這個是一個很常見的問題. 總是會有使用者自己手動設定IP使得別人的電腦造成IP衝突. 當發生IP衝突的時候記得抄一下那個使用者的MAC address. 進去 Cisco Switch 找該網路孔. 用下列指令列出MAC address

3750#show mac address-table
         Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0aaa.bbbc    STATIC      CPU
 All    0100.0aaa.bbbd    STATIC      CPU
 All    0180.cc00.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
  2    00e0.812d.xxxx    DYNAMIC     Gi1/0/16
  2    00e0.812d.xxxx    DYNAMIC     Gi1/0/20
  2    00e0.812d.xxxx    DYNAMIC     Gi1/0/18
  5    000c.298d.xxxx    DYNAMIC     Gi1/0/19
  5    000d.93c8.xxxx    DYNAMIC     Gi1/0/2
  5    000e.7fe0.xxxx    DYNAMIC     Gi1/0/19
  5    000e.7fe8.xxxx    DYNAMIC     Gi1/0/19
Total Mac Addresses for this criterion: xx

在上列的結果比對是否有該使用者的MAC address. 假設使用者的MAC address 出現在 Gi1/0/19 孔上面. 然後就把它關掉.

3750#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3750(config)#interface Gi1/0/19
3750(config-if)#shutdown

這樣那個使用者就不能用那個孔上網路. 沒多久使用者就會來說他不能上網. 這樣就搞定了.

lacp 全名是 Link Aggregation Control Protocol. 它是 IEEE 標準規格 802.3ad. 可以將上許多不同的實體連接埠(port)邏輯的共同結合在一起, 視為一條線路. 作這樣的設定好處有. 可做到failover, 還有加速. (話雖如此我還沒感受到它加速的威力. 還不知到怎麼測試).

首先你要先組態(config) Cisco Switch.
1. 關掉你要設定的 ports

# configure terminal
# interface range GigabitEthernet 1/0/1-2
# shutdown

2. 設定你要合併的 ports, 在這裡我多設定VLAN 500.

#  switchport access vlan 500
# switchport trunk encapsulation dot1q
# switchport trunk native vlan 500
# switchport trunk allowed vlan 500
# switchport mode trunk
# switchport nonegotiate
# speed 1000
# channel-group 1 mode active

3. 檢查你剛剛的設定

# show running-config
(omit)
!
interface Port-channel1
 switchport access vlan 500
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport trunk allowed vlan 500
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/1
 description tonnerre-inside1
 switchport access vlan 500
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport trunk allowed vlan 500
 switchport mode trunk
 switchport nonegotiate
 speed 1000
 channel-group 1 mode active
!
interface GigabitEthernet1/0/2
 description tonnerre-inside2
 switchport access vlan 500
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 500
 switchport trunk allowed vlan 500
 switchport mode trunk
 switchport nonegotiate
 speed 1000
 channel-group 1 mode active
!
(omit)

4. 設定spanning-tree 模式為 pvst (這我還不太清楚為什麼?)

# configure terminal
# spanning-tree mode pvst

5. 啓用剛剛關掉的那些 ports

# configure terminal
# interface range GigabitEthernet 1/0/1-2
# no shutdown

6. 檢查 lacp 狀態

# show lacp internal
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     

Channel group 1
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi1/0/1   SA      bndl      32768         0x1       0x1     0x15        0x3D
Gi1/0/2   SA      bndl      32768         0x1       0x1     0x16        0x3D 

# show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     

Channel group 1 neighbors

Partner's information:

                  LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Gi1/0/1   FA      32768     0017.xxxx.xxxx   0s    0x0    0x64   0x15    0x3D
Gi1/0/2   FA      32768     0017.xxxx.xxxx   0s    0x0    0x64   0x16    0x3D

在RHEL5的設定如下 :
1. 編輯 eth0, eth1

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

2. 建立 bond0.

# vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=10.1.0.0
NETMASK=255.255.0.0
IPADDR=10.1.1.241
USERCTL=no

3. 設定 bond0 module

# vi /etc/modprobe.conf
alias bond0 bonding
options bond0 mode=4 miimon=100 lacp_rate=1

mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

4. 重新啓動網路

# service network restart

5. 檢查lacp狀態

# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

802.3ad info
LACP rate: fast
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 17
        Partner Key: 2
        Partner Mac Address: 00:1c:f9:xx:xx:xx

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:1e:c9:xx:xx:xx
Aggregator ID: 1

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:1e:c9:xx:xx:xx
Aggregator ID: 1

這樣就完成了. 我還有很多不懂的地方.還需要慢慢學習.

• Restart immediately

To restart or reboot a Cisco immediately, in enable mode:
#reload

• Restart in N minutes

#reload in N

檢查 interfaces 找看看有哪些異常. 下列斜體字就是基本該檢查的部份. e.g. reliability, Input queue, input / output rate, input errors, and so on..

cisco-3560#show interfaces

GigabitEthernet0/1 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet, address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)

Description: ‘UPLINK, TO UPLINK-G1/0/1′

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:25, output 00:00:00, output hang never

Last clearing of “show interface” counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 4614000 bits/sec, 676 packets/sec

5 minute output rate 7537000 bits/sec, 732 packets/sec

1390054399 packets input, 3062338575 bytes, 0 no buffer

Received 320051 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 320036 multicast, 0 pause input

0 input packets with dribble condition detected

3713836416 packets output, 2891595501 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

可以清除某個介面重新觀察.

cisco-3560#clear interface GigabitEthernet 0/1

檢查 CPU是否有過載.

cisco-3560#show processes cpu

CPU utilization for five seconds: 7%/2%; one minute: 7%; five minutes: 7%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

1 0 16 0 0.00% 0.00% 0.00% 0 Chunk Manager

2 73 1280349 0 0.00% 0.00% 0.00% 0 Load Meter

3 0 1 0 0.00% 0.00% 0.00% 0 CEF IPC Backgrou

檢查是否有異常的logs?

cisco-3560#show logging

Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

!
interface Port-channel1
description bcbay1
switchport access vlan 500
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/13
description bcbay1_1
switchport access vlan 500
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
speed 1000
no mdix auto
channel-group 1 mode on
!
interface GigabitEthernet1/0/14
description bcbay1_2
switchport access vlan 500
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
speed 1000
no mdix auto
channel-group 1 mode on
!

Router1#copy running-config startup-config
將目前記憶體的組態複製到開機的組態.也就是說儲存目前的設定 :

Router1#show version
顯示目前版本資訊

Router1#copy tftp://172.25.1.1/NEWCONFIG running-config
Destination filename [running-config]?
Accessing tftp://172.25.1.1/NEWCONFIG…
Loading NEWCONFIG from 172.25.1.1 (via FastEthernet0/0.1): !
[OK - 24 bytes]
24 bytes copied in 0.192 secs (125 bytes/sec)
Router1#
複製 tftp 組態到執行組態

###### Saving Router Configuration to Server ######
Freebsd% touch /tftpboot/router1-confg
Freebsd% chmod 666 /tftpboot/router1-confg
Freebsd% telnet Router1
Trying 172.25.1.5…
Connected to Router1.
Escape character is ‘^]’.
User Access Verification
Password:
Router1>enable
Password:
Router1#copy running-config tftp://172.25.1.1/router1-confg
Address or name of remote host [172.25.1.1]?
Destination filename [router1-confg]?
!!!
9640 bytes copied in 3.956 secs (2437 bytes/sec)
Router1#

###### Loading a New IOS Image ######
Router1#copy tftp://172.25.1.1/c2600-ik9o3s-mz.122-12a.bin flash:
Destination filename [c2600-ik9o3s-mz.122-12a.bin]?
Accessing tftp://172.25.1.1/c2600-ik9o3s-mz.122-12a.bin…
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing
device… eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee …
erased
Erase of flash: complete
Loading c2600-ik9o3s-mz.122-12a.bin from 172.25.1.1 (via FastEthernet0/0.1):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 11135588 bytes]
Verifying checksum… OK (0xE643)
11135588 bytes copied in 82.236 secs (135410 bytes/sec)
Router1# reload
Proceed with reload? [confirm]