'분류 전체보기' 카테고리의 글 목록 (4 Page)

안녕하세요.

이번에는 Cisco ISE를 실습하기 위해서 아래와 같이 EVE-NG를 통해서 구성해 보겠습니다.

ISE01 - 192.168.10.191 - VMware ESXi안에서 설치
ISE02 - 192.168.10.192 - VMware ESXi안에서 설치

WINSERVER01 - 192.168.10.193 - VMware ESXi안에서 설치

WINSERVER02 - 192.168.10.194 - VMware ESXi안에서 설치

WLC01 - 192.168.10.195 - EVE-NG

WLC02 - 192.168.10.196 - EVE-NG

PC01 - 192.168.10.197 - EVE-NG 802.1x테스트 하기 위해서는 PC가 SW01에 직접 연결되어야 하기 때문에, PC를 EVE-NG안에다가 설치

PC02 - 192.168.10.198 - EVE-NG 안에다가 설치

SW01 - 192.168.10.199 - EVE-NG 안에다가 설치.

EVE-NG에서 아래처럼 구성 하였습니다.

WLC01만 생성 하곘습니다.

SW01이 INTERNET 구름을 타고 실제 PALOALTO 방화벽에 연결 됩니다.

IP: 192.168.10.0

Subnet: 255.255.255.0

GW: 192.168.10.253 -> PALOALTO LAN IP

지금까지 [2024][CISCO ISE#6] - test diagram 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > CISCO ISE' 카테고리의 다른 글

[2025][CISCO ISE#8] - create ou, user and group (0)	2025.01.04
[2025][CISCO ISE#7] - Active Directory install (0)	2025.01.04
[2025][CISCO ISE#5] - admin password change on CLI (0)	2025.01.04
[2025][CISCO ISE#4] - basic CLI command - 02 (0)	2025.01.04
[2025][CISCO ISE#3] - basic CLI command - 01 (0)	2025.01.04

안녕하세요.

이번에는 cisco ise admin cli에서 변경해 보겠습니다.

cisco ise를 설치 하였는데. GUI 접속시 pasword가 계속 틀리는 경우 이미 CLI모드에서 로그인이 완료 된 상태라면 아래처럼 CLI에서 곧바로 admin 계정에 패스워드를 변경 가능 합니다.

application reset-passwd ise admin

ise01/admin#application reset-passwd ise admin
Enter new password:
Confirm new password:

그리고 https://ise ip주소를 입력하고 admin password를 입력하고 로그인 합니다.

저작자표시

'CISCO > CISCO ISE' 카테고리의 다른 글

[2025][CISCO ISE#7] - Active Directory install (0)	2025.01.04
[2025][CISCO ISE#6] - test diagram (0)	2025.01.04
[2025][CISCO ISE#4] - basic CLI command - 02 (0)	2025.01.04
[2025][CISCO ISE#3] - basic CLI command - 01 (0)	2025.01.04
[2024][CISCO ISE#2] ISE서버 Patch Update하기 (0)	2024.07.10

안녕하세요.

이번에는 저번 글에 이어서 추가적으로 cisco ise basic cli command에 대해서 알아보겠습니다.

1. backup status 확인 명령어

show backup status

%% Configuration backup status
%% ----------------------------
% No data found. Try 'show backup history' or ISE operation audit report

%% Operation backup status
%% ------------------------
% No data found. Try 'show backup history' or ISE operation audit report
ise01/admin#

2. backup history 확인 명령어

백업한적이 없어서 관련 내용이 없음

ise01/admin#show backup history
ise01/admin#

3. cdp 네이버 확인

ise01/admin#show cdp neighbors

ise01/admin#

4. NTP 시간 확인

ise01/admin#show ntp
Configured NTP Servers:
         time.nist.gov
Reference ID    : 84A36001 (time-a-b.nist.gov)
Stratum         : 2
Ref time (UTC)  : Sat Jan 04 09:00:17 2025
System time     : 0.000150862 seconds slow of NTP time
Last offset     : +0.000016717 seconds
RMS offset      : 0.000380872 seconds
Frequency       : 19.168 ppm slow
Residual freq   : -0.000 ppm
Skew            : 0.078 ppm
Root delay      : 0.198001564 seconds
Root dispersion : 0.002744964 seconds
Update interval : 1043.7 seconds
Leap status     : Normal

210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* time-a-b.nist.gov             1  10   377   978  -2242us[-2226us] +/-  103ms

M indicates the mode of the source.
^ server, = peer, # local reference clock.

S indicates the state of the sources.
* Current time source, + Candidate, x False ticker, ? Connectivity lost, ~ Too much variability

Warning: Output results may conflict during periods of changing synchronization.
ise01/admin#

5. 현재 유저 확인

ise01/admin#show users

USERNAME         ROLE   HOST                     TTY      LOGIN DATETIME

admin            Admin  172.16.10.20             pts/0    Sat Jan  4 08:52:24 2025

-------------------
DETACHED SESSIONS:
-------------------

USERNAME             ROLE                 STARTDATE

% No disonnected user sessions present

ise01/admin#

6. timezone 확인

ise01/admin#show timezone
UTC
ise01/admin#

7. 라우팅 테이블 확인

ise01/admin#show ip route

Destination          Gateway              Iface
-----------          -------              -----
default              192.168.10.253       eth0
169.254.2.0/24       0.0.0.0              cni-podman1
169.254.4.0/24       0.0.0.0              cni-podman2
192.168.10.0/24      0.0.0.0              eth0
ise01/admin#

8. logging 확인

ise01/admin#show logging system
    5147905 Jan 04 2025 09:17:55  ade/ADE.log
      29677 Dec 31 2024 03:40:45  anaconda/anaconda.log
       3366 Dec 31 2024 03:40:45  anaconda/dbus.log
       3195 Dec 31 2024 03:40:45  anaconda/dnf.librepo.log
        120 Dec 31 2024 03:40:45  anaconda/hawkey.log
    2484919 Dec 31 2024 03:40:45  anaconda/journal.log
       1559 Dec 31 2024 03:40:45  anaconda/ks-script-caesfgpm.log
          0 Dec 31 2024 03:40:45  anaconda/ks-script-f16lj7nf.log
          0 Dec 31 2024 03:40:45  anaconda/ks-script-geecaiup.log
          0 Dec 31 2024 03:40:45  anaconda/ks-script-mlj3w0uu.log
          0 Dec 31 2024 03:40:45  anaconda/ks-script-n5tsd_t9.log
         27 Dec 31 2024 03:40:45  anaconda/ks-script-pg6uv0jk.log
      28057 Dec 31 2024 03:40:45  anaconda/lvm.log
     416289 Dec 31 2024 03:40:45  anaconda/packaging.log
       8579 Dec 31 2024 03:40:45  anaconda/program.log
     274997 Dec 31 2024 03:40:45  anaconda/storage.log
     949201 Dec 31 2024 03:40:45  anaconda/syslog
    1880031 Jan 04 2025 09:17:56  audit/audit.log
    8388726 Jan 04 2025 09:05:29  audit/audit.log.1
    8388886 Jan 04 2025 07:03:20  audit/audit.log.2
    8388687 Jan 04 2025 04:32:46  audit/audit.log.3
    8388878 Jan 04 2025 02:00:42  audit/audit.log.4
        560 Dec 31 2024 05:14:40  boot.log
          0 Dec 31 2024 03:23:40  btmp
    2299981 Jan 04 2025 09:17:56  confd/confd-audit.log
          0 Dec 31 2024 04:29:06  confd/confd-browser.log
       7222 Jan 04 2025 09:07:37  confd/confd-devel.log
      12320 Dec 31 2024 05:27:31  confd/confd-error.log.1
         18 Dec 31 2024 05:14:53  confd/confd-error.log.idx
         13 Dec 31 2024 05:14:53  confd/confd-error.log.siz
          0 Dec 31 2024 04:28:54  confd/confd-netconf.log
      43873 Dec 31 2024 05:15:07  confd/confd-startconfig.log
      61536 Jan 04 2025 09:17:56  confd/confd.log
      12361 Dec 31 2024 05:27:31  confd/localhost:8008.access
     355991 Jan 04 2025 09:09:22  confd/localhost:9888.access
     217380 Jan 04 2025 09:15:02  cron
      31552 Jan 04 2025 08:30:02  dnf.librepo.log
      95976 Jan 04 2025 08:30:02  dnf.log
       3944 Jan 04 2025 08:30:02  dnf.rpm.log
      32032 Dec 31 2024 04:38:21  faillog
    8388608 Jan 04 2025 09:17:56  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system.journal
   15728640 Jan 01 2025 07:20:01  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-000000000000529f-00062a9695a585e3.journal
   15728640 Jan 01 2025 18:40:38  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-0000000000007ef4-00062a9fdfafcf96.journal
   15728640 Jan 02 2025 06:00:01  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-000000000000ab5d-00062aa961ca3de2.journal
   15728640 Jan 02 2025 17:32:32  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-000000000000d79d-00062ab2df73367a.journal
   15728640 Jan 03 2025 04:37:55  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-00000000000103e6-00062abc8c1003b8.journal
   15728640 Jan 03 2025 15:55:09  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-0000000000013040-00062ac5d7a6fc7d.journal
   15728640 Jan 04 2025 03:10:02  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-0000000000015ca8-00062acf4da7c039.journal
   15728640 Jan 04 2025 09:07:48  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/system@909543f9760543a8952a757be3c846d2-00000000000188f3-00062ad8bb272d4e.journal
    8388608 Jan 04 2025 09:10:09  journal/dbbe2fd2b5a54ad2a4f66f9832ce8eeb/user-1000.journal
       1814 Dec 31 2024 05:14:47  kdump.log
     292292 Jan 04 2025 09:17:56  lastlog
          0 Dec 31 2024 03:32:50  maillog
    3296256 Jan 04 2025 09:17:56  messages
        314 Jan 04 2025 09:02:07  monit.log
      62781 Dec 31 2024 04:39:04  pbis-open-install.log
       6025 Jan 04 2025 08:00:45  rhsm/rhsm.log
       3832 Jan 04 2025 08:00:46  rhsm/rhsmcertd.log
     517652 Jan 01 2025 23:50:01  sa/sa01
     517652 Jan 02 2025 23:50:02  sa/sa02
     517652 Jan 03 2025 23:50:01  sa/sa03
     201404 Jan 04 2025 09:10:00  sa/sa04
     424876 Dec 31 2024 23:50:01  sa/sa31
     846672 Jan 02 2025 00:07:13  sa/sar01
     846672 Jan 03 2025 00:07:13  sa/sar02
     846672 Jan 04 2025 00:07:13  sa/sar03
     698107 Jan 01 2025 00:07:13  sa/sar31
    3935168 Jan 04 2025 09:17:56  secure
          0 Dec 31 2024 03:32:50  spooler
      57119 Jan 04 2025 09:05:28  sssd/sssd.log
        932 Dec 31 2024 05:14:41  sssd/sssd_implicit_files.log
        614 Dec 31 2024 05:14:41  sssd/sssd_nss.log
       4608 Dec 31 2024 05:14:46  tuned/tuned.log
        719 Dec 31 2024 03:41:04  vmware-network.log
       3116 Dec 31 2024 05:14:41  vmware-vgauthsvc.log.0
       3538 Dec 31 2024 06:17:58  vmware-vmsvc-root.log
        348 Dec 31 2024 05:14:41  vmware-vmtoolsd-root.log
       6912 Jan 04 2025 08:52:24  wtmp
ise01/admin#
Possible completions:
  application         Application Install and Administration
  backup              Backup system
  backup-logs         Backup system and application logs
  cd                  Change working directory
  clear               Reset functions
  clock               Set the System Clock
  configure           cfg
  copy                Enter URL (use disk:/path/file for local) (Max Size -
                      2048)
  crypto              Crypto operations
  debug               Debugging functions (see also 'undebug')
  delete              Delete a file
  dir                 List files on local filesystem
  esr                 Enter the Embedded Services Router console
  exit                Exit the management session
  forceout            Force Logout all the sessions of a specific system user
  generate-password   Username for which password has to be generated
  halt                Shutdown the system
  idle-timeout        Idle timeout for all the sessions of a specific system
                      user
  license             License operations
  mkdir               Create new directory
  nslookup            DNS lookup for an IP address or hostname
  password            Update Password
  patch               Install System or Application Patch
  permit              List cli for Secure Tunnel
  ping                Ping a remote ip address
  ping6               Ping a remote ipv6 address
  reload              Reload the system
  reset-config        Reset network and time settings
  restore             Restore system
  rmdir               Remove existing directory
  screen-length       Configure screen length
  screen-width        Configure screen width
  show                Show information about the system
  ssh                 SSH to a remote ip address
  tech                TAC commands
  terminal            Set terminal line parameters
  traceroute          Trace the route to a remote ip address
  undebug             Disable debugging functions (see also 'debug')
  who                 Display currently logged on users
ise01/admin#

9. 메모리 확인

ise01/admin#show memory
memory total memory:       16204356 kB
       free memory:          698464 kB
       cached:          4980452 kB
       swap-cached:        24776 kB

       output of free command:
                     total        used        free      shared  buff/cache   available
       Mem:       16204356     9179292      698364     2006152     6326700     4631852
       Swap:       8191996       97420     8094576

ise01/admin#

10. CPU 확인

ise01/admin#show cpu usage

ISE Function                         % CPU Usage           CPU Time     Number of threads
---------------------------------------------------------------------------------------------
Database Server                           0.00              4:21.18             123 processes
M&T Log Processor                         0.00              2:35.48             120
Certificate Authority Service             0.00              1:42.84              49
Profiler Database                         0.00              0:01.23               4
M&T Session Database                      0.00              0:00.56              14
Threat Centric NAC RabbitMQ Container     0.00              0:00.00              -
ISE Indexing Engine                       0.00              0:00.00              -
Database Listener                         0.00              0:00.00              -
Admin Webapp                              0.00              0:00.00               0
Profiler                                  0.00              0:00.00               0
NSF Persistence Layer                     0.00              0:00.00               0
Guest Services                            0.00              0:00.00               0
Syslog Processor                          0.00              0:00.00               0
Quartz Scheduler                          0.00              0:00.00               0
RMI Services                              0.00              0:00.00               0
Message Queue                             0.00              0:00.00               0
BYOD Services                             0.00              0:00.00               0
Admin Process JVM Threads                 0.00              0:00.00               0
Miscellaneous services                    0.00              0:00.00               0
M&T Log Collector                          N/A
Identity Mapping Service                   N/A
SXP Engine Service                         N/A
Docker Daemon                              N/A
Threat Centric NAC MongoDB Container       N/A
Threat Centric NAC Core Engine Container   N/A
Vulnerability Assessment Database          N/A
Vulnerability Assessment Service           N/A
WIFI Setup                                 N/A
Segmentation Policy Service                N/A

%WARNING: N/A means the ISE function  is not enabled.
ise01/admin#

11. DISK 확인

ise01/admin#show disks
disks
      Internal filesystems:
      Filesystem      Size  Used Avail Use% Mounted on
      devtmpfs        7.8G     0  7.8G   0% /dev
      tmpfs           7.8G   84K  7.8G   1% /dev/shm
      tmpfs           7.8G  1.7M  7.8G   1% /run
      tmpfs           7.8G     0  7.8G   0% /sys/fs/cgroup
      /dev/sda2        26G  3.1G   21G  13% /
      /dev/sda7        63G   42G   18G  71% /opt
      /dev/sda1       969M   79M  825M   9% /boot
      /dev/sda6       1.9G  6.3M  1.8G   1% /tmp
      /dev/sda3        93M  1.6M   85M   2% /storedconfig
      tmpfs           1.6G     0  1.6G   0% /run/user/440
      shm              63M     0   63M   0% /opt/podman/containers/storage/overlay-containers/e75b7bef68a32c54670c4d34b1803bc7bdae77be3f84c1edd2633781d718667e/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/af7fb8638bad072d2b920db56968c9a9d8bfd2a2eb29a4f5ce50a321fa150208/merged
      shm              63M  8.0K   63M   1% /opt/podman/containers/storage/overlay-containers/d271f51665dc0ecec63728f089a4daf129e03d04e224a2da88a7b4f301e11ecd/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/64c758a70a603918ea7104f437f74aa08afca2f07f3231ff796b0f6bb3edac44/merged
      tmpfs           1.6G     0  1.6G   0% /run/user/301
      shm              63M     0   63M   0% /opt/podman/containers/storage/overlay-containers/3e64e5c3bfbec884ae7524ede802f2bd6351d82e1fecf29eb3d0e2f0d9415cef/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/4c5b82310f04acf98156d7ab326f3e2727f760163ef26cebf1aae97dd5f2687a/merged
      tmpfs           1.6G     0  1.6G   0% /run/user/321
      tmpfs           1.6G     0  1.6G   0% /run/user/0
      tmpfs           1.6G     0  1.6G   0% /run/user/304
      tmpfs           1.6G     0  1.6G   0% /run/user/322
      tmpfs           1.6G     0  1.6G   0% /run/user/345
      shm              63M     0   63M   0% /opt/podman/containers/storage/overlay-containers/164cfd2ad58d66fe06045be8f685214331654727f1904dca0f380fae7c75e101/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/ed679437593ec5aab4162a73b088af7a9fdc9d1c8b1a3cf9f9436efeafa7727e/merged
      shm              63M     0   63M   0% /opt/podman/containers/storage/overlay-containers/b67556a0dce5f513168b34623739edb80fff896579183763cfd346e7c40eb5e0/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/0e34325f895257b992a90b0ed5dcbe4aa28fbe6ba425ddfd27d71d543843dcfd/merged
      shm              63M     0   63M   0% /opt/podman/containers/storage/overlay-containers/5bfe91e165c5cf8bace97a2b872536cdb77a6adeb2def9a7a98f252b3253ee59/userdata/shm
      overlay          63G   42G   18G  71% /opt/podman/containers/storage/overlay/7b0766cfe8bf286da713cab0eda653ce04cb5f0358fedb5230fc3e0396b15d55/merged

        all internal filesystems have sufficient free space

ise01/admin#

11. Interface 확인

ise01/admin#show interface
cni-podman1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.254.2.1  netmask 255.255.255.0  broadcast 169.254.2.255
        inet6 fe80::5058:b3ff:fe16:fe7e  prefixlen 64  scopeid 0x20<link>
        ether 52:58:b3:16:fe:7e  txqueuelen 1000  (Ethernet)
        RX packets 350141  bytes 97134003 (92.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 372903  bytes 46480544 (44.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

cni-podman2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.254.4.1  netmask 255.255.255.0  broadcast 169.254.4.255
        inet6 fd00::1:8:1  prefixlen 112  scopeid 0x0<global>
        inet6 fe80::6448:b0ff:fe94:e706  prefixlen 64  scopeid 0x20<link>
        ether 66:48:b0:94:e7:06  txqueuelen 1000  (Ethernet)
        RX packets 583791  bytes 844767918 (805.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 584796  bytes 826161372 (787.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

GigabitEthernet 0
        flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.191  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::250:56ff:fe8c:70c3  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:8c:70:c3  txqueuelen 1000  (Ethernet)
        RX packets 570754  bytes 57147663 (54.5 MiB)
        RX errors 0  dropped 24  overruns 0  frame 0
        TX packets 105627  bytes 46960378 (44.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 13734268  bytes 7698738901 (7.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13734268  bytes 7698738901 (7.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth0aeb9d55: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::4821:b9ff:fe66:2238  prefixlen 64  scopeid 0x20<link>
        ether 4a:21:b9:66:22:38  txqueuelen 0  (Ethernet)
        RX packets 8115  bytes 16788431 (16.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6018  bytes 4542682 (4.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth3025cf38: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::c815:fbff:fe92:96d9  prefixlen 64  scopeid 0x20<link>
        ether ca:15:fb:92:96:d9  txqueuelen 0  (Ethernet)
        RX packets 1564  bytes 465222 (454.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2281  bytes 447110 (436.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth47403bcb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a886:85ff:fea5:a64c  prefixlen 64  scopeid 0x20<link>
        ether aa:86:85:a5:a6:4c  txqueuelen 0  (Ethernet)
        RX packets 758  bytes 310691 (303.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1078  bytes 179340 (175.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ise01/admin#

12. version 확인

ise01/admin#show version

Cisco Application Deployment Engine OS Release: 3.2
ADE-OS Build Version: 3.2.0.401
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2022 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise01

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version : 3.2.0.542
Build Date : Wed Oct 19 16:27:24 2022
Install Date : Tue Dec 31 04:37:28 2024

ise01/admin#

13. uptime 확인

ise01/admin#show uptime
09:20:17 up 4 days, 4:05, 1 user, load average: 0.79, 1.00, 1.34
ise01/admin#

지금까지 [2024][CISCO ISE#4] - basic CLI command - 02 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > CISCO ISE' 카테고리의 다른 글

[2025][CISCO ISE#6] - test diagram (0)	2025.01.04
[2025][CISCO ISE#5] - admin password change on CLI (0)	2025.01.04
[2025][CISCO ISE#3] - basic CLI command - 01 (0)	2025.01.04
[2024][CISCO ISE#2] ISE서버 Patch Update하기 (0)	2024.07.10
[2024][CISCO ISE#1] ISE서버 VMware ESXi에 설치 하기. (0)	2024.07.07

안녕하세요.

