安装镜像与virt-manager的网口配置
使用virt-manager安装完成交换机之后,在显示虚拟硬件详情的菜单项下面配置虚拟网口配置为虚拟网络*路由到某个网口(默认的是虚拟网络default: NAT, 需要自行去创建一个网口,配置网口的取值范围),设备型号选择e1000
具体操作参考在KVM中通过导入qcow2镜像方式安装虚拟机(图形界面)
所有操作Cisco设备的命令在不同系列和版本下可能完全不同,绝对不要照抄命令,需要经常输入?和help字符去获取可用命令以及命令解释,在具体设备上使用具体命令,配置的大体流程逻辑是相同的,本次示例使用版本为Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423) Switch
配置交换机网口
进入特权模式,这边配置的网口为GigabitEthernet 0/0,ip地址与掩码为192.168.1.222/24
Switch> enableSwitch> enable查看当前网口配置, 一般会出现一个Gi...0/0的网口,选择配置这个,如果没有看到这个网口,需要去重新配置virt-manager的对应虚拟机网口
Switch# show ip interface
GigabitEthernet0/0 is up, line protocol is up
....Switch# show ip interface
GigabitEthernet0/0 is up, line protocol is up
....进入全局配置模式
Switch# configure terminalSwitch# configure terminal开始配置Gi0/0网口
Switch(config)#interface GigabitEthernet 0/0Switch(config)#interface GigabitEthernet 0/0如果已经有配置,想修改配置,需要重置一下该网口配置
Switch(config-if)# no ip addressSwitch(config-if)# no ip address在三层交换机上面,可以把二层接口改为三层接口,把该网口配置为等于一个路由器上的接口
Switch(config-if)#no switchportSwitch(config-if)#no switchport配置网口IP和掩码
Switch(config-if)#ip address 192.168.1.222 255.255.255.0Switch(config-if)#ip address 192.168.1.222 255.255.255.0确保网卡状态是up, 如果要down网卡,直接shutdown即可
Switch(config-if)#no shutdownSwitch(config-if)#no shutdown退出网口配置模式
Switch(config-if)#endSwitch(config-if)#end查看网口配置信息,网口状态是up并且ip,掩码等信息都有
Switch#show ip interface
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.222/24
Broadcast address is 255.255.255.255
.......Switch#show ip interface
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.222/24
Broadcast address is 255.255.255.255
.......要将配置的设置保存到启动配置文件,保证下次重启的时候网口配置还在,在弹出对话问题行输入startup-config
Switch#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
Compressed configuration from 2758 bytes to 1360 bytes[OK]Switch#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
Compressed configuration from 2758 bytes to 1360 bytes[OK]配置完成之后可以在自己的pc机器上面去ping交换机网口的IP,如果网络不通的话需要重启一下交换机,直接在virt-manager控制台那边点击按钮强制关机重启就行
配置开启snmp
进入特权模式,配置开启snmp v2,community认证参数是public
Switch> enableSwitch> enable查看snmp协议是否开启
Switch# show snmpSwitch# show snmp进入全局配置模式
Switch# configure terminalSwitch# configure terminal设置只读字符串,public为community认证参数,ro为只读,rw为读写
Switch<config># snmp-server community public roSwitch<config># snmp-server community public ro退出配置模式
Switch<config># endSwitch<config># end查看snmp状态
Switch#show snmp
Chassis: 9NA6LLEED7N
1758 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
1757 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
1757 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
1758 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
1757 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabledSwitch#show snmp
Chassis: 9NA6LLEED7N
1758 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
1757 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
1757 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
1758 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
1757 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled要将配置的设置保存到启动配置文件,保证下次重启的时候网口配置还在,在弹出对话问题行输入startup-config
Switch#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
Compressed configuration from 2758 bytes to 1360 bytes[OK]Switch#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
Compressed configuration from 2758 bytes to 1360 bytes[OK]重启机器之后验证网口配置和snmp配置是否还在
Switch>enable
Switch#show ip interface
Switch#show snmpSwitch>enable
Switch#show ip interface
Switch#show snmp结果验证
在自己的pc机器上面进行配置结果验证
ping验证
$ ping 192.168.1.222
PING 192.168.1.222 (192.168.1.222) 56(84) bytes of data.
64 bytes from 192.168.1.222: icmp_seq=1 ttl=255 time=0.999 ms$ ping 192.168.1.222
PING 192.168.1.222 (192.168.1.222) 56(84) bytes of data.
64 bytes from 192.168.1.222: icmp_seq=1 ttl=255 time=0.999 msudp端口扫描验证
$ sudo nmap -sU 192.168.1.222 -p 161
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-12 18:45 CST
Nmap scan report for 192.168.1.222
Host is up (0.0014s latency).
PORT STATE SERVICE
161/udp open snmp
MAC Address: 52:54:00:0E:67:57 (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds$ sudo nmap -sU 192.168.1.222 -p 161
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-12 18:45 CST
Nmap scan report for 192.168.1.222
Host is up (0.0014s latency).
PORT STATE SERVICE
161/udp open snmp
MAC Address: 52:54:00:0E:67:57 (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 2.36 secondssnmp请求验证(注意,该查询会产生大量输出)
$ snmpwalk -v 2c -c public 192.168.1.222 .1
# 输出中会包含cisco和switch等关键字
...
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Ci
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1227
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (120690) 0:20:06.90
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: Switch
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 78
...$ snmpwalk -v 2c -c public 192.168.1.222 .1
# 输出中会包含cisco和switch等关键字
...
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Ci
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1227
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (120690) 0:20:06.90
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: Switch
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 78
...ssh拓展
cisco开启ssh服务
配置域名,生成rsa密钥对
最后检查ssh,当出现SSH Enabled表示开启成功
Switch# configure terminal
Switch(config)#ip domain name cisco.com
Switch(config)#crypto key generate rsa general-keys modulus 1024
Switch(config)#exit
Switch#show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): Switch.cisco.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC891aSHX4Sz1jU4DTKDPl08iwIJSt30vbh2wiTHaSl
aphjxU6rFtZOH8Hw3Rdrw3v6ia6J+RF7x+Xa3gPCfZjiI7ysPgVpvUmTNnQ8vlMsEVi+v8EtwfPKlABj
X/jWGFfmqFD0unFJwSReFEkA2yFRkD0NqO1koIrvA1nTjPGZpQ==Switch# configure terminal
Switch(config)#ip domain name cisco.com
Switch(config)#crypto key generate rsa general-keys modulus 1024
Switch(config)#exit
Switch#show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): Switch.cisco.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC891aSHX4Sz1jU4DTKDPl08iwIJSt30vbh2wiTHaSl
aphjxU6rFtZOH8Hw3Rdrw3v6ia6J+RF7x+Xa3gPCfZjiI7ysPgVpvUmTNnQ8vlMsEVi+v8EtwfPKlABj
X/jWGFfmqFD0unFJwSReFEkA2yFRkD0NqO1koIrvA1nTjPGZpQ==参考阅读
Linux使用virt-manager生成qcow2系统镜像并启动虚拟机