配置的查看
启动调用配置文件或者镜像
默认启动配置:
<R2>dis startup
MainBoard:
Startup system software: null
Next startup system software: null
Backup system software for next startup: null
Startup saved-configuration file: flash:/vrpcfg.zip-----默认启动文件
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
需求:启动的时候使用我刚才保存的ajacksonz.cfg文件
<R2>startup s
<R2>startup saved-configuration flash:/ajacksonz.cfg
This operation will take several minutes, please wait....
Info: Succeeded in setting the file for booting system
备份配置:
1、本地保存:----这这里也可以加入路径比如说我保存在U盘中
<R2>save ajacksonz.cfg
Are you sure to save the configuration to ajacksonz.cfg? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
2、远程备份(外部存储)
备份到FTP上:
路由器当FTP server ,pc当client
给服务器配置地址:
R2配置FTP server
R2:
[R2]ftp server enable
aaa
local-user ftp password cipher %$%$&4y}:J^8oBY(ga8Kdj0<J#{Q%$%$(ftp)
local-user ftp privilege level 3
local-user ftp ftp-directory flash:
local-user ftp service-type ftp
路由器当ftp client,pc当ftp server
配置FTP服务器,使用get命令可以拿下来
使用dir进行查看
[R1-ftp]ls
200 Port command okay.
150 Opening ASCII NO-PRINT mode data connection for ls -l.
Changes.txt
Everything.ini
Everything.lng
License.txt
Uninstall.exe
226 Transfer finished successfully. Data connection closed.
FTP: 73 byte(s) received in 0.180 second(s) 405.55byte(s)/sec.
[R1-ftp]get
[R1-ftp]get Everything.ini
200 Port command okay.
150 Sending Everything.ini (215 bytes). Mode STREAM Type BINARY
226 Transfer finished successfully. Data connection closed.
FTP: 215 byte(s) received in 0.090 second(s) 2.38Kbyte(s)/sec.
[R1-ftp]
[R1-ftp]quit
221 Goodbye.
<R1>
<R1>
<R1>
<R1>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Sep 28 2022 16:08:48 dhcp
1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
2 -rw- 215 Sep 28 2022 17:12:19 everything.ini
3 -rw- 2,263 Sep 28 2022 16:08:44 statemach.efs
4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip
5 -rw- 570 Sep 28 2022 16:08:42 vrpcfg.zip
1,090,732 KB total (784,452 KB free)
使用SAVE保存文件,put放上去
<R1>ftp 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1.
220 FtpServerTry FtpD for free
User(172.16.1.1:(none)):
331 Password required for .
Enter password:
230 User logged in , proceed
[R1-ftp]put ajacksonz.cfg
200 Port command okay.
150 Opening BINARY data connection for ajacksonz.cfg
100%
226 Transfer finished successfully. Data connection closed.
FTP: 998 byte(s) sent in 0.130 second(s) 7.67Kbyte(s)/sec.
路由器删除文件
Delete +文件名
R1:telnet R2
R1 telnet 172.16.12.2
发送数据
1、查询路由表,dis ip rou 172.16.12.2
If no
Then 不发送
Else to 2
2、封装
Telnet (7-5)| tcp sport >1024 dprot 23 | sip 12.1 dip 12.2 | smac dmac ?
If ARP表象 存在12.2 的mac地址
Then to 4
Else 创建12.2 incomplete 标目,发送一个arp-resquest 请求
Arp-requset smac R1 dmac 广播 fffff····
sendip 172.16.12.1
Sendmac R1mac
Target ip 172.16.12.2
Targrt mac R2
R2收到以后,回复ARP-REPLY smac R2 dmac R1(单播)
Sendip 12.2
Sendmac R2
Target IP 12.1
Target mac R1
R1收到ARPreply更像表象,转发数据包
接收数据:
R2收到一段比特流
因为入接口时ethernet接口,所以进行以太帧的格式化
1、检查目的mac
IF ig=0.单播
then检查目的mac是否是本接口的mac
If no
Drop
Else ,进入2
If ig=1,广播或者组播
If 广播
Then 接受,
Else ,检查是否添加组
If 加组,进入2
else drop
2、拆掉二层帧头,提交给上层(这里是ip)进程
检查目的ip是否是我的接口ip
如果不是查路由表
如果是,拆除ip头部,提交给TCP进程
3、检查TCP母的端口是23,提交给telent进程
发送数据,7-----2封装
接收数据,2-----7解封装