오늘은 cisco ISE basic command에 대해서 알아보겠습니다. cisco GUI는 가끔식 CLI모드에 접속 해서 확인 해야되는 부분이 있습니다.

? 입력하면 사용 가능한 명령어를 호가인 할 수 있습니다.

ise01/admin#?
Possible completions:
  application         Application Install and Administration
  backup              Backup system
  backup-logs         Backup system and application logs
  cd                  Change working directory
  clear               Reset functions
  clock               Set the System Clock
  configure           cfg
  copy                Enter URL (use disk:/path/file for local) (Max Size -
                      2048)
  crypto              Crypto operations
  debug               Debugging functions (see also 'undebug')
  delete              Delete a file
  dir                 List files on local filesystem
  esr                 Enter the Embedded Services Router console
  exit                Exit the management session
  forceout            Force Logout all the sessions of a specific system user
  generate-password   Username for which password has to be generated
  halt                Shutdown the system
  idle-timeout        Idle timeout for all the sessions of a specific system
                      user
  license             License operations
  mkdir               Create new directory
  nslookup            DNS lookup for an IP address or hostname
  password            Update Password
  patch               Install System or Application Patch
  permit              List cli for Secure Tunnel
  ping                Ping a remote ip address
  ping6               Ping a remote ipv6 address
  reload              Reload the system
  reset-config        Reset network and time settings
  restore             Restore system
  rmdir               Remove existing directory
  screen-length       Configure screen length
  screen-width        Configure screen width
  show                Show information about the system
  ssh                 SSH to a remote ip address
  tech                TAC commands
  terminal            Set terminal line parameters
  traceroute          Trace the route to a remote ip address
  undebug             Disable debugging functions (see also 'debug')
  who                 Display currently logged on users

1. application 상태 확인

show application status ise

ise01/admin#show application status ise

ISE PROCESS NAME                       STATE            PROCESS ID
--------------------------------------------------------------------
Database Listener                      running          7637
Database Server                        running          125 PROCESSES
Application Server                     running          26414
Profiler Database                      running          15924
ISE Indexing Engine                    running          27730
AD Connector                           running          29004
M&T Session Database                   running          22341
M&T Log Processor                      running          26671
Certificate Authority Service          running          28799
EST Service                            running          60153
SXP Engine Service                     disabled
TC-NAC Service                         disabled
PassiveID WMI Service                  disabled
PassiveID Syslog Service               disabled
PassiveID API Service                  disabled
PassiveID Agent Service                disabled
PassiveID Endpoint Service             disabled
PassiveID SPAN Service                 disabled
DHCP Server (dhcpd)                    disabled
DNS Server (named)                     disabled
ISE Messaging Service                  running          10778
ISE API Gateway Database Service       running          14612
ISE API Gateway Service                running          20984
ISE pxGrid Direct Service              running          46645
Segmentation Policy Service            disabled
REST Auth Service                      disabled
SSE Connector                          disabled
Hermes (pxGrid Cloud Agent)            disabled
McTrust (Meraki Sync Service)          disabled
ISE Node Exporter                      running          29632
ISE Prometheus Service                 running          31413
ISE Grafana Service                    running          35505
ISE MNT LogAnalytics Elasticsearch     disabled
ISE Logstash Service                   disabled
ISE Kibana Service                     disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 100 GB

2. cisco ise application service 종료 - ISE를 종료 하기 위해서는 꼭 application service 중지 하고 ISE종료 해야합니다.

application stop ise

ise01/admin#application stop ise

Stopping ISE Monitoring & Troubleshooting Log Processor...
PassiveID WMI Service is disabled
PassiveID Syslog Service is disabled
PassiveID API Service is disabled
PassiveID Agent Service is disabled
PassiveID Endpoint Service is disabled
PassiveID SPAN Service is disabled
Stopping ISE Application Server...
Stopping ISE Process Monitoring Service...
Stopping ISE Certificate Authority Service...
Stopping ISE EST Service...
ISE Sxp Engine Service is disabled
Stopping TC-NAC Service ...
VA Service is not running
ISE VA Database is not running
Segmentation Policy Service is disabled
REST Auth Service is disabled
Stopping ISE Messaging Service...
Stopping ISE API Gateway Service...
Stopping edda-url-fetcher-service Service...
Stopping ISE API Gateway Database Service...
Stopping ISE Profiler Database...
Stopping ISE Indexing Engine...
Stopping ISE Monitoring & Troubleshooting Session Database...
Stopping ISE AD Connector...
Stopping ISE Database processes...
Stopping ISE Node Exporter...
Stopping ISE Prometheus Service...
Stopping ISE Grafana Service...
ISE MNT LogAnalytics Elasticsearch Service is not running.
ISE Logstash Service is not running.
ISE Kibana service is not running.

ise01/admin#

3. ise application 서비스 시작 명령어

application start ise

ise01/admin#application start ise

ISE Database processes already running, PID: 2658610
Starting ISE Messaging Service...
Starting ISE API Gateway Database Service...
Starting ISE Profiler Database...
Starting ISE API Gateway Service...
Starting ISE Monitoring & Troubleshooting Session Database...
Starting edda-url-fetcher-service Service...
Starting ISE Process Monitoring Service...
Starting ISE Application Server...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE Indexing Engine...
Starting ISE Certificate Authority Service...
NSS database for CA Service is ready
ISE EST service is already running, PID: 2671617
Starting ISE AD Connector...
Starting ISE Node Exporter...
Starting ISE Prometheus Service...
Starting ISE Grafana Service...
ISE MNT LogAnalytics Elasticsearch Service is disabled
ISE Logstash Service is disabled
ISE Kibana Service is disabled
Note: ISE Processes are initializing. Use 'show application status ise'
CLI to verify all processes are in running state.

ise01/admin#

3. 스크린 clear하는 방법

ise01/admin#cls

4. 현재 시간 확인 하는 방법

ise01/admin#show clock
Sat Jan 4 09:08:34 UTC 2025

5. CLI mode에서 debug enable

debug all, 또는 원하는 부분은 debug enable가능 합니다.

ise01/admin#debug ?
Possible completions:
  all              Enable all debugging
  application      Application debugging
  backup-restore   Backup and restore
  cdp              Cisco Discovery Protocol
  config           Configuration
  copy             Copy commands
  locks            Resource locking
  logging          Logging configuration
  snmp             Snmp configuration
  system           System
  transfer         File transfer
  user             User Management
  utils            Utilities
ise01/admin#debug all

6. debug disable

ise01/admin#undebug all

7. ping 8.8.8.8

ise01/admin#ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=1.41 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=1.53 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=1.62 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=1.43 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.406/1.493/1.615/0.083 ms

8. traceroute 8.8.8.8

ise01/admin#traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1  192.168.10.253  2.182 ms  2.158 ms  2.152 ms
2  202.X.X.X 2.735 ms  2.884 ms  2.855 ms
3  202.X.X.X 2.618 ms  2.638 ms  2.694 ms
4  203.117.190.81  3.149 ms  3.181 ms  3.176 ms
5  * * *
6  203.116.3.50  3.633 ms  2.102 ms  2.059 ms
7  72.14.196.189  3.577 ms  4.002 ms  4.017 ms
8  172.253.77.227  2.596 ms  2.541 ms  2.509 ms
9  74.125.251.205  3.248 ms  2.941 ms  2.994 ms
10  8.8.8.8  1.825 ms  1.583 ms  1.033 ms

ise01/admin#

9. 재부팅

reload

ise01/admin#reload

10. 종료

halt

se01/admin#halt

지금까지 [2024][CISCO ISE#3] - basic CLI command - 01 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > CISCO ISE' 카테고리의 다른 글

[2025][CISCO ISE#6] - test diagram (0)	2025.01.04
[2025][CISCO ISE#5] - admin password change on CLI (0)	2025.01.04
[2025][CISCO ISE#4] - basic CLI command - 02 (0)	2025.01.04
[2024][CISCO ISE#2] ISE서버 Patch Update하기 (0)	2024.07.10
[2024][CISCO ISE#1] ISE서버 VMware ESXi에 설치 하기. (0)	2024.07.07

안녕하세요.

오늘은 윈도우 PowerShell에 대해서 알아보겠습니다.

1. Unix의 셀 Shell과 같은 기능을 제공하고 윈도우 서버 2008에서 소개 되었습니다.

2. Windows Server를 관리할 때 자주 사용되는 것들을 PowerShell Script를 이용해서 만들어 놓고 언제든지 재사용 가능

3. 일반 윈도우에서도 PowerShell를 사용 할 수 있습니다.

PS C:\Users\Administrator> write-output "hello"
hello
PS C:\Users\Administrator>

host정보 확인하는 방법

PS C:\Users\Administrator> get-host

Name             : ConsoleHost
Version          : 5.1.20348.558
InstanceId       : 717406c0-fce2-4d1b-8fda-7746e6c77631
UI               : Systehttp://m.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : en-US
CurrentUICulture : en-US
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
DebuggerEnabled  : True
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace

PS C:\Users\Administrator>

문자를 입력해서 새로운 파일 생성

PS C:\Users\Administrator> add-content "hello" -path c:\hello.txt
PS C:\Users\Administrator> get-content c:\hello.txt
hello
PS C:\Users\Administrator>

파일 copy하기

hello.txt를 goodmorning.txt로 복사 하였습니다.

PS C:\Users\Administrator> copy-item c:\hello.txt c:\goodmorning.txt

파일 list 확인 하기

PS C:\Users\Administrator> get-childitem c:\*

    Directory: C:\

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----          5/8/2021   1:20 AM                PerfLogs
d-r---        12/31/2024   3:24 AM                Program Files
d-----        12/31/2024   3:22 AM                Program Files (x86)
d-----          1/1/2025  12:19 AM                Share_Authorized_User
d-----          1/1/2025  12:19 AM                share_hide
d-----          1/1/2025  12:18 AM                Share_USER01_ONLY
d-----          1/1/2025  12:18 AM                Share_USER_ALL_READ
d-----          1/1/2025  12:18 AM                Share_USER_ALL_READ_WRITE
d-r---        12/31/2024   2:24 AM                Users
d-----        12/31/2024   2:30 AM                Windows
-a----          1/1/2025  12:56 AM              7 goodmorning.txt
-a----          1/1/2025  12:56 AM              7 hello.txt

PS C:\Users\Administrator>

txt파일만 출력하기

PS C:\Users\Administrator> get-childitem c:\*.txt

    Directory: C:\

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----          1/1/2025  12:56 AM              7 goodmorning.txt
-a----          1/1/2025  12:56 AM              7 hello.txt

write-command 뒤에 무엇이 있는지 확인 하고 싶을때.

PS C:\Users\Administrator> get-command write*

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Alias           write -> Write-Output
Alias           Write-FileSystemCache                              2.0.0.0    Storage
Alias           Write-FileSystemCache                              1.0.0.0    VMDirectStorage
Function        Write-DtcTransactionsTraceSession                  1.0.0.0    MsDtc
Function        Write-PrinterNfcTag                                1.1        PrintManagement
Function        Write-VolumeCache                                  2.0.0.0    Storage
Cmdlet          Write-Debug                                        3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Error                                        3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-EventLog                                     3.1.0.0    Microsoft.PowerShell.Management
Cmdlet          Write-Host                                         3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Information                                  3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Output                                       3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Progress                                     3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Verbose                                      3.1.0.0    Microsoft.PowerShell.Utility
Cmdlet          Write-Warning                                      3.1.0.0    Microsoft.PowerShell.Utility
Application     write.exe                                          10.0.20... C:\Windows\system32\write.exe
Application     write.exe                                          10.0.20... C:\Windows\write.exe

이런 형식으로 Linux 또는 Unix 처럼 여러가지 기능들을 shell형식으로 제공합니다.

이 관련 부분을 script를 이용해서 자동화에도 사용 하루 있습니다.

이 글에서는 powershell를 이용한 자동화 스크립트에 대해서는 다루지 않겠습니다.

지금까지 [Windows Server 2019][#6] - PowerShell 글을 읽어주셔서 감사합니다.

저작자표시

'SERVER > 윈도우' 카테고리의 다른 글

[Windows Server 2019][#5] - 기초 windows command 명령어 (0)	2025.01.01
[Windows Server 2019] - remote desktop - 원격 데스크톱 (0)	2024.11.16
[Win2019 Server][#3] - Active Directory Installation (1)	2024.11.15
[Win2019 Server][#2] - Basic Configuration (0)	2024.11.15
[Win2019 Server][#1] - Windows Server 2019 Installation (0)	2024.11.15

안녕하세요.

오늘은 CMD 기초 명령어에 대해서 알아보겠습니다.

computer hostname 확인

C:\Users\Administrator>hostname
FIRST

computer hostname 변경

C:\Users\Administrator>hostname
FIRST

C:\Users\Administrator>netdom renamecomputer %COMPUTERNAME% /newname:SERVER01
This operation will rename the computer FIRST
to SERVER01.

Certain services, such as the Certificate Authority, rely on a fixed machine
name. If any services of this type are running on FIRST,
then a computer name change would have an adverse impact.

Do you want to proceed (Y or N)?
y
The computer needs to be restarted in order to complete the operation.

The command completed successfully.

C:\Users\Administrator>

PC가 재부팅되어야지 적용 됩니다.

재부팅 명령어

shutdown /r /t 0

재부팅이 완료 되면 hostname명령어로 서버 호스트 이름을 확인 합니다.

아래처럼 변경 되었습니다.

C:\Users\Administrator>
C:\Users\Administrator>hostname
SERVER01

IP주소 확인 명령어

C:\Users\Administrator>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::dc7a:b75c:a36c:5fe4%11
   IPv4 Address. . . . . . . . . . . : 192.168.10.193
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.253

C:\Users\Administrator>

IP주소 상세하게 확인 하는 방법

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER01
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-21-0B-1B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc7a:b75c:a36c:5fe4%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.193(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.253
   DHCPv6 IAID . . . . . . . . . . . : 100666409
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-05-E4-8C-00-0C-29-21-0B-1B
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\Administrator>

CMD 모드에서 IP주소 변경하는 방법

현재 Ethernet0이 Index 번호는 11

C:\Users\Administrator>netsh
netsh>interface ipv4 show interface

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          75  4294967295  connected     Loopback Pseudo-Interface 1
11          25        1500  connected     Ethernet0

netsh>

아래 처럼 CMD에서도 IP주소랑 DNS를 변경 가능 합니다.

netsh>interface ipv4 set address name="11" source=static address=192.168.10.x mask=255.255.255.0 gateway=192.168.10.253
netsh>interface ipv4 add dnsserver name="11" address=8.8.8.8 index=1

Server Routing Table 확인 하는 명령어

C:\Users\Administrator>route print
===========================================================================
Interface List
11...00 0c 29 21 0b 1b ......Intel(R) 82574L Gigabit Network Connection
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.10.253   192.168.10.193    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.10.0    255.255.255.0         On-link    192.168.10.193    281
   192.168.10.193  255.255.255.255         On-link    192.168.10.193    281
   192.168.10.255  255.255.255.255         On-link    192.168.10.193    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.10.193    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.10.193    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0   192.168.10.253  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
11    281 fe80::/64                On-link
11    281 fe80::dc7a:b75c:a36c:5fe4/128
                                    On-link
  1    331 ff00::/8                 On-link
11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\Administrator>

저작자표시

'SERVER > 윈도우' 카테고리의 다른 글

[Windows Server 2019][#6] - PowerShell (0)	2025.01.01
[Windows Server 2019] - remote desktop - 원격 데스크톱 (0)	2024.11.16
[Win2019 Server][#3] - Active Directory Installation (1)	2024.11.15
[Win2019 Server][#2] - Basic Configuration (0)	2024.11.15
[Win2019 Server][#1] - Windows Server 2019 Installation (0)	2024.11.15

안녕하세요.

오늘은 DUAL WAN구조에서 DDNS설정해보겠습니다.

Fortigate VM에서 설정해보겠습니다.

Fortigate VM은 DDNS CLI만 지원 합니다.

테스트 하기전에 DUAL WAN구조에서 IP SLA 부분을 설정 합니다.

https://itblog-kr.tistory.com/124

[Fortigate-#19]- IP SLA

안녕하세요. 이번에는 Fortigate에서 IP SLA에 대해서 알아보겠습니다. 아래처럼 Fortigate입장에서 WAN 인터넷이 2개가 연결되어져 있고, AD값으로 WAN01이 MAIN internet WAN02가 BACKUP internet으로 동작중에

itblog-kr.tistory.com

현재 모든 TRAFFIC은 Default Gateway가 WAN01로 통신 합니다.

ISP01 - WAN01은 외부에 통신 가능

ISP02 - WAN02는 WAN01이 죽어야지 Default Gateway WAN02로 바뀌면서 통신 가능 합니다.

config system ddns
    edit 1
        set ddns-server FortiGuardDDNS
        set ddns-domain "fw1004.float-zone.com"
        set use-public-ip enable
set update-interval 60
        set monitor-interface "port1" "port2"

디폴트 update-interval은 5분 입니다. 이 값은 1분으로 줄입니다.

C:\Users\USER>ping fw1004.float-zone.com -t

Ping fw1004.float-zone.com [202.X.X.196] 32바이트 데이터 사용:
202.X.X.196의 응답: 바이트=32 시간=17ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=10ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=13ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=16ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=25ms TTL=245

202. X.X .196에 대한 Ping 통계:
    패킷: 보냄 = 5, 받음 = 5, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
    최소 = 10ms, 최대 = 25ms, 평균 = 16ms
Control-C
^C
C:\Users\USER>
C:\Users\USER>nslookup fw1004.float-zone.com -t
^C
C:\Users\USER>nslookup fw1004.float-zone.com
서버:    UnKnown
Address:  43.245.107.6

권한 없는 응답:
이름:    fw1004.float-zone.com
Address:  202. X.X .196

Fortigate에서 WAN01에서 케이블을 제거 합니다.

DDNS서버에 정보가 업데이트되고 ROOT DNS서버까지 동기화 하기 위해서는 조금 시간이 걸립니다.

5분 정도 기다립니다.

라우팅 테이블은 port2으로 ISP2으로 변경 되었습니다.

fortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [150/0] via 202. X.X .193, port2, [1/0]
C       10.1.1.0/24 is directly connected, port3

C:\Users\USER>ping fw1004.float-zone.com

Ping fw1004.float-zone.com [202. X.X .197] 32바이트 데이터 사용:
202. X.X .197의 응답: 바이트=32 시간=18ms TTL=245
202. X.X .197의 응답: 바이트=32 시간=11ms TTL=245
202. X.X .197의 응답: 바이트=32 시간=9ms TTL=245
202. X.X .197의 응답: 바이트=32 시간=7ms TTL=245

202. X.X .197에 대한 Ping 통계:
    패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
    최소 = 7ms, 최대 = 18ms, 평균 = 11ms

C:\Users\USER> nslookup fw1004.float-zone.com
서버:    UnKnown
Address:  43.245.107.6

권한 없는 응답:
이름:    fw1004.float-zone.com
Address:  202.X.X.197

fortigate wan01 케이블을 다시 연결 합니다.

Default Gateway는 변경 되었습니다.

FortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 202. X.X .193, port1, [1/0]
C       10.1.1.0/24 is directly connected, port3

DDNS서버에 동기화 할때까지 시간이 좀 소요 됩니다. 5분을 기다립니다.

C:\Users\USER>ping fw1004.float-zone.com

Ping fw1004.float-zone.com [202.X.X.196] 32바이트 데이터 사용:
202. X.X .196의 응답: 바이트=32 시간=8ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=12ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=7ms TTL=245
202. X.X .196의 응답: 바이트=32 시간=7ms TTL=245

202. X.X .196에 대한 Ping 통계:
    패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
    최소 = 7ms, 최대 = 12ms, 평균 = 8ms

C:\Users\USER> nslookup fw1004.float-zone.com
서버:    UnKnown
Address:  43.245.107.6

권한 없는 응답:
이름:    fw1004.float-zone.com
Address:  202. X.X .196

C:\Users\USER>

지금까지 [Fortigate-#21]- DDNS - Dual WAN 글을 읽어주셔서 감사합니다.

저작자표시

'FORTINET > FORTIGATE 방화벽' 카테고리의 다른 글

[Fortigate-#22]- ECMP 개요 load-balance 방식 (1)	2025.01.19
[Fortigate-#20]- DDNS - Single WAN (0)	2024.12.28
[Fortigate-#19]- IP SLA (0)	2024.12.28
[Fortigate-#18]- Explicit Proxy with UTM function (0)	2024.12.23
[Fortigate-#17]- Explicit Proxy (0)	2024.12.23

안녕하세요.

이번에는 Fortigate DDNS 설정해보겠습니다.

fortigate hardware 제품은 DDNS GUI설정 가능합니다.

fortigate VM은 CLI로만 DDNS 설정 가능 합니다.

1. DNS -> DNS settings에서 FortiGuard DDNS를 Enable 합니다.

Interface: wan1

use public ip address: enable

Server: 3가지 서버중에 하나를 선택 합니다.

Unique location: fw1004 hostname 이름

hostname 이름이 사용 가능 하면 availalable 표시가 됩니다.

만약에 다른 사람이 사용 하고 있으면 다른 hostname를 입력합니다.

저장합니다. A레코드가 등록되어서 DNS 서버에 등록되고 동기화 될때까지 약 시간이 좀 소요 됩니다.

5분 뒤에

ping fw1004.fortiddns.com

또는

nslookup fw1004.fortiddns.com

으로 공인 IP주소가 변경 되었는지 확인 합니다.

C:\Users\USER>ping fw1004.fortiddns.com

Ping fw1004.fortiddns.com [202.14. X.X ] 32바이트 데이터 사용:
202.14.X.X의 응답: 바이트=32 시간=9ms TTL=245
202.14. X.X 의 응답: 바이트=32 시간=5ms TTL=245
202.14. X.X 의 응답: 바이트=32 시간=6ms TTL=245
202.14. X.X 의 응답: 바이트=32 시간=6ms TTL=245

202.14. X.X 에 대한 Ping 통계:
    패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
    최소 = 5ms, 최대 = 9ms, 평균 = 6ms

C:\Users\USER>nslookup
기본 서버:  UnKnown
Address:  43.245.107.6

> fw1004.fortiddns.com
서버:    UnKnown
Address:  43.245.107.6

권한 없는 응답:
이름:    fw1004.fortiddns.com
Address:  202.14. X.X

>

정상적으로 동작 합니다.

지금까지 [Fortigate-#20]- DDNS - Single WAN 글을 읽어주셔서 감사합니다.

저작자표시

'FORTINET > FORTIGATE 방화벽' 카테고리의 다른 글

[Fortigate-#22]- ECMP 개요 load-balance 방식 (1)	2025.01.19
[Fortigate-#21]- DDNS - Dual WAN (1)	2024.12.28
[Fortigate-#19]- IP SLA (0)	2024.12.28
[Fortigate-#18]- Explicit Proxy with UTM function (0)	2024.12.23
[Fortigate-#17]- Explicit Proxy (0)	2024.12.23

안녕하세요.

이번에는 Fortigate에서 IP SLA에 대해서 알아보겠습니다.

아래처럼 Fortigate입장에서 WAN 인터넷이 2개가 연결되어져 있고, AD값으로

WAN01이 MAIN internet

WAN02가 BACKUP internet으로 동작중에 INT-SW G0/0가 죽으면 Fortigate입장에서는 감지 할수 있는 방법이 없어서 계속 WAN01로 Traffic보내어서 PC가 통신이 불가능 합니다.

WAN01 - Interface로 Ping 8.8.8.8 보내어서 응답이 없으면 Defualt Gateway를 WAN02변경해서 PC가 계속 외부로 통신이 가능 하도록 설정해보겠습니다.

FortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 202.14.X.X, port1, [1/0]
C       10.1.1.0/24 is directly connected, port3

외부로 통신이 가능 합니다.

INT-SW01에서 Int G0/0 Shutdown 합니다.

en
conf t
int g0/0
sh

PC에서 통신이 불가능 합니다.

그 이유는 방화벽 입장에서 직접 물리적으로 연결된 링크가 죽은게 아니기때문에, 감지를 못합니다.

계속 Port1로 패킷을 보내고 있습니다.

FortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 202.14.X.X, port1, [1/0]
C       10.1.1.0/24 is directly connected, port3

Fortigate 에서 IP SLA 설정 합니다.

FortiGate-VM64-KVM # config  system link-monitor

FortiGate-VM64-KVM (link-monitor) # edit pri
new entry 'pri' added

FortiGate-VM64-KVM (pri) # set srcintf port1

FortiGate-VM64-KVM (pri) # set source-ip 202.14.X.X

FortiGate-VM64-KVM (pri) # set server 8.8.8.8

FortiGate-VM64-KVM (pri) # get
name                : pri
addr-mode           : ipv4
srcintf             : port1
server-config       : default
server              : "8.8.8.8"
protocol            : ping
gateway-ip          : 0.0.0.0
route               :
source-ip           : 202.14.X.X
interval            : 500
probe-timeout       : 500
failtime            : 5
recoverytime        : 5
probe-count         : 30
ha-priority         : 1
update-cascade-interface: enable
update-static-route : enable
update-policy-route : enable
status              : enable
diffservcode        : 000000
class-id            : 0
service-detection   : disable

FortiGate-VM64-KVM (pri) #

FortiGate-VM64-KVM (pri) # show
config system link-monitor
    edit "pri"
        set srcintf "port1"
        set server "8.8.8.8"
        set source-ip 202.14.X.X
    next
end

FortiGate-VM64-KVM # diagnose sys link-monitor status pri

Link Monitor: pri, Status: dead, Server num(1), HA state: local(dead), shared(dead)
Flags=0x9 init log_downgateway, Create time: Fri Dec 27 18:45:55 2024
Source interface: port1 (3)
Source IP: 202.14.X.X
Interval: 500 ms
Service-detect: disable
Diffservcode: 000000
Class-ID: 0
  Peer: 8.8.8.8(8.8.8.8)
        Source IP(202.14.X.X)
        Route: 202.14.X.X->8.8.8.8/32, gwy(202.14.X.X)
        protocol: ping, state: dead
                Packet lost: 100.000%
                Number of out-of-sequence packets: 0
                Recovery times(0/5) Fail Times(2/5)
                Packet sent: 18, received: 0, Sequence(sent/rcvd/exp): 19/0/0

PC가 정상적으로 외부로 통신이 가능 합니다.

아래처럼 디폴트 게이트웨이가 Port2로 변경 되었습니다.

FortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [150/0] via 202.14.X.X, port2, [1/0]
C       10.1.1.0/24 is directly connected, port3

INT_SW01에서 int g0/0 no shutdown해서 인터페이스를 살립니다.

en
conf t
int g0/0
no sh

그리고 IP SLA상태를 확인 합니다. Status alive입니다.

FortiGate-VM64-KVM # diagnose sys link-monitor status pri

Link Monitor: pri, Status: alive, Server num(1), HA state: local(alive), shared(alive)
Flags=0x1 init, Create time: Fri Dec 27 18:45:55 2024
Source interface: port1 (3)
Source IP: 202.14.X.X
Interval: 500 ms
Service-detect: disable
Diffservcode: 000000
Class-ID: 0
  Peer: 8.8.8.8(8.8.8.8)
        Source IP(202.14.X.X)
        Route: 202.14.X.X->8.8.8.8/32, gwy(202.14.X.X)
        protocol: ping, state: alive
                Latency(Min/Max/Avg): 3.238/7.040/3.807 ms
                Jitter(Min/Max/Avg): 0.024/3.550/0.523 ms
                Packet lost: 51.000%
                Number of out-of-sequence packets: 0
                Fail Times(0/5)
                Packet sent: 881, received: 49, Sequence(sent/rcvd/exp): 882/882/883

FortiGate-VM64-KVM #

라우팅 테이블을 확인 합니다.

Port2에서 Port1으로 변경 되었습니다.

FortiGate-VM64-KVM # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 202.14.X.X, port1, [1/0]
C       10.1.1.0/24 is directly connected, port3

PC에서 확인 한 결과 정상적으로 동작 중 입니다.

지금까지 [Fortigate-#19]- IP SLA 글을 읽어주셔서 감사합니다.

저작자표시

'FORTINET > FORTIGATE 방화벽' 카테고리의 다른 글

[Fortigate-#21]- DDNS - Dual WAN (1)	2024.12.28
[Fortigate-#20]- DDNS - Single WAN (0)	2024.12.28
[Fortigate-#18]- Explicit Proxy with UTM function (0)	2024.12.23
[Fortigate-#17]- Explicit Proxy (0)	2024.12.23
[Fortigate-#16]- SSL VPN Remote Access - Forticlient (0)	2024.12.12

안녕하세요.

오늘은 PNETLab에 ishare command에 대해서 알아보겠습니다.

EVE-NG는 시뮬레이션 이미지를 직접 다운로드 받아서 EVE-NG에 업로드 해야합니다.

하지만 PNETLab는 자체적으로 시뮬레이션 이미지 파일을 제공합니다.

ishare command 통해서 다운로드 가능 합니다.

putty를 통해서 pnetlab에 접속 합니다.

root@pnetlab:~# ishare search

    Usage ishare [action] [param]

    action:
        search  :   Search images
        pull    :   Download image
        detail  :   Detail information of image
        help    :   Show this help page

    Example
    - ishare search vios
    - ishare pull vios-3.4.5
    - ishare detail vios-3.4.5

root@pnetlab:~#

ishare search 2019 검색해보겠습니다.

root@pnetlab:~# ishare search 2019
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

Traceback (most recent call last):
  File "ishare.py", line 118, in <module>
  File "ishare.py", line 112, in main
  File "ishare.py", line 82, in search
TypeError: 'bool' object has no attribute '__getitem__'

등등 에러 메시지가 발생 합니다. 구글에 검색해보니 ishare제대로 동작안되는거 같습니다.

ishare2를 설치해서 사용 하면 정상적으로 작동합니다.

wget -O /usr/sbin/ishare2 https://raw.githubusercontent.com/ishare2-org/ishare2-cli/main/ishare2 > /dev/null 2>&1 && chmod +x /usr/sbin/ishare2 && ishare2

ishare2가 설치 됩니다.

그냥 디폴트값으로 사용하면 되기때문에 그냥 Enter만 입력합니다.

┌────────────────────────────────────────────────────────────────────────┐
│ Welcome to the ishare2 configuration wizard.                           │
│ - This wizard will guide you through the configuration process.        │
│ - Press Enter to accept the default value.                             │
│ - You can modify the configuration later by running: ishare2 config.   │
│ - Press Ctrl+C to cancel.                                              │
└────────────────────────────────────────────────────────────────────────┘
[+] Use aria2c for faster downloads? (default: no)
[+] (y/n):
[+] Check SSL certificate? (default: yes)
[+] (y/n):
[+] Choose the update channel.
1) alpha
2) beta
3) main
[*] Enter the number of the branch you want to use (default: main):
[!] Using the default branch.
[+] Choose a mirror. (default: Rotate mirrors)
1) Rotate mirrors (recommended)
2) Google Drive mirror
3) Onedrive mirror
4) Custom mirror
[*] Enter the number of the mirror you want to use (default: 1):
[!] ishare2 will rotate among the available mirrors.
┌─────────────────────────────────────────────────────────────┐
│ Configuration completed successfully.                       │
│ You can start using ishare2!                                │
│ [!] IMPORTANT NOTICES:                                      │
│ - ishare2 is a free and open-source project. If you paid    │
│   for it, you have been scammed.                            │
│ - Do not download ishare2 from unofficial sources as they   │
│   may contain arbitrary code.                               │
└─────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ MOTD from the ishare2 team:                                    │
│ Changelog:                                                     │
│ - Fixed bug when doing integrity checks againts qemu images.   │
│                                                                │
│ Telegram: https://t.me/NetLabHub │
│ Donate: https://buymeacoffee.com/sudoalex │
│ GitHub: https://github.com/ishare2-org/ishare2-cli │
└────────────────────────────────────────────────────────────────┘
Syntax

ishare2 [action] [param1] [param2] [--overwrite]

action:
    search      : Search for images available on LabHub mirrors.
    pull        : Download an image by specifying the type and id.
    installed   : Shows images installed on the server.
    labs        : Shows available labs and downloads the images for the selected lab.
    mylabs      : Same as labs command but you can use a customized path.
    relicense   : Generates an iourc license for iol images.
    upgrade     : Shows a menu to upgrade ishare2 or PNETLab.
    test        : Test internet connectivity to required sites.
    help        : Shows full help information.

param1:
    type = all, iol, qemu, dynamips, docker or name.

param2:
    id = This can be obtained using ishare2 search <type>

--overwrite:
    Used to overwrite an existing image if it already exists on your system.

Try: ishare2 help for more information.

ishare2명령어로 2019 이미지를 검색합니다.

제대로 검색 됩니다.

root@pnetlab:~# ishare2 search 2019
┌────────────────────────────────────────────────────────────────┐
│ MOTD from the ishare2 team:                                    │
│ Changelog:                                                     │
│ - Fixed bug when doing integrity checks againts qemu images.   │
│                                                                │
│ Telegram: https://t.me/NetLabHub │
│ Donate: https://buymeacoffee.com/sudoalex │
│ GitHub: https://github.com/ishare2-org/ishare2-cli │
└────────────────────────────────────────────────────────────────┘
=============================
    Available QEMU images
=============================
ID    NAME                                             SIZE
--    ----                                             ----
605   linux-kali-large-2019.3                          11.8 GiB
606   linux-kali-large-2019.3                          4.2 GiB
607   linux-kali-large-2019.3                          4.2 GiB
933   viosl2-adventerprisek9-m-v152_6_0_81_e-20190423  39.2 MiB
935   viosl2-adventerprisek9-m.ssa.high_iron_20190423  42.9 MiB
1220  winserver-2019                                   7.6 GiB
1226  winserver-S2019-R2-x64-rev3                      6.0 GiB

7 QEMU images found for the term: "2019"

============================
    Available IOL images
============================
ID  NAME                                                          SIZE
--  ----                                                          ----
10  i86bi_Linux-L2-Adventerprisek9-ms.SSA.high_iron_20190423.bin  120.4 MiB
17  i86bi_linux_l2-adventerprisek9-ms.SSA.high_iron_20190423.bin  120.4 MiB
18  i86bi_linux_l2-adventerprisek9-ms.SSA.high_iron_20190423.bin  120.4 MiB

3 IOL images found for the term: "2019"

=================================
    Available DYNAMIPS images
=================================
ID  NAME  SIZE
--  ----  ----

No DYNAMIPS images found for the term: "2019"

root@pnetlab:~# ^C

저는 vios 이미지를 다운로드 받아서 설치해보겠습니다.

설치 방법

Usage: ishare2 pull <type> <id>
ishare2 pull <type> all
Types: qemu, iol, dynamips

우선 검색을 합니다.

ishare2 search vios

root@pnetlab:~# ishare2 search vios
┌────────────────────────────────────────────────────────────────┐
│ MOTD from the ishare2 team:                                    │
│ Changelog:                                                     │
│ - Fixed bug when doing integrity checks againts qemu images.   │
│                                                                │
│ Telegram: https://t.me/NetLabHub │
│ Donate: https://buymeacoffee.com/sudoalex │
│ GitHub: https://github.com/ishare2-org/ishare2-cli │
└────────────────────────────────────────────────────────────────┘
=============================
    Available QEMU images
=============================
ID   NAME                                             SIZE
--   ----                                             ----
918  vios-15.5.3M                                     122.0 MiB
919  vios-adventerprisek9-m-15.4-1.3.0-181            116.0 MiB
920  vios-adventerprisek9-m-15.6.2T                   122.5 MiB
921  vios-adventerprisek9-m.SPA.154-3M8               116.4 MiB
922  vios-adventerprisek9-m.SPA.159-3.M2              46.9 MiB
923  vios-adventerprisek9-m.SPA.159-3.M3              54.6 MiB
924  vios-adventerprisek9-m.SPA.159-3.M3              54.2 MiB
925  vios-adventerprisek9-m.SPA.159-3.M4              54.1 MiB
926  vios-adventerprisek9-m.SPA.159-3.M6              54.2 MiB
927  vios-adventerprisek9-m.spa.158-3.m2              54.0 MiB
928  vios-adventerprisek9-m.spa.159-3.m2              47.4 MiB
929  vios-adventerprisek9-http://m.vmdk.SPA.157-3.M3 49.8 MiB
930  viosl2-15.2.4.55e                                92.4 MiB
931  viosl2-adventerpriseK9-M_152_May_2018            102.2 MiB
932  viosl2-adventerprisek9-m-15.2.4055               92.4 MiB
933  viosl2-adventerprisek9-m-v152_6_0_81_e-20190423  39.2 MiB
934  viosl2-adventerprisek9-m.SSA.high_iron_20180619  42.5 MiB
935  viosl2-adventerprisek9-m.ssa.high_iron_20190423  42.9 MiB
936  viosl2-adventerprisek9-m.ssa.high_iron_20200929  85.6 MiB

19 QEMU images found for the term: "vios"

============================
    Available IOL images
============================
ID  NAME  SIZE
--  ----  ----

No IOL images found for the term: "vios"

=================================
    Available DYNAMIPS images
=================================
ID  NAME  SIZE
--  ----  ----

No DYNAMIPS images found for the term: "vios"

root@pnetlab:~#

저는 아래처럼 rotuer이미지 한개, switch 이미지 한개를 설치 하겠습니다.

ID NAME SIZE
-- ---- ----

926 vios-adventerprisek9-m.SPA.159-3.M6 54.2 MiB

932 viosl2-adventerprisek9-m-15.2.4055 92.4 MiB

root@pnetlab:~# ishare2 pull qemu 926
[!] IMAGE INFO
- Image Name       : vios-adventerprisek9-m.SPA.159-3.M6
- Image Size       : 54.2 MiB
- Image Type       : QEMU
- Image ID         : 926
- Image path       : /opt/unetlab/addons/qemu/vios-adventerprisek9-m.SPA.159-3.M6
- Using host       : https://labhub.eu.org
[!] DOWNLOADING IMAGE
/opt/unetlab/addons/qemu/vi 100%[===========================================>]  54.17M  9.17MB/s    in 7.7s
[+] DOWNLOAD COMPLETED!
[-] Extracting: vios-adventerprisek9-http://m.SPA.159-3.M6.tgz file...
[+] Extracted: /opt/unetlab/addons/qemu/vios-adventerprisek9-m.SPA.159-3.M6. Image ready to use.
[-] Fixing permissions...

[+] Fix permissions command has been executed correctly

root@pnetlab:~# ishare2 pull qemu 932
[!] IMAGE INFO
- Image Name       : viosl2-adventerprisek9-m-15.2.4055
- Image Size       : 92.4 MiB
- Image Type       : QEMU
- Image ID         : 932
- Image path       : /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2.4055
- Using host       : https://drive.labhub.eu.org
[!] DOWNLOADING IMAGE
/opt/unetlab/addons/qemu/vi 100%[===========================================>]  92.38M  7.03MB/s    in 12s
[+] DOWNLOAD COMPLETED!
[-] Fixing permissions...

[+] Fix permissions command has been executed correctly
root@pnetlab:~#

이제 PNETLab GUI접속 합니다.

정상적으로 동작 합니다.

지금까지 [PNETLab][#2]- ishare command 글을 읽어주셔서 감사합니다.

저작자표시

'PNETlab' 카테고리의 다른 글

[PNETLab][#7]-Aruba Mobility Controller Install (0)	2025.02.13
[PNETLab][#6]-Aruba CX Switch Install (0)	2025.02.13
[PNETLab][#5]-Aruba ClearPass Install (0)	2025.02.10
[PNETLab][#4]- Arista vEOS Switch Install (0)	2025.02.03
[PNETLab][#1]- Installation on VMware workstation (0)	2024.12.27

안녕하세요.

EVE-NG Community 무료 버전을 사용하고 있는데, SDWAN 테스트 할때 Jitter, Delay등등을 테스트 하기 위해서는 EVE-NG PRO로 업그레이드 해야 합니다.

그래서 이번에 PNETLab를 설치 하고 안정적인지 테스트 해볼 예정입니다. 그리고 만약에 안정적이면 EVE-NG에서 PNETLab으로 옮겨서 테스트 할 예정입니다.

그럼 PNETLab를 설치해보겠습니다.

1. PNETLab 공식 홈페이지에서 PNETLab 설치 파일 OVA을 다운로드 받습니다.

https://pnetlab.com/pages/download

PNETLab : Lab is Simple

Enable virtualization on Vmware

pnetlab.com

2. 저는 제 PC에 VMware Workstation이 설치되어져 있습니다. 여기에 PNETLab를 설치 하겠습니다.

OVA파일을 더블 클릭 합니다.

PNETLab -> Edit Virtual Machine Setting를 클릭 합니다.

제 CPU 정보 입니다.

PNETLab를 실행 합니다.

DHCP를 통해서 IP주소를 받았습니다.

root/pnet 입력 합니다.

새로운 패스워드 입력

새로운 패스워드 다시 한번 입력

디폴트값 사용

DHCP or Static에서 Static 사용

IP주소를 입력 합니다.

Subnet Mask 입력

Default-Gateway 입력

DNS 8.8.8.8 입력

두번째 DNS 입력 8.8.4.4

NTP 없이 ok 버튼 클릭

Direct Connect를 선택하고 OK

기본 설정이 끝났고 재부팅이 됩니다.

로그인 후 Ping 확인

https://192.168.40.250를 브라우저에 입력 합니다.

차이점은 아래와 같습니다.

Online Mode

Need internet to work
Need to register.
Support full functions of PNETLab
You can download and use all Labs on the Store
You can share or sell lab to the Store
Limit 10 accounts (Can be upgraded)

Offline Mode:

Don't need internet to work
Don't need to register. Login by default account: admin/pnet
Support full functions of PNETLab
You can only download and use Open Labs (The Labs with "Open" in the top) on the Store
You can not share or sell lab to the Store
Limit 10 accounts (Can be upgraded but require internet)

저는 Offline으로 설정 하겠습니다.

admin/pnet 입력 하고 로그인 버튼을 클릭 합니다.

정상적으로 로그인 되었습니다.

지금까지 [PNETLab][#1]- Installation on VMware workstation 글을 읽어주셔서 감사합니다.

저작자표시

'PNETlab' 카테고리의 다른 글

[PNETLab][#7]-Aruba Mobility Controller Install (0)	2025.02.13
[PNETLab][#6]-Aruba CX Switch Install (0)	2025.02.13
[PNETLab][#5]-Aruba ClearPass Install (0)	2025.02.10
[PNETLab][#4]- Arista vEOS Switch Install (0)	2025.02.03
[PNETLab][#2]- ishare command (0)	2024.12.27

안녕하세요.

VMware ESXi는 free version과 paid version 2가지가 있는데, 기능과 제약사항은 아래와 같습니다.

	Free vSphere Hypervisor	Paid vSphere Hypervisor
Expiration	No time limits on free version	Not applicable
Evaluation time	60-day trial of Enterprise Plus features	Not applicable
Community Support	VMTN Forums	VMTN Forums
Maximum physical CPUs	2	768 (logical)
Maximum physical memory	16TB	16TB
Maximum vCPUs per VM	8 vCPUs	256 vCPUs
Maximum vRAM per VM	6TB	6TB
Official Support	No	Various SLAs available
Central Management (vCenter)	No	Supported
High Availability (HA)	No	Supported
Storage/Backup API usage (VADP)	No	Yes
Live migration of VMs (vMotion)	No	Supported
Load balancing of VMs (DRS)	No	Supported

VMware ESXi글도 올릴 예정입니다.

저작자표시

안녕하세요.

오늘은 Guest 유저를 위한 WLAN를 생성하고 간단하게 설정에 대해서 알아보겠습니다.

General Page

Profile Name: GUEST_SSID - WLC에서 Profle이름 입니다.

SSID: GUEST_SSID 실제 wifi SSID표시 할 SSID 입니다.

WLAN ID: WLC에서 WLAND ID입니다. 이 부분은 VLAN 정보가 아닙니다.

Status: 이 WLAN를 Disable 또는 Endable 가능 합니다.

Broadcase SSID: SSID를 숨길지 광고 할지 설정 합니다.

Disable를 선택시 PC에서 수동으로 SSID 입력해서 접속 해야 합니다.

Radio Policy: 6G, 5G, 2.4G Enable 또는 Disable해서 광고 가능 합니다.

이번장에서는 암호화 없는 Guest SSID를 생성해보겠습니다.

None를 선택 합니다.

P2P Blocking Action: Drop

GUEST-SSID 접속한 유저들끼리 같은 L2도메인이기 때문에 통신이 가능 합니다.

이 부분을 보안 때문에 Drop 합니다.

per WLAN으로 Client 접속수를 제한을 가능 합니다.

Per AP per WLAN: AP당 WLAN최대 client 접속수

Per AP Radio Per WLAN: 200

즉 2.4G 랑 5G 각각 200명에 Client 허용 가능 합니다.

Load Balancing : 여러 AP들이 있을때 Client를 분배해서 AP에 접속하게 합니다.

Band Select: 5G가 속도가 더 좋기 때문에, PC가 2.4G/5G다 지원하면 5G로 접속 할수 있게 합니다.

2. Configuration -> Tags & Profiles -> Policy

Add버튼을 클릭 합니다.

Name: 이름을 정의 합니다.

Stuats: Policy enable 또는 Disable 합니다.

**** WLAN Switching Policy ****

Central Switching - Enabled 모드이면 AP Data traffic이 CAPWAP tunnel를 통해서 WLC로 전송 되면 Data Traffic를 WLC가 처리 합니다.

Disabled 모드 이면 AP가 직접 Data를 처리 합니다.

Central Authentication - Enabled 모드이면 WLC가 직접 처리 합니다.

Central DHCP -Enabled 모드이면 WLC가 DHCP기능을 수행 합니다.

Policy에 VLAN를 입력 합니다. VLAN이 없으면 WLC에서 VLAN를 생성 합니다.

Policy랑 WLAN이 Mapping이 되면 GUEST-SSID로 User가 붙으면 VLAN 110으로 인식 합니다.

Idel Timeout를 28800으로 변경합니다. idel Timeout되면 SSID disconnect되는 증상을 방지 합니다.

그리고 Apply to Device를 클릭 합니다.

3. Policy Tag 를 생성합니다.

Configuration -> Tags & Orifukes -> Tag -> Policy

Add 버튼을 클릭 합니다.

아래처럼 설정하고 적용 버튼을 클릭 합니다.

4. AP에 새로운 Policy Tag를 적용 합니다.

5. PC에서 SSID를 확인 합니다.

아래처럼 GUEST_SSID가 암호화 없이 접속 가능 하게 표시 됩니다.

6. DHCP 서버가 없어서 IP주소를 못 받아옵니다.

SW에서 DHCP 서버 기능을 설정 합니다.

ip dhcp pool VLAN110
network 192.168.110.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.110.254
!

IP주소를 Clinet에게 할당 하였습니다.

SW01#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address      Client-ID/              Lease expiration        Type       State      Interface
                Hardware address/
                User name
192.168.110.1   013e.6d3f.25af.12       Dec 27 2024 07:16 AM    Automatic  Active     Vlan110
SW01#

WLC에서 GUI Clinet를 확인 합니다.

[C9800CL][#9]- WLAN Guest 지금까지 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#11]- DHCP Relay (SVI) on WLC - Option2 (0)	2025.03.01
[C9800CL][#10]- DHCP Bridging - BackBone SW DHCP - Option1 (0)	2025.03.01
[C9800CL][#8]- Data Interface Redundancy - Port Channel (0)	2024.12.25
[C9800CL][#7]- AP authentication - AP MAC on WLC (0)	2024.12.25
[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24

안녕하세요.

오늘은 Zabbix 7.2 설치해보겠습니다.

Ubuntu 24.04.01 LTS

Zabbix 7.2

https://www.zabbix.com/download?zabbix=7.2&os_distribution=ubuntu&os_version=22.04&components=server_frontend_agent&db=mysql&ws=apache

Download and install Zabbix

Talk to experts Benefit from expert advice and best practices for all Zabbix-related matters Get technical advice Get instant access to a team of Zabbix experts for guaranteed professional support 24x7 Obtain knowledge Focused, comprehensive training for a

www.zabbix.com

Zabbix Version 7.2

Ubuntu

22.04

Server. Frontend, Agent

MySQL

Apache

를 선택하면 설치 방법이 아래 표시 됩니다.

아래 처럼 따라 하면 됩니다.

1. root 권환 획

sudo -s

2. Install Zabbix repository

wget https://repo.zabbix.com/zabbix/7.2/release/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest_7.2+ubuntu24.04_all.deb
dpkg -i zabbix-release_latest_7.2+ubuntu24.04_all.deb
apt update

kevin@kevin-virtual-machine:~$ sudo -s
[sudo] password for kevin:
root@kevin-virtual-machine:/home/kevin# wget https://repo.zabbix.com/zabbix/7.2/release/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest_7.2+ubuntu22.04_all.deb
--2024-12-25 22:23:37--  https://repo.zabbix.com/zabbix/7.2/release/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest_7.2+ubuntu22.04_all.deb
Resolving repo.zabbix.com (repo.zabbix.com)... 178.128.6.101, 2604:a880:2:d0::2062:d001
Connecting to repo.zabbix.com (repo.zabbix.com)|178.128.6.101|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7288 (7,1K) [application/octet-stream]
Saving to: ‘zabbix-release_latest_7.2+ubuntu22.04_all.deb’

zabbix-release_latest_7.2+ubun 100%[===================================================>]   7,12K  --.-KB/s    in 0s

2024-12-25 22:23:38 (1,30 GB/s) - ‘zabbix-release_latest_7.2+ubuntu22.04_all.deb’ saved [7288/7288]

root@kevin-virtual-machine:/home/kevin# dpkg -i zabbix-release_latest_7.2+ubuntu22.04_all.deb
Selecting previously unselected package zabbix-release.
(Reading database ... 166576 files and directories currently installed.)
Preparing to unpack zabbix-release_latest_7.2+ubuntu22.04_all.deb ...
Unpacking zabbix-release (1:7.2-1+ubuntu22.04) ...
Setting up zabbix-release (1:7.2-1+ubuntu22.04) ...
root@kevin-virtual-machine:/home/kevin# apt update
Hit:1 http://id.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://id.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Hit:3 http://id.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:5 https://repo.zabbix.com/zabbix/7.2/release/ubuntu jammy InRelease [2.424 B]
Get:6 https://repo.zabbix.com/zabbix-tools/debian-ubuntu jammy InRelease [2.476 B]
Get:7https://repo.zabbix.com/zabbix/7.2/stable/ubuntu jammy InRelease [3.920 B]
Get:8 https://repo.zabbix.com/zabbix/7.2/release/ubuntu jammy/main Sources [521 B]
Get:9 https://repo.zabbix.com/zabbix/7.2/release/ubuntu jammy/main all Packages [391 B]
Get:10 https://repo.zabbix.com/zabbix-tools/debian-ubuntu jammy/main Sources [1.166 B]
Get:11 https://repo.zabbix.com/zabbix-tools/debian-ubuntu jammy/main all Packages [766 B]
Get:12 http://security.ubuntu.com/ubuntu jammy-security/main i386 Packages [576 kB]
Get:13 https://repo.zabbix.com/zabbix/7.2/stable/ubuntu jammy/main Sources [4.173 B]
Get:14 https://repo.zabbix.com/zabbix/7.2/stable/ubuntu jammy/main amd64 Packages [7.770 B]
Get:15 https://repo.zabbix.com/zabbix/7.2/stable/ubuntu jammy/main all Packages [1.983 B]
Get:16 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [2.006 kB]
Get:17 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [317 kB]
Get:18 http://security.ubuntu.com/ubuntu jammy-security/main amd64 DEP-11 Metadata [43,1 kB]
Get:19 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13,3 kB]
Get:20 http://security.ubuntu.com/ubuntu jammy-security/restricted i386 Packages [38,2 kB]
Get:21 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2.711 kB]
Get:22 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [472 kB]
Get:23 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 DEP-11 Metadata [208 B]
Get:24 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [580 B]
Get:25 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [958 kB]
Get:26 http://security.ubuntu.com/ubuntu jammy-security/universe i386 Packages [648 kB]
Get:27 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [204 kB]
Get:28 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 DEP-11 Metadata [126 kB]
Get:29 http://security.ubuntu.com/ubuntu jammy-security/universe DEP-11 48x48 Icons [82,0 kB]
Get:30 http://security.ubuntu.com/ubuntu jammy-security/universe DEP-11 64x64 Icons [122 kB]
Get:31 http://security.ubuntu.com/ubuntu jammy-security/universe DEP-11 64x64@2 Icons [29 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19,5 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37,6 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/multiverse i386 Packages [1.356 B]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [8.260 B]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 DEP-11 Metadata [208 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/multiverse DEP-11 48x48 Icons [29 B]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/multiverse DEP-11 64x64 Icons [29 B]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/multiverse DEP-11 64x64@2 Icons [29 B]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [224 B]
Fetched 8.667 kB in 9s (980 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository ' https://repo.zabbix.com/zabbix/7.2/stable/ubuntu jammy InRelease' doesn't support architecture 'i386'

3. Zabbix 7.2 install

apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent

root@kevin-VMware-Virtual-Platform:/home/kevin# apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils fonts-dejavu fonts-dejavu-extra fping libapache2-mod-php
  libapache2-mod-php8.3 libapr1t64 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaprutil1t64 libevent-core-2.1-7t64
  libevent-extra-2.1-7t64 libevent-pthreads-2.1-7t64 libmodbus5 libmysqlclient21 libodbc2 libopenipmi0t64 mysql-client
  mysql-client-8.0 mysql-client-core-8.0 mysql-common php-bcmath php-common php-curl php-gd php-ldap php-mbstring php-mysql
  php-xml php8.3-bcmath php8.3-cli php8.3-common php8.3-curl php8.3-gd php8.3-ldap php8.3-mbstring php8.3-mysql
  php8.3-opcache php8.3-readline php8.3-xml snmpd
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom php-pear odbc-postgresql tdsodbc snmptrapd zabbix-nginx-conf
  virtual-mysql-server
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils fonts-dejavu fonts-dejavu-extra fping libapache2-mod-php
  libapache2-mod-php8.3 libapr1t64 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaprutil1t64 libevent-core-2.1-7t64
  libevent-extra-2.1-7t64 libevent-pthreads-2.1-7t64 libmodbus5 libmysqlclient21 libodbc2 libopenipmi0t64 mysql-client
  mysql-client-8.0 mysql-client-core-8.0 mysql-common php-bcmath php-common php-curl php-gd php-ldap php-mbstring php-mysql
  php-xml php8.3-bcmath php8.3-cli php8.3-common php8.3-curl php8.3-gd php8.3-ldap php8.3-mbstring php8.3-mysql
  php8.3-opcache php8.3-readline php8.3-xml snmpd zabbix-agent zabbix-apache-conf zabbix-frontend-php zabbix-server-mysql
  zabbix-sql-scripts
0 upgraded, 49 newly installed, 0 to remove and 7 not upgraded.
Need to get 32.9 MB of archives.
After this operation, 208 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libapr1t64 amd64 1.7.2-3.1ubuntu0.1 [108 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble/main amd64 libaprutil1t64 amd64 1.6.3-1.1ubuntu7 [91.9 kB]
Get:3 https://repo.zabbix.com/zabbix/7.2/stable/ubuntu noble/main amd64 zabbix-server-mysql amd64 1:7.2.1-1+ubuntu24.04 [1,754 kB]
Get:4 http://archive.ubuntu.com/ubuntu noble/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.3-1.1ubuntu7 [11.2 kB]
Get:5 http://archive.ubuntu.com/ubuntu noble/main amd64 libaprutil1-ldap amd64 1.6.3-1.1ubuntu7 [9,116 B]
Get:6 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 apache2-bin amd64 2.4.58-1ubuntu8.5 [1,329 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 apache2-data all 2.4.58-1ubuntu8.5 [163 kB]
Get:8 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 apache2-utils amd64 2.4.58-1ubuntu8.5 [97.1 kB]
Get:9 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 apache2 amd64 2.4.58-1ubuntu8.5 [90.2 kB]
Get:10 http://archive.ubuntu.com/ubuntu noble/main amd64 snmpd amd64 5.9.4+dfsg-1.1ubuntu3 [59.6 kB]
Get:11 http://archive.ubuntu.com/ubuntu noble/main amd64 libevent-core-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [91.3 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble/main amd64 libevent-extra-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [64.2 kB]
Get:13 http://archive.ubuntu.com/ubuntu noble/main amd64 libevent-pthreads-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [7,982 B]
Get:14 http://archive.ubuntu.com/ubuntu noble/main amd64 mysql-common all 5.8+1.1.0build1 [6,746 B]
Get:15 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libmysqlclient21 amd64 8.0.40-0ubuntu0.24.04.1 [1,254 kB]
13% [15 libmysqlclient21 944 kB/1,254 kB 75%] [3 zabbix-server-mysql 98.0 kB/1,754 kB 6%]

4. mysql를 설치 합니다

apt-get install mysql-server

5. mysql를 시작하고 재부팅 되어도 자동으로 실행 되게 설정합니다.

systemctl start mysql
systemctl enable mysql

6. initial database

mysql -uroot -p

default password 없음

mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
mysql> create user zabbix@localhost identified by 'Password123!@#'; ->password는 zabbix user password를 입력 합니다.
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;

root@kevin-VMware-Virtual-Platform:/home/kevin# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.40-0ubuntu0.24.04.1 (Ubuntu)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
Query OK, 1 row affected (0.01 sec)

mysql> create user zabbix@localhost identified by 'Password123!@#';
Query OK, 0 rows affected (0.03 sec)

mysql> grant all privileges on zabbix.* to zabbix@localhost;
Query OK, 0 rows affected (0.01 sec)

mysql> set global log_bin_trust_function_creators = 1;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> quit;
Bye
root@kevin-VMware-Virtual-Platform:/home/kevin#

7. On Zabbix server host import initial schema and data. You will be prompted to enter your newly created password.

zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix

약 3분정도가 소요됩니다. 다른 키보드를 누르지 말고 기다립니다.

root@kevin-VMware-Virtual-Platform:/home/kevin# zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
Enter password:
root@kevin-VMware-Virtual-Platform:/home/kevin#

8. Disable log_bin_trust_function_creators option after importing database schema.

# mysql -uroot -p
password
mysql> set global log_bin_trust_function_creators = 0;
mysql> quit;

9. Configure the database for Zabbix server

vim /etc/zabbix/zabbix_server.conf

vim이 실행되지 않으면 아래와 같이 설치 합니다.

apt-get install vim

DBPassword= password를 입력합니다. 아까 db 생설할때 password입니다.

그리고 저장 합니다.

10. Start Zabbix server and agent processes

systemctl restart zabbix-server zabbix-agent apache2
systemctl enable zabbix-server zabbix-agent apache2

11. http://host/zabbix 입력합니다

디폴트 Username/Password

Admin/zabbix

지금까지 [ZABBIX][#4]-Zabbix 7.2 Install 글을 읽어주셔서 감사합니다.

저작자표시

'NMS Tools > ZABBIX' 카테고리의 다른 글

[ZABBIX][#3]-Ubuntu 24.04.01 update/upgrade (0)	2024.12.25
[ZABBIX][#2]-Ubuntu 24.04.01 ssh install (0)	2024.12.25
[ZABBIX][#1]-Ubuntu 24.04.01 LTS Install (0)	2024.12.25

안녕하세요.

오늘은 Zabbix 설치 하기전에 Ubuntu 24.04.01 package들을 업데이트하고 업그레이드 하겠습니다.

1. 아래 명령어를 입력 합니다.

sudo apt-get update

kevin@kevin-VMware-Virtual-Platform:~$ sudo apt-get update
[sudo] password for kevin:
Get:1 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease
Get:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:4 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [572                     kB]
Get:5 http://archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Get:6 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [111                     kB]
Get:7 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [7,                    256 B]
Get:8 http://security.ubuntu.com/ubuntu noble-security/main Icons (48x48) [11.3                     kB]
Get:9 http://security.ubuntu.com/ubuntu noble-security/main Icons (64x64) [17.1                     kB]
Get:10 http://security.ubuntu.com/ubuntu noble-security/main amd64 c-n-f Metadat                    a [5,892 B]
Get:11 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Package                    s [560 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages [15.0 MB]
Get:13 http://security.ubuntu.com/ubuntu noble-security/restricted Translation-e                    n [108 kB]
Get:14 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Compone                    nts [212 B]
Get:15 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 c-n-f M                    etadata [424 B]
Get:16 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages                     [795 kB]
Get:17 http://security.ubuntu.com/ubuntu noble-security/universe Translation-en                     [169 kB]
Get:18 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Component                    s [52.0 kB]
Get:19 http://security.ubuntu.com/ubuntu noble-security/universe Icons (48x48) [                    47.0 kB]
Get:20 http://security.ubuntu.com/ubuntu noble-security/universe Icons (64x64) [                    73.4 kB]
Get:21 http://security.ubuntu.com/ubuntu noble-security/universe Icons (64x64@2)                     [29 B]
Get:22 http://security.ubuntu.com/ubuntu noble-security/universe amd64 c-n-f Met                    adata [13.5 kB]
Get:23 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Package                    s [12.2 kB]
Get:24 http://security.ubuntu.com/ubuntu noble-security/multiverse Translation-e                    n [2,940 B]
Get:25 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Compone                    nts [208 B]
Get:26 http://security.ubuntu.com/ubuntu noble-security/multiverse Icons (48x48)                     [29 B]
Get:27 http://security.ubuntu.com/ubuntu noble-security/multiverse Icons (64x64)                     [29 B]
Get:28 http://security.ubuntu.com/ubuntu noble-security/multiverse Icons (64x64@                    2) [29 B]
Get:29 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 c-n-f M                    etadata [356 B]
24% [12 Packages 2,964 kB/15.0 MB 20%]

2. 아래 명령어를 입력해서 Upgrade합니다.

sudo apt-get upgrade

아래 처럼 Y를 입력해서 Upgrade 합니다.

kevin@kevin-VMware-Virtual-Platform:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following upgrades have been deferred due to phasing:
  python3-distupgrade ubuntu-release-upgrader-core ubuntu-release-upgrader-gtk
The following packages have been kept back:
  gnome-control-center linux-generic-hwe-24.04 linux-headers-generic-hwe-24.04
  linux-image-generic-hwe-24.04
The following packages will be upgraded:
  acl alsa-ucm-conf amd64-microcode apparmor apport apport-core-dump-handler apport-gtk bubblewrap
  cloud-init cpp-13 cpp-13-x86-64-linux-gnu cups cups-browsed cups-bsd cups-client cups-common
  cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common distro-info-data
  dmidecode dmsetup evince evince-common firmware-sof-signed fwupd gcc-13-base gcc-14-base
  ghostscript gir1.2-glib-2.0 gir1.2-gnomebluetooth-3.0 gir1.2-gstreamer-1.0 gir1.2-gtk-3.0
  gir1.2-javascriptcoregtk-4.1 gir1.2-javascriptcoregtk-6.0 gir1.2-mutter-14 gir1.2-nm-1.0
  gir1.2-packagekitglib-1.0 gir1.2-soup-3.0 gir1.2-webkit-6.0 gir1.2-webkit2-4.1
  gnome-bluetooth-3-common gnome-bluetooth-sendto gnome-control-center-data
  gnome-control-center-faces gnome-initial-setup gnome-shell gnome-shell-common
  gnome-shell-extension-appindicator gnome-shell-extension-ubuntu-dock gstreamer1.0-alsa
  gstreamer1.0-gl gstreamer1.0-packagekit gstreamer1.0-pipewire gstreamer1.0-plugins-base
  gstreamer1.0-plugins-base-apps gstreamer1.0-plugins-good gstreamer1.0-tools gstreamer1.0-x
  gtk-update-icon-cache heif-gdk-pixbuf heif-thumbnailer initramfs-tools initramfs-tools-bin
  initramfs-tools-core intel-microcode ipp-usb krb5-locales ldap-utils libacl1 libapparmor1
  libarchive13t64 libatomic1 libaudit-common libaudit1 libcryptsetup12 libcups2t64
  libcupsfilters2-common libcupsfilters2t64 libcupsimage2t64 libcurl3t64-gnutls libcurl4t64
  libdevmapper1.02.1 libegl-mesa0 libevdocument3-4t64 libevview3-3t64 libexpat1 libfwupd2 libgbm1
  libgcc-s1 libgl1-mesa-dri libglapi-mesa libglib2.0-0t64 libglib2.0-bin libglib2.0-data
  libglx-mesa0 libgnome-bluetooth-3.0-13 libgnome-bluetooth-ui-3.0-13 libgomp1 libgs-common
  libgs10 libgs10-common libgsf-1-114 libgsf-1-common libgssapi-krb5-2 libgstreamer-gl1.0-0
  libgstreamer-plugins-base1.0-0 libgstreamer-plugins-good1.0-0 libgstreamer1.0-0 libgtk-3-0t64
  libgtk-3-bin libgtk-3-common libheif-plugin-aomdec libheif-plugin-aomenc libheif-plugin-libde265
  libheif1 libipa-hbac0t64 libjavascriptcoregtk-4.1-0 libjavascriptcoregtk-6.0-1 libk5crypto3
  libkrb5-3 libkrb5support0 libldap-common libldap2 libmpg123-0t64 libmutter-14-0 libnm0
  libnss-sss libopenjp2-7 libpackagekit-glib2-18 libpam-sss libpipewire-0.3-0t64
  libpipewire-0.3-common libpipewire-0.3-modules libppd2 libppd2-common libproc2-0
  libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 libsoup-2.4-1 libsoup-3.0-0
  libsoup-3.0-common libsoup2.4-common libspa-0.2-bluetooth libspa-0.2-modules libspeex1
  libssl3t64 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libstdc++6 libsysmetrics1 libtiff6
  libudisks2-0 libwebkit2gtk-4.1-0 libwebkitgtk-6.0-4 libxatracker2 linux-firmware linux-libc-dev
  linux-tools-common login mesa-vulkan-drivers mtr-tiny mutter-common mutter-common-bin nano
  network-manager network-manager-config-connectivity-ubuntu openssl openvpn packagekit
  packagekit-tools passwd pipewire pipewire-alsa pipewire-audio pipewire-bin pipewire-pulse procps
  python3-apport python3-pkg-resources python3-problem-report python3-software-properties
  python3-sss python3-update-manager python3-urllib3 python3.12 python3.12-minimal snapd
  software-properties-common software-properties-gtk ssh-import-id sssd sssd-ad sssd-ad-common
  sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy systemd-hwe-hwdb thermald
  ubuntu-advantage-desktop-daemon ubuntu-drivers-common ubuntu-pro-client ubuntu-pro-client-l10n
  ubuntu-report ubuntu-settings udisks2 unzip update-manager update-manager-core vim-common
  vim-tiny xdg-desktop-portal xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-legacy
  xwayland xxd zip
226 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Need to get 718 MB of archives.
After this operation, 23.7 MB of additional disk space will be used.
N: Some packages may have been kept back due to phasing.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 login amd64 1:4.13+dfsg1-4ubuntu3.2 [202 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libexpat1 amd64 2.6.1-2ubuntu0.2 [87.4 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libpython3.12t64 amd64 3.12.3-1ubuntu0.3 [2,333 kB]
0% [3 libpython3.12t64 1,322 kB/2,333 kB 57%]

업그레이드가 완료 될때까지 기다립니다.

kevin@kevin-VMware-Virtual-Platform:~$ sudo apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Hit:2 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu noble-backports InRelease
Reading package lists... Done
kevin@kevin-VMware-Virtual-Platform:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following upgrades have been deferred due to phasing:
  python3-distupgrade ubuntu-release-upgrader-core ubuntu-release-upgrader-gtk
The following packages have been kept back:
  gnome-control-center linux-generic-hwe-24.04 linux-headers-generic-hwe-24.04
  linux-image-generic-hwe-24.04
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
N: Some packages may have been kept back due to phasing.
kevin@kevin-VMware-Virtual-Platform:~$

더이상 업데이트 할것이 없습니다.

지금까지 [ZABBIX][#3]-Ubuntu 24.04.01 update/upgrade 글을 읽어주셔서 감사합니다.

저작자표시

'NMS Tools > ZABBIX' 카테고리의 다른 글

[ZABBIX][#4]-Zabbix 7.2 Install (1)	2024.12.26
[ZABBIX][#2]-Ubuntu 24.04.01 ssh install (0)	2024.12.25
[ZABBIX][#1]-Ubuntu 24.04.01 LTS Install (0)	2024.12.25

안녕하세요.

오늘은 Ubuntu 24.04.01에 ssh server를 설치해서 PC에서 Putty 또는 CRT통해서 접속 하겠습니다.

1. 아래처럼 openssh-server를 설치 합니다.

sudo apt-get install openssh-server

2. 재부팅 되어도 자동으로 ssh server가 실행되도록 아래 명령어를 입력 합니다.

sudo systemctl enable ssh
sudo systemctl status ssh

3. PC에서 putty를 이용해서 192.168.10.117 SSH 접속하면 아래와 같이 접속 가능 합니다.

지금까지 [ZABBIX][#2]-Ubuntu 24.04.01 ssh install 글을 읽어주셔서 감사합니다.

저작자표시

'NMS Tools > ZABBIX' 카테고리의 다른 글

[ZABBIX][#4]-Zabbix 7.2 Install (1)	2024.12.26
[ZABBIX][#3]-Ubuntu 24.04.01 update/upgrade (0)	2024.12.25
[ZABBIX][#1]-Ubuntu 24.04.01 LTS Install (0)	2024.12.25

안녕하세요.

오늘은 ZABBIX를 설치 하기 위해서 Ubuntu 24.04.01 LTS를 VMware ESXi에 설치 해 보겠습니다.

1. VMware ESXi에 접속 합니다. 그리고 VM 생성등록을 클릭 합니다.

2. 새 가상 시스템 생성을 클릭하고 다음을 선택 합니다.

3. 아래 처럼 설정 하고 다음을 클릭 합니다.

4. 스토리지를 선택하고 다음을 클릭 합니다.

5. Ubuntu 24.04.01 설치 ISO를 선택하고 다음을 클릭 합니다.

6. 완료를 클릭 합니다.

7. Install Ubuntu를 선택 합니다.

8.English를 선택하고 Next를 선택 합니다.

9. Next를 선택 합니다.

10. 키보드 US를 선택하고 Next를 선택 합니다.

11. 인터넷 설정은 나중에 하겠습니다.

12. Install Ubuntu를 선택하고 Next버튼을 클릭 합니다.

13. 디폴트 값을 선택하고 next버튼을 클릭 합니다.

14. Next버튼을 클릭 합니다.

15. Next버튼을 클릭 합니다.

16. 디폴트 값을 사용합니다. Next버튼을 클릭 합니다.

17. Usernmae이랑 Password를 입력 합니다.

18. 거주중인 Location 검색해서 선택 합니다.

19. Install 버튼을 클릭 합니다.

20. 설치가 완료 될때까지 기다립니다.

21. 설치가 완료되면 Restart Now버튼을 클릭 합니다.

22. IP주소를 설정합니다.

23. Ping 테스트

지금까지 [ZABBIX][#1]-Ubuntu 24.04.01 LTS Install 글을 읽어주셔서 감사합니다.

저작자표시

'NMS Tools > ZABBIX' 카테고리의 다른 글

[ZABBIX][#4]-Zabbix 7.2 Install (1)	2024.12.26
[ZABBIX][#3]-Ubuntu 24.04.01 update/upgrade (0)	2024.12.25
[ZABBIX][#2]-Ubuntu 24.04.01 ssh install (0)	2024.12.25

안녕하세요.

오늘은 C9800에 Data Interface 2개를 Port Channel로 구성하는 방법에 대해서 알아보겠습니다.

WLC01: Gi3 - MGMT IP vrf MGMT

G1 and G2 - Portchannel 01로 묶고 Trunk 포트로 모든 VLAN를 허용 하게 설정 하겠습니다.

1. WLC GUI에 접속합니다.

Gi1/Gi2를 아래와 같이 설정합니다.

2. Port-channel를 설정합니다.

SW01(config)#int ra g1/0, gi0/3
SW01(config-if-range)#channel-group 1 mode on
SW01(config)#int po 1
SW01(config-if)#sw tr en dot1q
SW01(config-if)#sw mo trunk

Interface Status 확인

SW01#show int status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/0                        connected    trunk        auto   auto unknown
Gi0/1                        connected    trunk        auto   auto unknown
Gi0/2                        connected    100          auto   auto unknown
Gi0/3                        connected    trunk        auto   auto unknown
Gi1/0                        connected    1            auto   auto unknown
Gi1/1                        connected    10           auto   auto unknown
Gi1/2                        connected    20           auto   auto unknown
Gi1/3                        connected    100          auto   auto unknown
Po1                          connected    trunk        auto   auto
SW01#

테스트를 위해서 WLC 아래와 같이 설정 합니다.

VLAN 110

VLAN 120
VLAN 130

SVI 110 - 192.168.110.254

SVI 120 - 192.168.120.254

SVI 130 - 192.168.130.254

VLAN 110를 설정합니다. 그리고 아래 사진처럼 VLAN 120, VLAN 130도 설정 합니다.

2. SVI를 설정 합니다.

아래 사진처럼 SVI 120과 SVI 130도 설정 합니다.

Cisco switch에서

VLAN 110,120,130설정하고 SVI 110,120,130를 설정합니다.

SVI 110: 192.168.110.253

SVI 120: 192.168.120.253

SVI 130: 192.168.130.253

VLAN 설정

SW01(config)#vlan 110
SW01(config-vlan)#vlan 120
SW01(config-vlan)#vlan 130

SW01#show vlan brie

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0
10   VLAN0010                         active    Gi1/1
20   VLAN0020                         active    Gi1/2
30   VLAN0030                         active
100  VLAN0100                         active    Gi0/2, Gi1/3
110  VLAN0110                         active
120  VLAN0120                         active
130  VLAN0130                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
SW01#

SVI 설정

SW01(config)#int vlan 110
SW01(config-if)#ip add 192.168.110.253 255.255.255.0
SW01(config-if)#int vlan 120
SW01(config-if)#ip add 192.168.120.253 255.255.255.0
SW01(config-if)#int vlan 130
SW01(config-if)#ip add 192.168.130.253 255.255.255.0
SW01(config-if)#

SW01#show ip int brie
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  up                    up
GigabitEthernet1/0     unassigned      YES unset  up                    up
GigabitEthernet1/1     unassigned      YES unset  up                    up
GigabitEthernet1/2     unassigned      YES unset  up                    up
GigabitEthernet1/3     unassigned      YES unset  up                    up
Port-channel1          unassigned      YES unset  down                  down
Vlan10                 192.168.10.250  YES NVRAM  administratively down down
Vlan20                 unassigned      YES unset  administratively down down
Vlan100                192.168.100.179 YES NVRAM  up                    up
Vlan110                192.168.110.253 YES manual up                    up
Vlan120                192.168.120.253 YES manual up                    up
Vlan130                192.168.130.253 YES manual up                    up

ping test

SW01#ping 192.168.110.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.110.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
SW01#ping 192.168.120.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.120.254, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/6 ms
SW01#ping 192.168.130.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.130.254, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
SW01#

SW01#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

        A - formed by Auto LAG

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)          -        Gi0/3(P)    Gi1/0(P)

지금까지 [C9800CL][#8]- Data Interface Redundancy - Port Channel 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#10]- DHCP Bridging - BackBone SW DHCP - Option1 (0)	2025.03.01
[C9800CL][#9]- WLAN Guest (0)	2024.12.26
[C9800CL][#7]- AP authentication - AP MAC on WLC (0)	2024.12.25
[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24
[C9800CL][#5]-AP Join Process - DHCP option 43 (1)	2024.12.24

안녕하세요.

오늘은 인가된 AP만 WLC에 등록 가능 하게 설정해보겠습니다.

사용할 방법은 AP MAC주소를 WLC에 등록해서 허가된 AP MAC만 WLC에 등록 할 수 있습니다.

AP IP: DHCP Server로 부터 IP주소를 받아감. 192.168.200.X/24

AP GW: 192.168.200.181

WLC: 192.168.100.182 DHCP option43를 이용함.

1. Configuration -> Security -> AAA 클릭 합니다.

2. AAA Advanced -> AP Policy 에서 Authorized AP aginast MAC를 Enable하고 Apply를 클릭 합니다.

*** 만약에 Default값으로 아래 처럼 설정 안되어져 있으면 추가로 설정 합니다. ***

3. 현재 아래처럼 AP한대가 WLC에 등록 되어져 있습니다.

4. AP를 재부팅 합니다.

5. 약 5분후 - Monitoring -> Wireless -> AP statistics를 클릭해서 AP가 상태를 확인 합니다.

AP가 WLC에게 CAPWAP join request 메시지를 전송하지만 reponse패킷을 받지 못합니다.

그리고 CAPWAP state: DTLS Teardown이 되고, 다시 CAPWAP join request를 보냅니다. 이 과정을 반복합니다.

[*12/25/2024 05:57:51.4299] CAPWAP State: Join
[*12/25/2024 05:57:51.6198] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 05:57:56.3783] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 05:58:01.0569] Sending Join request to 192.168.100.182 through port 5272, packet size 896

[*12/25/2024 05:58:48.1321] CAPWAP State: DTLS Teardown
[*12/25/2024 05:58:48.3621] status 'upgrade.sh: Script called with args:[CANCEL]'
[*12/25/2024 05:58:48.4121] do CANCEL, part2 is active part
[*12/25/2024 05:58:48.4320] status 'upgrade.sh: Cleanup tmp files ...'
[*12/25/2024 05:58:53.0506] dtls_queue_first: Nothing to extract!
[*12/25/2024 05:58:53.0506]
[*12/25/2024 05:58:53.5504] Discovery Response from 192.168.100.182
[*12/25/2024 05:59:04.0000] Started wait dtls timer (60 sec)
[*12/25/2024 05:59:04.0099]
[*12/25/2024 05:59:04.0099] CAPWAP State: DTLS Setup
[*12/25/2024 05:59:04.1799] First connect to vWLC, accept vWLC by default
[*12/25/2024 05:59:04.1799]
[*12/25/2024 05:59:04.1799] dtls_verify_server_cert: vWLC is using SSC, returning 1
[*12/25/2024 05:59:04.2599]
[*12/25/2024 05:59:04.2599] CAPWAP State: Join
[*12/25/2024 05:59:04.4299] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 05:59:09.1284] Sending Join request to 192.168.100.182 through port 5272, packet size 1376

6. Monitoring -> Wireless -. AP Statistics에서 Join Statics를 클릭해서 보시면

아래 사진처럼 AP AUth Failure를 확인 할수 있습니다.

아래 AP MAC주소가 WLC 인가된 AP MAC 주소 리스트에 포함되지 않기 떄문에 AP 등록이 실패 하였습니다.

7. AP MAC주소를 등록 합니다.

Configuration -> Security -> AAA -> AAA Advanced -> Device Authentication -> MAC Address -> Add 버튼을 클릭 합니다.

CLI 에서 AP MAC주소 확인 방법

SG-AP01#show interfaces wired 0
wired0    Link encap:Ethernet  HWaddr C8:84:A1:CC:2F:48
          inet addr: 192.168.200.235  Bcast: 192.168.200.255  Mask: 255.255.255.
0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          collisions:0 txqueuelen:80
          Interrupt:2
          full Duplex, 1000 Mb/s

          5 minute input rate 1268 bits/sec, 1 packets/sec
          5 minute output rate 5067 bits/sec, 1 packets/sec
Wired0 Port Statistics:
RX PKTS    :            1171/8           TX PKTS    :            1171/8
RX BYTES   :          122210/508         TX BYTES   :          122210/508
RX DROPS   :               0/0

아래처럼 입력 합니다.

그리고 특정 시간을 기다립니다.

이번에는 아래처럼 Join Reponse 패킷을 WLC로부터 받았습니다.

[*12/25/2024 06:20:28.8807] CAPWAP State: Discovery
[*12/25/2024 06:20:28.8807] Got WLC address 192.168.100.182 from DHCP.
[*12/25/2024 06:20:29.1006] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1)
[*12/25/2024 06:20:29.3005] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*12/25/2024 06:20:29.3005] Discovery Response from 192.168.100.182
[*12/25/2024 06:20:39.0000] Started wait dtls timer (60 sec)
[*12/25/2024 06:20:39.0099]
[*12/25/2024 06:20:39.0099] CAPWAP State: DTLS Setup
[*12/25/2024 06:20:39.1099] First connect to vWLC, accept vWLC by default
[*12/25/2024 06:20:39.1099]
[*12/25/2024 06:20:39.1199] dtls_verify_server_cert: vWLC is using SSC, returning 1
[*12/25/2024 06:20:39.1799]
[*12/25/2024 06:20:39.1799] CAPWAP State: Join
[*12/25/2024 06:20:39.3399] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 06:20:43.9185] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 06:20:44.1484] Join Response from 192.168.100.182, packet size 1397
[*12/25/2024 06:20:44.1484] AC accepted previous sent request with result code: 0
[*12/25/2024 06:20:44.1484] Received wlcType 0, timer 30
[*12/25/2024 06:20:44.2584] nss_capwapmgr_enable_tunnel[1682]:ef30e800: tunnel 0 is already enabled
[*12/25/2024 06:20:44.2783]
[*12/25/2024 06:20:44.2783] CAPWAP State: Image Data
[*12/25/2024 06:20:44.2883] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107
[*12/25/2024 06:20:44.2883] Version is the same, do not need update.
[*12/25/2024 06:20:44.3583] status 'upgrade.sh: Script called with args:[NO_UPGRADE]'
[*12/25/2024 06:20:44.3983] do NO_UPGRADE, part2 is active part
[*12/25/2024 06:20:44.4183]
[*12/25/2024 06:20:44.4183] CAPWAP State: Configure
[*12/25/2024 06:20:44.6382] Radio [2] Administrative state DISABLED  change to ENABLED
[*12/25/2024 06:20:44.6382] Radio [1] Administrative state DISABLED  change to ENABLED
[*12/25/2024 06:20:44.6382] Radio [0] Administrative state DISABLED  change to ENABLED
[*12/25/2024 06:20:45.3880]
[*12/25/2024 06:20:45.3880] CAPWAP State: Run
[*12/25/2024 06:20:45.4680] AP has joined controller WLC01
[*12/25/2024 06:20:45.4680] Flexconnect Switching to Connected Mode!
[*12/25/2024 06:20:46.0678] Previous AP mode is 2, change to 2
[*12/25/2024 06:20:46.0778] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes
[*12/25/2024 06:20:46.0778]
[*12/25/2024 06:20:46.3377] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes
[*12/25/2024 06:20:46.3377]
[*12/25/2024 06:20:46.3577] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes
[*12/25/2024 06:20:46.3577]
[*12/25/2024 06:20:46.4177] chpasswd: password for user changed
[*12/25/2024 06:20:46.4677] chpasswd: password for user changed
[*12/25/2024 06:20:46.6376]
[*12/25/2024 06:20:46.6376] Same LSC mode, no action needed
[*12/25/2024 06:20:46.9275] Same value is already set.
[*12/25/2024 06:20:47.2374] USB Device Disconnected from the AP
[*12/25/2024 06:20:47.3974] Got WSA Server config TLVs
[*12/25/2024 06:20:48.7270] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10
[*12/25/2024 06:20:50.4064] SD AVC only supports 802.11ax AP
[*12/25/2024 06:20:50.5664] Re-Tx Count=1, Max Re-Tx Value=5, SendSeqNum=16, NumofPendingMsgs=1
[*12/25/2024 06:20:50.5664]
[*12/25/2024 06:20:50.8163] DOT11_DRV[0]: Stop Radio0 - Begin
[*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Stop Radio0 - End
[*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Start Radio0 - Begin
[*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Start Radio0 - End
[*12/25/2024 06:20:53.0756]  **** CAC start for 62 seconds for radio 1 ****
[*12/25/2024 06:21:15.6385] netlink socket init done, pnl->spectral_fd=4
[*12/25/2024 06:21:15.6385] CLEANAIR: Slot 0 admin disabled
[*12/25/2024 06:21:16.6382] CLEANAIR: Slot 1 admin disabled
[*12/25/2024 06:21:55.1962] cac_timeout cac expired, chan 5560 curr time 306
[*12/25/2024 06:21:55.1962]  **** CAC stop for radio 1 ****

Username:
Username:
% Authentication failed

아래 사진처럼 AP가 WLC에 등록 되었습니다.

시간이 지나도 AP는 계속 UP상태 입니다. 그 이유는 이미 WLC등록되어기 때문에, 다시 AP Authentication를 확인 하지 않습니다.

AP를 재부팅 합니다.

재부팅후에는 다시 AP authentication를 시도해야합니다. 하지만 WLC에서 AP MAC주소를 제거 했기 떄문에, 아래처럼 인증 실패로 표시 됩니다.

지금까지 [C9800CL][#7]- AP authentication - AP Mac Filter 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#9]- WLAN Guest (0)	2024.12.26
[C9800CL][#8]- Data Interface Redundancy - Port Channel (0)	2024.12.25
[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24
[C9800CL][#5]-AP Join Process - DHCP option 43 (1)	2024.12.24
[C9800CL][#4]-AP Join Process - Manual Method (0)	2024.12.24

안녕하세요.

이번에는 AP hostname를 이용해서 WLC에 policy tag, site tag, rf tag를 할당 하는 방법에 대해서 알아보겠습니다.

예제) WLC는 AWS 또는 Azure에서 동작중에 있습니다.

Office는 아래와 같이 3군데가 있습니다.

1. Singpoare office - AP hostname pattern - SG-AP0X

2. Korea office - AP hostname pattern - KR-AP0X

3. Japan office - AP hostname pattern - JP-AP0X

AP hostname이 SG-AP0X로 시작하면, policy tag, site tag, rf tag 모두다 SG tag가 AP에 할당 됩니다.

AP hostname이 KR-AP0X로 시작하면, policy tag, site tag, rf tag 모두다 KR tag가 AP에 할당 됩니다.

WLC에서 Hostnmae Filter를 이용해서 위와 같이 정책을 사용 할수 있습니다.

1. 테스트를 위해서 WLAN를 생성 합니다.

WLAN 설정 방법 예제)

2. VLAN를 생성합니다.

테스트를 위해서 VLAN은 아래와 같습니다.

VLAN10 - SG-WLAN

VLAN20 - KR-WLAN

VLAN30 - JP-WLAN

설정 방법 예

3. Policy profile를 설정 합니다.

위와 똑같이 KR-POLICY-PROFILE, JP-POLICY-PROFILE를 생성 합니다.

4. POLICY TAG를 설정 합니다.

똑같이 KR-POLICY-TAG, JP-POLICY-TAG를 생성 합니다.

5. SITE-TAG를 설정 합니다.

SG-SITE-TAG와 JP-SITE-TAG를 생성 합니다.

6. RF-TAG를 설정 합니다.

KR-RF-TAG랑 JP-RF-TAG를 생성 합니다.

이번에는 실제로 테스트 하기 위해서 Filter를 사용 해서 각 TAG들을 나라별로 적용해보겠습니다.

Singapore AP Filter

Korea AP Filter 와 Japan AP Filter를 생성 합니다.

현재 AP 한대가 WLC에 등록 되어져 있습니다.

현재 모두다 default tag를 할당 받았습니다.

Test01 - Hostname를 SG-AP01로 변경 하고 TAG를 확인해보겠습니다.

하지만 Tag가 변경되지 않습니다. AP를 재부팅해서 새로운 TAG를 적용되게 합니다.

위에 사진처럼 SG-AP01이기 떄문에 SG policy tag site tag rf tag를 받아왔습니다.

이번에는 AP 이름을 KR-AP01로 변경하고 capwap reset해보겠습니다.

지금까지 [C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#8]- Data Interface Redundancy - Port Channel (0)	2024.12.25
[C9800CL][#7]- AP authentication - AP MAC on WLC (0)	2024.12.25
[C9800CL][#5]-AP Join Process - DHCP option 43 (1)	2024.12.24
[C9800CL][#4]-AP Join Process - Manual Method (0)	2024.12.24
[C9800CL][#3]-AP Join Process (0)	2024.12.24

안녕하세요.

오늘은 AP를 DHCP option43를 이용해서 WLC에 등록 하겠습니다.

AP IP: 192.168.200.200

AP GW: 192.168.200.181

WLC: 192.168.100.182

현재 AP가 SW에 연결되어져 있습니다. cisco SW를 DHCP서버로 동작시켜서 IP/GW/WLC 주소를 할당 하도록 하겠습니다.

DHCP option43를 사용 하기 위해서는 16진수 값을 알아야 합니다.

가장 쉬운 방법이 google에서 dhcp option43 calculaution를 검색하면 여러가지 사이트가 나옵니다.

https://wifiwizardofoz.com/dhcp-option-43-calculator/

DHCP Option 43 Calculator

Effortlessly generate DHCP Option 43 values for common wireless vendors. An invaluable tool for network administrators and IT professionals.

wifiwizardofoz.com

Your DHCP option 43 value is: f104c0a864b6

This is derived using the following formula:

<Type> + <Length> + <Value> where:

Type: Sub-option code 241, used to define a method for Cisco Lightweight APs, represented in hex (f1)

Length: Number of controller IP addresses to be supplied - multiplied by 4, represented in hex (04)

Value: List of Cisco WLC IP addresses, represented in hex(c0a864b6)

1. 스위치에서 DHCP 서버를 설정합니다

ip dhcp pool AP-MGMT-POOL
network 192.168.200.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.200.181
option 43 hex f104.c0a8.64b6

2. AP에서 IP주소를 확인 합니다

APC884.A1CC.2F48#show ip interface
  brief  Brief summary of IP status and configuration
APC884.A1CC.2F48#show ip interface brief
Interface            IP-Address      Method   Status                 Protocol
Speed      Duplex
wired0               192.168.200.1   DHCP     up                     up
1000       full
wired1               n/a             n/a      administatively down   down
n/a        n/a
auxiliary-client     unassigned      unset    up                     up
n/a        n/a
wifi0                n/a             n/a      administatively down   down
n/a        n/a
wifi1                n/a             n/a      administatively down   down
n/a        n/a

3. switch에서 IP주소 Binding를 확인 합니다

SW1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.200.1       01c8.84a1.cc2f.48       Dec 25 2024 11:09 AM    Automatic
SW1#

4. 아래처럼 capwap 명령어로도 확인 가능 합니다.

APC884.A1CC.2F48#show capwap ip
  config  CAPWAP IP static configuration
APC884.A1CC.2F48#show capwap ip config
IP Address                         : 192.168.200.1
IP netmask                         : 255.255.255.0
Default Gateway                    : 192.168.200.181

5. 패킷 상황

[*12/24/2024 10:49:41.9079] pid 4559's new affinity mask: 1
[*12/24/2024 10:49:42.0079] hostapd:failed to open wcp socket
[*12/24/2024 10:49:42.2878] device aptrace0 entered promiscuous mode
[*12/24/2024 10:49:43.0275] pid 4632's current affinity mask: 3
[*12/24/2024 10:49:43.0275] pid 4632's new affinity mask: 1
[*12/24/2024 10:49:43.6273] USB not initialized
[*12/24/2024 10:49:44.0372] chpasswd: password for user changed
[*12/24/2024 10:49:45.0069] ethernet_port wired0, ip 192.168.200.1, netmask 255.255.255.0, gw 192.168.200.181, mtu 1500, bcast 192.168.200.255, dns1 8.8.8.8, vid 0, static_ip_failover false, dhcp_vlan_failover false
[*12/24/2024 10:49:46.0366] Check whether client_ip_table entry need to be cleared 0
[*12/24/2024 10:49:46.0366] Clearing client entry
[*12/24/2024 10:49:46.1366] DOT11_TXP[0]:Domain configured: 1 class:E
[*12/24/2024 10:49:46.3365] DOT11_TXP[0]:Regdb file: /radio_fw/AP1852I_power_table_mapping.txt
[*12/24/2024 10:49:46.3665] DOT11_TXP[1]:Domain configured: 14 class:S
[*12/24/2024 10:49:46.8263] /etc/dnsmasq.host.conf:
[*12/24/2024 10:49:46.8363] no-resolv
[*12/24/2024 10:49:46.8363] pid-file=/var/run/dnsmasq.host.pid
[*12/24/2024 10:49:46.8363] port=53
[*12/24/2024 10:49:46.8363] min-port=61000
[*12/24/2024 10:49:46.8363] server=8.8.8.8
[*12/24/2024 10:49:46.8363] bind-interfaces
[*12/24/2024 10:49:46.8363] interface=lo
[*12/24/2024 10:49:47.1363] DOT11_TXP[1]:Regdb file: /radio_fw/AP1852I_power_table_mapping.txt
[*12/24/2024 10:49:47.4661] DOT11_DRV[1]: vendor_set_slot_capability: slot 1, radio_service_type 0
[*12/24/2024 10:49:47.4661] DOT11_DRV[1]: Init Radio1
[*12/24/2024 10:49:47.4961] DOT11_DRV[1]: set_channel Channel set to 36
[*12/24/2024 10:49:47.5261] DOT11_DRV[0]: vendor_set_slot_capability: slot 0, radio_service_type 0
[*12/24/2024 10:49:47.5261] DOT11_DRV[0]: Init Radio0
[*12/24/2024 10:49:47.5561] DOT11_DRV[0]: set_channel Channel set to 6
[*12/24/2024 10:49:47.9660] DOT11_DRV[0]: set_channel Channel set to 1
[*12/24/2024 10:49:47.9760] DOT11_DRV[0]: Channel set to 1, width 20
[*12/24/2024 10:49:47.9760] DOT11_DRV[0]: Channel set to 1 skipped
[*12/24/2024 10:49:48.3559] DOT11_DRV[0]: Channel set to 1, width 20
[*12/24/2024 10:49:48.3559] DOT11_DRV[0]: Channel set to 1 skipped
[*12/24/2024 10:49:48.4358] DOT11_DRV[1]: set_channel Channel set to 36
[*12/24/2024 10:49:48.4358] DOT11_DRV[1]: Channel set to 36, width 20
[*12/24/2024 10:49:48.4358] DOT11_DRV[1]: Channel set to 36 skipped
[*12/24/2024 10:49:48.5258] DOT11_DRV[1]: Channel set to 36, width 20
[*12/24/2024 10:49:48.5258] DOT11_DRV[1]: Channel set to 36 skipped
[*12/24/2024 10:49:54.5839] pid 4895's current affinity mask: 3
[*12/24/2024 10:49:54.5839] pid 4895's new affinity mask: 1
[*12/24/2024 10:49:55.2737] AP IPv4 Address updated from 0.0.0.0 to 192.168.200.1
[*12/24/2024 10:49:58.9726] dtls_init: Use MIC certificate
[*12/24/2024 10:49:59.2825]
[*12/24/2024 10:49:59.2825] CAPWAP State: Init
[*12/24/2024 10:50:08.5096] PNP:Server not reachable, Start CAPWAP Discovery
[*12/24/2024 10:50:08.5196]
[*12/24/2024 10:50:08.5196] CAPWAP State: Discovery
[*12/24/2024 10:50:08.5196] Got WLC address 192.168.100.182 from DHCP.
[*12/24/2024 10:50:08.7295] Discovery Request sent to 192.168.100.182, discovery type DHCP(2)
[*12/24/2024 10:50:08.7795] Discovery Response from 192.168.100.182
[*12/24/2024 10:50:08.9294] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*12/24/2024 10:50:08.9494]
[*12/24/2024 10:50:08.9494] CAPWAP State: Discovery
[*12/24/2024 11:24:00.0000] Started wait dtls timer (60 sec)
[*12/24/2024 11:24:00.0000]
[*12/24/2024 11:24:00.0000] CAPWAP State: DTLS Setup
[*12/24/2024 11:24:00.0999] First connect to vWLC, accept vWLC by default
[*12/24/2024 11:24:00.0999]
[*12/24/2024 11:24:00.1099] dtls_verify_server_cert: vWLC is using SSC, returning 1
[*12/24/2024 11:24:00.1699]
[*12/24/2024 11:24:00.1699] CAPWAP State: Join
[*12/24/2024 11:24:00.3499] Sending Join request to 192.168.100.182 through port 5248, packet size 1376
[*12/24/2024 11:24:02.5492]
[*12/24/2024 11:24:02.5492] phy_value=0: org="0x1800" phy_reg="0x1000"
[*12/24/2024 11:24:02.5592] device wired1 left promiscuous mode
[*12/24/2024 11:24:02.5592]
[*12/24/2024 11:24:02.5592] Detect link-status changed !!
[*12/24/2024 11:24:02.5592] wired1 ADDED
[*12/24/2024 11:24:04.9185] Sending Join request to 192.168.100.182 through port 5248, packet size 1376
[*12/24/2024 11:24:05.0184] Join Response from 192.168.100.182, packet size 1397
[*12/24/2024 11:24:05.0184] AC accepted previous sent request with result code: 0
[*12/24/2024 11:24:05.0184] Received wlcType 0, timer 30
[*12/24/2024 11:24:05.0684] nss_capwapmgr_enable_tunnel[1682]:c5b68000: tunnel 0 is already enabled
[*12/24/2024 11:24:05.1284]
[*12/24/2024 11:24:05.1284] CAPWAP State: Image Data
[*12/24/2024 11:24:05.1284] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107
[*12/24/2024 11:24:05.1284] Version is the same, do not need update.
[*12/24/2024 11:24:05.1884] status 'upgrade.sh: Script called with args:[NO_UPGRADE]'
[*12/24/2024 11:24:05.2384] do NO_UPGRADE, part2 is active part
[*12/24/2024 11:24:05.2584]
[*12/24/2024 11:24:05.2584] CAPWAP State: Configure
[*12/24/2024 11:24:05.2584] Telnet is not supported by AP, should not encode this payload
[*12/24/2024 11:24:05.4683] Radio [2] Administrative state DISABLED  change to ENABLED
[*12/24/2024 11:24:05.4683] Radio [1] Administrative state DISABLED  change to ENABLED
[*12/24/2024 11:24:05.4683] Radio [0] Administrative state DISABLED  change to ENABLED
[*12/24/2024 11:24:05.4783] DOT11_CFG[1]: Starting radio 1
[*12/24/2024 11:24:05.4783] DOT11_DRV[1]: Start Radio1 - Begin
[*12/24/2024 11:24:05.4783] DOT11_DRV[1]: Start Radio1 - End
[*12/24/2024 11:24:05.4783] DOT11_CFG[0]: Starting radio 0
[*12/24/2024 11:24:05.4783] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 11:24:05.4883] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 11:24:05.9681] Radio Authority: no country code
[*12/24/2024 11:24:05.9881] Cannot open CDUMP_COUNT!
[*12/24/2024 11:24:06.1081]
[*12/24/2024 11:24:06.1081] CAPWAP State: Run
[*12/24/2024 11:24:06.1881] AP has joined controller WLC01
[*12/24/2024 11:24:06.2980] Previous AP mode is 0, change to 2
[*12/24/2024 11:24:06.3080] DOT11_CFG[0] Radio Mode is changed from Local to FlexConnect
[*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Stop Radio0 - Begin
[*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Stop Radio0 - End
[*12/24/2024 11:24:06.3080] DOT11_CFG[0]: Starting radio 0
[*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 11:24:06.3180] DOT11_CFG[1] Radio Mode is changed from Local to FlexConnect
[*12/24/2024 11:24:06.3180] DOT11_DRV[1]: Stop Radio1 - Begin
[*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Stop Radio1 - End
[*12/24/2024 11:24:06.3280] DOT11_CFG[1]: Starting radio 1
[*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Start Radio1 - Begin
[*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Start Radio1 - End
[*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Stop Radio0 - Begin
[*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Stop Radio0 - End
[*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 11:24:06.8778] USB Device Disconnected from the AP
[*12/24/2024 11:24:07.0678] syslog level is being set to 70
[*12/24/2024 11:24:07.0678]
[*12/24/2024 11:24:07.1078] Previous AP mode is 2, change to 2
[*12/24/2024 11:24:07.1378] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 11:24:07.1378]
[*12/24/2024 11:24:07.3577] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 11:24:07.3577]
[*12/24/2024 11:24:07.3777] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 11:24:07.3777]
[*12/24/2024 11:24:07.4377] chpasswd: password for user changed
[*12/24/2024 11:24:07.4877] chpasswd: password for user changed
[*12/24/2024 11:24:07.6476]
[*12/24/2024 11:24:07.6476] Same LSC mode, no action needed
[*12/24/2024 11:24:07.6476] Cannot open CDUMP_COUNT!
[*12/24/2024 11:24:07.9275] Same value is already set.
[*12/24/2024 11:24:08.3674] Got WSA Server config TLVs
[*12/24/2024 11:24:09.5470] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10
[*12/24/2024 11:24:11.2565] SD AVC only supports 802.11ax AP
[*12/24/2024 11:24:11.7963] AP tag  change to default-policy-tag
[*12/24/2024 11:24:32.6698] ip6_port srcr2, ip6local fe80::ca84:a1ff:fecc:2f48, ip6 ::, plen 0, gw6 ::, gw6_mac 00:00:00:00:00:00, mtu 1500, vid 0, mode6 2(slaac)
[*12/24/2024 11:24:34.6392] netlink socket init done, pnl->spectral_fd=4
[*12/24/2024 11:24:34.6392] CLEANAIR: Slot 0 admin disabled
[*12/24/2024 11:24:36.6385] CLEANAIR: Slot 1 admin disabled

6. WLC GUI에서 AP 등록 되었는지 확인 합니다.

별도 설정이 없으면, AP가 WLC에 붙으면 Policy Tag, Site Tag, RF Tag, Location이 Default로 설정 됩니다.

지금까지 [C9800CL][#5]-AP Join Process - DHCP option 43 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#7]- AP authentication - AP MAC on WLC (0)	2024.12.25
[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24
[C9800CL][#4]-AP Join Process - Manual Method (0)	2024.12.24
[C9800CL][#3]-AP Join Process (0)	2024.12.24
[C9800CL][#2]-AP Installation with existing WLC (1)	2024.10.23

안녕하세요.

오늘은 AP를 직접 IP주소랑 Default Gateway를 설정하고 WLC에 Manuall하게 등록해 보겠습니다.

테스트 IP주소 입니다.

AP IP: 192.168.200.200

AP GW: 192.168.200.181

WLC: 192.168.100.182

AP주소를 초기에 설정시 아래와 같이 Username/Passowrd는 Cisco 입니다.

Username: Cisco
Password: Cisco
APC884.A1CC.2F48>en
Password: Cisco
APC884.A1CC.2F48#

1. AP에 IP주소랑 Gateway를 설정 합니다.

capwap ap ip 192.168.200.200 255.255.255.0 192.168.200.181

IP주소를 입력하면 CAPWAP discovery 패킷을 Broadcase를 사용 해서 전송 하고 있습니다.

하지만 AP랑 WLC가 같은 L2도메인 안에 없기 때문에, WLC 찾을수 없습니다.

[*12/24/2024 10:37:43.9513] Check whether client_ip_table entry need to be cleared 0
[*12/24/2024 10:37:43.9613] Clearing client entry
[*12/24/2024 10:37:46.6105] AP IPv4 Address updated from 0.0.0.0 to 192.168.200.200
[*12/24/2024 10:37:46.6305] send CAPWAP ctrl msg to the socket: Socket operation on non-socket
[*12/24/2024 10:37:46.6305] dtls_init: Use MIC certificate
[*12/24/2024 10:37:46.9404]
[*12/24/2024 10:37:46.9404] CAPWAP State: Init
[*12/24/2024 10:38:02.6655] PNP:Server not reachable, Start CAPWAP Discovery
[*12/24/2024 10:38:02.6855]
[*12/24/2024 10:38:02.6855] CAPWAP State: Discovery
[*12/24/2024 10:38:02.8954] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*12/24/2024 10:38:02.9054]
[*12/24/2024 10:38:02.9054] CAPWAP State: Discovery

2. AP Hostname를 변경하고 WLC주소를 입력합니다.

APC884.A1CC.2F48#capwap ap hostname AP01
APC884.A1CC.2F48#capwap ap primary-base WLC01 192.168.100.182

아래처럼 WLC가 Discovery Response 패킷을 전송하였습니다.

그리고 Found Confirued WLC01 이후 DTLS setup 시작 합니다.

[*12/24/2024 10:40:01.2284] CAPWAP State: Discovery
[*12/24/2024 10:40:01.4283] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1)
[*12/24/2024 10:40:01.6383] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1)
[*12/24/2024 10:40:01.8382] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*12/24/2024 10:40:01.8482] Discovery Response from 192.168.100.182
[*12/24/2024 10:40:01.8482] Found Configured MWAR 'WLC01' (respIdx 0).
[*12/24/2024 10:41:34.0000] Started wait dtls timer (60 sec)
[*12/24/2024 10:41:34.0000]
[*12/24/2024 10:41:34.0000] CAPWAP State: DTLS Setup
[*12/24/2024 10:41:34.0399] Invalid event 2 & state 3 combination.
[*12/24/2024 10:41:34.0399] CAPWAP SM handler: Failed to process message type 2 state 3.
[*12/24/2024 10:41:34.0399] Failed to handle capwap control message from controller - status 1
[*12/24/2024 10:41:34.0399] Failed to process unencrypted capwap packet 0x2c1ab000 from 192.168.100.182
[*12/24/2024 10:41:34.0399] Failed to send capwap message 0 to the state machine. Packet already freed.
[*12/24/2024 10:41:34.0999] First connect to vWLC, accept vWLC by default
[*12/24/2024 10:41:34.0999]
[*12/24/2024 10:41:34.1399] dtls_verify_server_cert: vWLC is using SSC, returning 1
[*12/24/2024 10:41:34.2099]
[*12/24/2024 10:41:34.2099] CAPWAP State: Join
[*12/24/2024 10:41:34.3699] Sending Join request to 192.168.100.182 through port 5248, packet size 1376
[*12/24/2024 10:41:39.0884] Sending Join request to 192.168.100.182 through port 5248, packet size 1376
[*12/24/2024 10:41:39.1784] Join Response from 192.168.100.182, packet size 1397
[*12/24/2024 10:41:39.1784] AC accepted previous sent request with result code: 0
[*12/24/2024 10:41:39.1784] Received wlcType 0, timer 30
[*12/24/2024 10:41:39.2284] nss_capwapmgr_enable_tunnel[1682]:ef30c000: tunnel 0 is already enabled
[*12/24/2024 10:41:39.3183]
[*12/24/2024 10:41:39.3183] CAPWAP State: Image Data
[*12/24/2024 10:41:39.3183] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107
[*12/24/2024 10:41:39.3183] Version is the same, do not need update.
[*12/24/2024 10:41:39.3883] status 'upgrade.sh: Script called with args:[NO_UPGRADE]'
[*12/24/2024 10:41:39.4383] do NO_UPGRADE, part2 is active part
[*12/24/2024 10:41:39.4483]
[*12/24/2024 10:41:39.4483] CAPWAP State: Configure
[*12/24/2024 10:41:39.6682] Radio [2] Administrative state DISABLED  change to ENABLED
[*12/24/2024 10:41:39.6782] Radio [1] Administrative state DISABLED  change to ENABLED
[*12/24/2024 10:41:39.6782] Radio [0] Administrative state DISABLED  change to ENABLED
[*12/24/2024 10:41:39.6782] DOT11_CFG[1]: Starting radio 1
[*12/24/2024 10:41:39.6782] DOT11_DRV[1]: Start Radio1 - Begin
[*12/24/2024 10:41:39.6782] DOT11_DRV[1]: Start Radio1 - End
[*12/24/2024 10:41:39.6782] DOT11_CFG[0]: Starting radio 0
[*12/24/2024 10:41:39.6782] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 10:41:39.6882] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 10:41:40.1481] Radio Authority: no country code
[*12/24/2024 10:41:40.1581] Cannot open CDUMP_COUNT!
[*12/24/2024 10:41:40.2680]
[*12/24/2024 10:41:40.2680] CAPWAP State: Run
[*12/24/2024 10:41:40.3480] AP has joined controller WLC01
[*12/24/2024 10:41:40.3980] Previous AP mode is 0, change to 2
[*12/24/2024 10:41:40.4080] DOT11_CFG[0] Radio Mode is changed from Local to FlexConnect
[*12/24/2024 10:41:40.4280] DOT11_DRV[0]: Stop Radio0 - Begin
[*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Stop Radio0 - End
[*12/24/2024 10:41:40.4380] DOT11_CFG[0]: Starting radio 0
[*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 10:41:40.4380] DOT11_CFG[1] Radio Mode is changed from Local to FlexConnect
[*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Stop Radio1 - Begin
[*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Stop Radio1 - End
[*12/24/2024 10:41:40.4480] DOT11_CFG[1]: Starting radio 1
[*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Start Radio1 - Begin
[*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Start Radio1 - End
[*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Stop Radio0 - Begin
[*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Stop Radio0 - End
[*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Start Radio0 - Begin
[*12/24/2024 10:41:40.5879] DOT11_DRV[0]: Start Radio0 - End
[*12/24/2024 10:41:41.1178] syslog level is being set to 70
[*12/24/2024 10:41:41.1178]
[*12/24/2024 10:41:41.1578] Previous AP mode is 2, change to 2
[*12/24/2024 10:41:41.1678] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 10:41:41.1678]
[*12/24/2024 10:41:41.3977] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 10:41:41.3977]
[*12/24/2024 10:41:41.4177] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes
[*12/24/2024 10:41:41.4177]
[*12/24/2024 10:41:41.4777] chpasswd: password for user changed
[*12/24/2024 10:41:41.4977] USB Device Disconnected from the AP
[*12/24/2024 10:41:41.5376] chpasswd: password for user changed
[*12/24/2024 10:41:41.7176]
[*12/24/2024 10:41:41.7176] Same LSC mode, no action needed
[*12/24/2024 10:41:41.7176] Cannot open CDUMP_COUNT!
[*12/24/2024 10:41:41.8975] Same value is already set.
[*12/24/2024 10:41:42.3374] Got WSA Server config TLVs
[*12/24/2024 10:41:43.6270] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10
[*12/24/2024 10:41:45.3265] SD AVC only supports 802.11ax AP
[*12/24/2024 10:41:45.8563] AP tag  change to default-policy-tag
[*12/24/2024 10:42:08.7391] netlink socket init done, pnl->spectral_fd=4
[*12/24/2024 10:42:08.7391] CLEANAIR: Slot 0 admin disabled
[*12/24/2024 10:42:10.7385] CLEANAIR: Slot 1 admin disabled

AP01#[*12/24/2024 10:42:36.8903] Warning: Stopping dbg_day0_bundle.service, but it can still be activated by:
[*12/24/2024 10:42:36.8903]   dbg_day0_bundle.timer

AP01#

3. 이번에는 WLC GUI에 접속해서 AP를 확인해보겠습니다.

Monitoring ->Wireless ->AP statistics 클릭 합니다.

아래 사진처럼 AP01이 WLC에 등록이 되었고 Admin Status를 표시면 초록색으로 정상적입니다.

테스트를 위해서 WLC GUI에서 AP를 Reset 합니다.

AP를 더블클릭 합니다.

지금까지 [C9800CL][#3]-AP Join Process - Manual Method 글을 읽어주셔서 감사합니다.

다음글은 DHCP option43를 이용해서 AP를 WLC에 등록 하는 글을 다루겠습니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24
[C9800CL][#5]-AP Join Process - DHCP option 43 (1)	2024.12.24
[C9800CL][#3]-AP Join Process (0)	2024.12.24
[C9800CL][#2]-AP Installation with existing WLC (1)	2024.10.23
[C9800CL][#1]-WLC Configuration Setup Wizard (0)	2024.10.08

안녕하세요.

오늘은 AP가 WLC에 등록할때 AP입장에서 패킷이 어떻게 진행되는지 알아보겠습니다.

시스코 공식 홈페이지에 나와 있는지 문서 입니다.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9120axe-access-point/221056-understand-the-ap-join-process-with-the.html

Understand the AP Join Process with the Catalyst 9800 WLC

This document describes in detail the AP Join Process with the Cisco Catalyst 9800 WLC.

www.cisco.com

만약에 WLC에 다른 지역에 있는 상황이라면
Note: As per RFC 5415, CAPWAP uses the UDP Ports 5246 (for CAPWAP Control) and 5247 (for CAPWAP Data).

위에 포트는 방화벽에서 허용 되어야 합니다.

Session Establishment Process.

Access Point sends a Discovery Request. See the WLC Discovery Methods section for more information on this
WLC sends a Discovery Response
DTLS session establishment. After this, all messages after this are encrypted and are shown as DTLS application data packets in any packet analysis tool.
Access Point sends a Join Request
WLC sends a Join Response
AP performs an image check. If it has the same image version as the WLC, then it proceeds with the next step. If it does not, then it downloads the image from the WLC and reboots to load the new image. In such case, it repeats the process from step 1.
Access Point sends a Configuration Status Request.
WLC sends a Configuration Status Response
Access Point goes to RUN State
During the RUN state, CAPWAP Tunnel Maintenance is pefrormed in two ways:
1. Keepalives are exchanged to mantain the CAPWAP Data tunnel
2. AP sends an Echo Request to the WLC, which has to be answered with its respective Echo Response. This is to mantain the CAPWAP Control tunnel.

Wireless LAN Controller Discovery Methods

There are several options to let the Access Points know of the existance of one WLC in the network:

DHCP Option 43: This option provides the APs the IPv4 address of the WLC to join. This process is convenient for large deployments in which the APs and the WLC are in different sites.
DNS Discovery: APs queries the domain name CISCO-CAPWAP-CONTROLLER.localdomain. You must configure your DNS server to resolve either the IPv4 or IPv6 address of the WLC tto join. This option is convenient for deployments in which the WLCs are stored in the same site as the APs.
Layer 3 Broadcast: The APs automatically send a broadcast message to 255.255.255.255. Any WLC within the same subnet as the AP is expected to respond to this discovery request.
Static configuration: You can use the capwap ap primary-base <wlc-hostname> <wlc-IP-address> command to configure a static entry for a WLC in the AP.
Mobility Discovery: If the AP was previously joined to a WLC that was part of a mobility group, the AP also saves a record of the WLCs present in that mobility group.

저희는 위에 방식중에 2가지를 테스트 해보겠습니다.

1. Static Configuration - AP에서 IP주소랑 Default Gateway를 설정하고 수동으로 WLC IP주소를 입력해서 WLC에 AP를 등록하겠습니다.

2. DHCP option 43 - DHCP를 이용해서 AP에 IP주소랑 Default Gateway를 할당하고 WLC주소도 같이 할당하여 AP를 WLC에 등록하겠습니다.

테스트는 다음 과정에서 진행 하겠습니다.

저작자표시

'CISCO > 무선' 카테고리의 다른 글

[C9800CL][#6]-AP hostname를 이용해서 Tag 할당하기 (0)	2024.12.24
[C9800CL][#5]-AP Join Process - DHCP option 43 (1)	2024.12.24
[C9800CL][#4]-AP Join Process - Manual Method (0)	2024.12.24
[C9800CL][#2]-AP Installation with existing WLC (1)	2024.10.23
[C9800CL][#1]-WLC Configuration Setup Wizard (0)	2024.10.08

안녕하세요.

오늘은 Fortigate Explicit Proxy를 UTM기능, SSL deep inspection 같이 사용해보겠습니다.

https://itblog-kr.tistory.com/107

[Fortigate-#17]- Explicit Proxy

안녕하세요. 오늘은 Fortigate를 Explicit Proxy 설정에 대해서 알아보겠습니다. Forti Proxy 없이 Fortigate를 이용해서 Proxy 구성이 가능 합니다. 하지만 제한적인 기능만 가능합니다. Explicit Proxy는 User

itblog-kr.tistory.com

실습을 하기전에 이전 글을 꼭 확인 부탁드립니다.

현재 테스트 가능한 방화벽에서 UTM라이센스를 확인한 결과 아래와 같이 AntiVirus와 Web Filtering를 사용 할수 있습니다.

이 기능만 Enable 하겠습니다. 그리고 대부분에 Traffic이 https로 통신하기 때문에, Fortigate이 SSL를 복호화 해서 패킷을 확인 해야 하기 떄문에 SSL inspection를 deep inspection으로 설정 해야 합니다.

1. Proxy Policy Rule를 더블 클릭 합니다.

2. 아래처럼 설정합니다.

3. PC에서 youtube를 접속합니다.

SSL deep inspection를 선택하면 방화벽이 SSL proxy처럼 동작하기 때문에, certificate issued by 보면 fortigate으로 되어져 있습니다.

이 부분을 해결하기 위해서 Certificate를 설치 합니다.

4. 방화벽에서 Feature Visibility -> Certificates를 Enable합니다.

System -> Certificates -> Local Certificate -> Fortinet_CA_SSL 를 다운로드 받습니다.

5. Certificate를 PC에 다운로드 하고 설치 합니다.

User PC에서 다시 Youtube를 접속합니다.

지금까지 글을 읽어주셔서 감사합니다.

[Fortigate-#18]- Explicit Proxy with UTM function

저작자표시

'FORTINET > FORTIGATE 방화벽' 카테고리의 다른 글

[Fortigate-#20]- DDNS - Single WAN (0)	2024.12.28
[Fortigate-#19]- IP SLA (0)	2024.12.28
[Fortigate-#17]- Explicit Proxy (0)	2024.12.23
[Fortigate-#16]- SSL VPN Remote Access - Forticlient (0)	2024.12.12
[Fortigate-#15]- Firmware Upgrade path (0)	2024.12.11

안녕하세요.

오늘은 Fortigate를 Explicit Proxy 설정에 대해서 알아보겠습니다.

Forti Proxy 없이 Fortigate를 이용해서 Proxy 구성이 가능 합니다.

하지만 제한적인 기능만 가능합니다.

Explicit Proxy는 User PC에 Proxy 설정이 되어야지 인터넷 사용이 가능 합니다.

Transperant Proxy는 User PC proxy 설정없이 자동으로 http/https traffic를 redirect to proxy해서 정책 적용 가능 합니다.

지금부터 Fortigate Explicit Proxy 설정에 하겠습니다.

FortiGate

WAN: 202.14.X.X

LAN: 192.168.10.181/24

PC: 192.168.10.106

GW: 192.168.10.181

1. Explicit 기능을 활성화 합니다.

2. 실제로 traffic이 fortigate 들어오는 Interface - internal에서 Explicit web proxy를 Enable 합니다.

3. Explicit Proxy 설정합니다.

4. Proxy Policy 설정합니다.

UTM기능을 함깨 사용 할수 있습니다. 보안을 제대로 설정하기 위해서는 SSL inspection를 deep inspection으로 수정하고, Certificate를 PC에 설정한 후에 UTM기능을 사용 하여 보안을 강화 할수 있습니다.

이 부분은 다음장에서 설명 하겠습니다.

5. PC에서 Proxy를 설정합니다.

5-1 open network & Internet setting

5-2 왼쪽에 proxy를 선택 합니다.

아래처럼 설정 합니다.

PC IP: 192.168.10.106

GW: 192.168.10.181

Proxy ip: 192.168.10.181

Booking.com접속 합니다.

아래 wireshark로 https 패킷을 보면, https 패킷이 Proxy로 전달되는 것을 볼수 있습니다.

6. Fortigate에서 Hit count 확인하기

Log확인하기

Forti View로 확인하기

지금까지 [Fortigate-#17]- Explicit Proxy 글을 읽어주셔서 감사합니다.

저작자표시

'FORTINET > FORTIGATE 방화벽' 카테고리의 다른 글

[Fortigate-#19]- IP SLA (0)	2024.12.28
[Fortigate-#18]- Explicit Proxy with UTM function (0)	2024.12.23
[Fortigate-#16]- SSL VPN Remote Access - Forticlient (0)	2024.12.12
[Fortigate-#15]- Firmware Upgrade path (0)	2024.12.11
[Fortigate-#14]- firewall does not work after upgrading firmware (0)	2024.12.11

안녕하세요.

이번에는 admin account말고 다른 user account를 생성해서 phpIPAM URL를 접속해보겠습니다.

1. Password Policy를 클릭 합니다.

아래처럼 Password Policy를 수정 하여 규칙이 어긋하면 user account 생성이 불가능 합니다.

2. Users를 클릭 합니다.

3. Create User를 클릭 합니다.

4. user account를 생성 합니다.

kevin account가 생성 되었습니다.

show user를 클릭하면 정보를 확인 할 수 있습니다.

admin계정을 logoff하고 kevin 계정으로 로그인 합니다.

정상적으로 로그인 되었습니다.

지금까지 [phpIPAM][#8]- User 생성 글을 읽어주셔서 감사합니다.

저작자표시

'IPAM Tools > phpIPAM' 카테고리의 다른 글

[phpIPAM][#8]- IP scan (0)	2025.01.08
[phpIPAM][#7]- basic administration Setting (0)	2024.12.22
[phpIPAM][#6]-fping and snmp install for scan (0)	2024.12.22
[phpIPAM][#5]-phpIPAM install (1)	2024.12.22
[phpIPAM][#4]-ssh server install (0)	2024.12.22

안녕하세요.

오늘은 phpIPAM에 administration page에 대해서 알아보겠습니다.

Site title: KEVIN'S IPPAM

Pretify links: Yes로 변경

Default Lanuage:

Default Theme: 배경을 Black또는 White를 선택 할수 있습니다.

나머지는 디폴트를 선택 합니다.

Enable FirewallZones

Enable Resolve DNS name

Enable SNMP module

나머지는 디폴트로 두고 저장합니다.

kevin@kevin-virtual-machine:/etc/apache2$ cd /bin
kevin@kevin-virtual-machine:/bin$ find fping
fping

kevin@kevin-virtual-machine:/bin$ find ping
ping

위에 경로에서 ping과 fping를 찾을수 있습니다.

Title이 KEVIN'S IPPAM 변경되었습니다.

저작자표시

'IPAM Tools > phpIPAM' 카테고리의 다른 글

[phpIPAM][#8]- IP scan (0)	2025.01.08
[phpIPAM][#8]- User 생성 (0)	2024.12.22
[phpIPAM][#6]-fping and snmp install for scan (0)	2024.12.22
[phpIPAM][#5]-phpIPAM install (1)	2024.12.22
[phpIPAM][#4]-ssh server install (0)	2024.12.22

안녕하세요.

phpIPAM에서 ip subnet 기반으로 End Device를 scan할수 있습니다.

phpIPAM은 다른 기능으로도 End Device를 scan 할수 있습니다.

Discovery scans

1. Ping scan

2. Telent scan

3. SNMP nested subnets scan

4. SNMP ARP scan

5. SNMP MAC address scan

관련 기능들을 추가적으로 사용 하기위에서는 fping , snmp등이 설치가 되어야 합니다.

sudo apt-get install fping
sudo apt-get install php-snmp

설치 과정 입니다.

kevin@kevin-virtual-machine:~$ sudo apt-get install fping
[sudo] password for kevin:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  fping
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 32,0 kB of archives.
After this operation, 90,1 kB of additional disk space will be used.
Get:1 http://id.archive.ubuntu.com/ubuntu jammy/universe amd64 fping amd64 5.1-1 [32,0 kB]
Fetched 32,0 kB in 0s (201 kB/s)
Selecting previously unselected package fping.
(Reading database ... 171483 files and directories currently installed.)
Preparing to unpack .../archives/fping_5.1-1_amd64.deb ...
Unpacking fping (5.1-1) ...
Setting up fping (5.1-1) ...
Processing triggers for man-db (2.10.2-1) ...
kevin@kevin-virtual-machine:~$ sudo apt-get install php-snmp
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  php8.1-snmp snmp
The following NEW packages will be installed:
  php-snmp php8.1-snmp snmp
0 upgraded, 3 newly installed, 0 to remove and 3 not upgraded.
Need to get 201 kB of archives.
After this operation, 810 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 php8.1-snmp amd64 8.1.2-1ubuntu2.20 [23,2 kB]
Get:2 http://id.archive.ubuntu.com/ubuntu jammy/main amd64 php-snmp all 2:8.1+92ubuntu1 [1.836 B]
Get:3 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 snmp amd64 5.9.1+dfsg-1ubuntu2.6 [176 kB]
Fetched 201 kB in 0s (689 kB/s)
Selecting previously unselected package php8.1-snmp.
(Reading database ... 171493 files and directories currently installed.)
Preparing to unpack .../php8.1-snmp_8.1.2-1ubuntu2.20_amd64.deb ...
Unpacking php8.1-snmp (8.1.2-1ubuntu2.20) ...
Selecting previously unselected package php-snmp.
Preparing to unpack .../php-snmp_2%3a8.1+92ubuntu1_all.deb ...
Unpacking php-snmp (2:8.1+92ubuntu1) ...
Selecting previously unselected package snmp.
Preparing to unpack .../snmp_5.9.1+dfsg-1ubuntu2.6_amd64.deb ...
Unpacking snmp (5.9.1+dfsg-1ubuntu2.6) ...
Setting up php8.1-snmp (8.1.2-1ubuntu2.20) ...

Creating config file /etc/php/8.1/mods-available/snmp.ini with new version
Setting up snmp (5.9.1+dfsg-1ubuntu2.6) ...
Setting up php-snmp (2:8.1+92ubuntu1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libapache2-mod-php8.1 (8.1.2-1ubuntu2.20) ...
Processing triggers for php8.1-cli (8.1.2-1ubuntu2.20) ...

그리고 /etc/apache2/apache2.conf 파일에 수정이 필요합니다.

vi /etc/apache2/apache2.conf

아래처럼 추가합니다.

<Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride all
        order allow,deny
        Allow from all
        #Require all granted
</Directory>

apache를 새로 시작 합니다

sudo systemctl restart apache2

지금까지 [phpIPAM][#6]-fping and snmp install for scan 글을 읽어주셔서 감사합니다.

저작자표시

'IPAM Tools > phpIPAM' 카테고리의 다른 글

[phpIPAM][#8]- User 생성 (0)	2024.12.22
[phpIPAM][#7]- basic administration Setting (0)	2024.12.22
[phpIPAM][#5]-phpIPAM install (1)	2024.12.22
[phpIPAM][#4]-ssh server install (0)	2024.12.22
[phpIPAM][#3]-Ubuntu update and upgrade (1)	2024.12.22

안녕하세요.

오늘은 phpIPAM를 설치해보겠습니다.

1. PC에서 putty 또는 crt를 사용해서 ubuntu 서버에 접속합니다.

2. 필요한 utility를 설치 합니다.

sudo apt install curl wget zip git -y

3. Apache httpd랑 mysql를 설치 합니다.

sudo apt install apache2 mariadb-server mariadb-client -y

4. PHP Components를 설치 합니다.

sudo apt install php php-curl php-common php-gmp php-mbstring php-gd php-xml php-mysql php-ldap php-pear -y

5. MySQL Database를 설치 합니다

sudo su
mysql_secure_installation

Press Enter to login as root - password를 입력 합니다.
Type N and press Enter to not switch to unix socket authentication
Type Y and press Enter to set a root password, type the password twice to confirm
Type Y and press Enter to remove anonymous users
Type Y and press Enter to disallow root login remotely
Type Y and press Enter to remove the test database
Type Y and press Enter to reload privilege tables

아래는 결과값 입니다.

kevin@kevin-virtual-machine:~$ sudo su
root@kevin-virtual-machine:/home/kevin# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Sorry, passwords do not match.

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
root@kevin-virtual-machine:/home/kevin#

6. MySQL Table를 생성합니다.

mysql -u root -p

CREATE DATABASE php_ipam;
GRANT ALL ON php_ipam.* to 'php_ipam_rw'@'localhost' IDENTIFIED BY 'P4P1p@m!!';
FLUSH PRIVILEGES;
EXIT;
exit

아래는 결과값입니다. 패스워드를 위와 같이 사용 하겠습니다.

root@kevin-virtual-machine:/home/kevin#
mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 39
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>    CREATE DATABASE php_ipam;
Query OK, 1 row affected (0,001 sec)

MariaDB [(none)]>    GRANT ALL ON php_ipam.* to 'php_ipam_rw'@'localhost' IDENTIFIED BY 'P4P1p@m!!';
Query OK, 0 rows affected (0,002 sec)

MariaDB [(none)]>    FLUSH PRIVILEGES;
Query OK, 0 rows affected (0,001 sec)

MariaDB [(none)]>    EXIT;
Bye
root@kevin-virtual-machine:/home/kevin#    exit~
exit~: command not found

7. 나머지 설정을 하겠습니다.

git를 사용해서 phpipam를 다운로드 받습니다.

sudo git clone https://github.com/phpipam/phpipam.git /var/www/html/phpipam

root@kevin-virtual-machine:/home/kevin# sudo git clone https://github.com/phpipam/phpipam.git /var/www/html/phpipam
Cloning into '/var/www/html/phpipam'...
remote: Enumerating objects: 35088, done.
remote: Counting objects: 100% (1427/1427), done.
remote: Compressing objects: 100% (425/425), done.
remote: Total 35088 (delta 1243), reused 1002 (delta 1002), pack-reused 33661 (from 3)
Receiving objects: 100% (35088/35088), 28.16 MiB | 1.12 MiB/s, done.
Resolving deltas: 100% (25403/25403), done.
root@kevin-virtual-machine:/home/kevin#

8. /var/www/html/phpipam 폴더에 이동합니다.

cd /var/www/html/phpipam

9. 최신버전을 확인합니다.

sudo git checkout "$(git tag --sort=v:tag | tail -n1)"

아래는 결과값입니다.

root@kevin-virtual-machine:/var/www/html/phpipam# sudo git checkout "$(git tag --sort=v:tag | tail -n1)"
Note: switching to 'v1.7.3'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

git switch -c <new-branch-name>

Or undo this operation with:

git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at 602d8122 Bugfix: PDNS PHP8 compatibility cleanup. Fixes #4337
root@kevin-virtual-machine:/var/www/html/phpipam#

10. phpipam 폴더 onwer를 설정 합니다.

sudo chown -R www-data:www-data /var/www/html/phpipam

11. sample config file를 복사합니다

sudo cp /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.php

12. config.php 파일을 수정하기 위해서 vim를 설치 합니다

sudo apt-get install vim

13. config.php 파일을 수정합니다.

sudo vim /var/www/html/phpipam/config.php

아래처럼 주석처리 하고 새로운 설정값을 생성하고 저장합니다.

#$db['host'] = '127.0.0.1';
#$db['user'] = 'phpipam';
#$db['pass'] = 'phpipamadmin';
#$db['name'] = 'phpipam';
#$db['port'] = 3306;

         $db['host'] = '127.0.0.1';
         $db['user'] = 'php_ipam_rw';
         $db['pass'] = 'P4P1p@m!!';
         $db['name'] = 'php_ipam';
         $db['port'] = 3306;

         define('BASE', "/phpipam/");

14. 서비스를 시작 합니다.

sudo a2enmod rewrite
sudo systemctl restart apache2

15. 이제 실제로 phpIPAM를 설치 하기 위해서 아래처럼 입력합니다

http://192.168.10.117/phpipam

admin페이지 password를 입력합니다.

저작자표시

'IPAM Tools > phpIPAM' 카테고리의 다른 글

[phpIPAM][#7]- basic administration Setting (0)	2024.12.22
[phpIPAM][#6]-fping and snmp install for scan (0)	2024.12.22
[phpIPAM][#4]-ssh server install (0)	2024.12.22
[phpIPAM][#3]-Ubuntu update and upgrade (1)	2024.12.22
[phpIPAM][#2]-Ubuntu 22.04.5 install (0)	2024.12.22

안녕하세요.

이번에는 PC에서 ubuntu server에 SSH로 접속하기 위해서 ubuntu server에 ssh server를 설치 합니다.

1. 아래처럼 openssh-server를 설치 합니다.

sudo apt-get install openssh-server

2. SSH Server를 시작 합니다.

sudo systemctl start ssh

3. 서버가 다시 재부팅되더라도 자동으로 SSH 서비스가 시작 될수 있게 설정 합니다.

sudo systemctl enable ssh

5. PC에서 CRT또는 PUTTY를 사용해서 ubuntu 서버에 접속을 시도 합니다.

지금까지 [phpIPAM][#4]-ssh server install 글을 읽어주셔서 감사합니다.

저작자표시

'IPAM Tools > phpIPAM' 카테고리의 다른 글

[phpIPAM][#6]-fping and snmp install for scan (0)	2024.12.22
[phpIPAM][#5]-phpIPAM install (1)	2024.12.22
[phpIPAM][#3]-Ubuntu update and upgrade (1)	2024.12.22
[phpIPAM][#2]-Ubuntu 22.04.5 install (0)	2024.12.22
[phpIPAM][#1]-phpIPAM (0)	2024.12.22