是否有一个 DHCPv4 选项允许客户端告诉服务器从不或至少在一段时间内拒绝任何其他客户端硬件地址而不是它自己的?
我正在寻找一种方法来拒绝任何其他主机获取 ISP 通过 DHCPv4 分配的管理地址。只有某个路由器应该请求该管理地址。任何其他主机都不能通过发送发现和请求来窃取地址。
为什么我不能阻止这种情况?因为路由器和调制解调器没有被锁起来,所以我不能阻止办公室里的人不小心这样做。
是的,我知道 MAC 地址欺骗。
我想要一个安静的命令行,例如(config)# no logging console原因。不过,我想使用# debug命令。在我看来,这# debug取决于系统日志级别 7。所以我不能有一个安静的 CLI 并同时阅读调试消息。
有解决方法吗?
Host(config)#logging ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurrence
discriminator Create or modify a message discriminator
dmvpn DMVPN Configuration
esm Set ESM filter restrictions
exception Limit size of exception flush output
facility Facility parameter for syslog messages
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
persistent Set persistent logging parameters
queue-limit Set logger message queue size
rate-limit Set messages per second limit
reload Set reload logging level
server-arp Enable sending ARP requests for syslog servers when first configured
source-interface Specify interface for source address in logging transactions
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling
Host(config)#logging console ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
discriminator Establish MD-Console association
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
filtered Enable filtered logging
guaranteed Guarantee console messages
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
xml Enable logging in XML
<cr>
使用cpt_fink解决方案的示例:
之后logging console critical和logging buffered 64000 debug之后:clear log_Host
Host#show log
Syslog logging: enabled (12 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level critical, 20 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 4 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 36 message lines logged
Log Buffer (64000 bytes):
Host#
Host#
Host#debug ip icmp
ICMP packet debugging is on
Host#
Host#
Host#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Host(config)#
Host(config)#interface fastethernet0/1
Host(config-if)#
Host(config-if)#ip address 192.168.0.1 255.255.255.0
Host(config-if)#
Host(config-if)#no shut
Host(config-if)#end
Host#
Host#
Host#show log
Syslog logging: enabled (12 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level critical, 20 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 5 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 37 message lines logged
Log Buffer (64000 bytes):
Nov 4 18:03:05.551: %SYS-5-CONFIG_I: Configured from console by console
Host#
让我们触发一个 ICMP 调试消息。
Host_2#ping 192.168.0.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
.
Success rate is 0 percent (0/1)
Host_2#
Host_2#
Host_2#ping 192.168.0.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 12/12/12 ms
Host_2#
让我们查找系统日志:
Host#show log
Syslog logging: enabled (12 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level critical, 20 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 6 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 37 message lines logged
Log Buffer (64000 bytes):
Nov 4 18:03:05.551: %SYS-5-CONFIG_I: Configured from console by console
Nov 4 18:04:47.527: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Host#
让我们发出通常会导致烦人消息的命令:
Host#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Host(config)#
Host(config)#interface fastethernet0/0
Host(config-if)#
Host(config-if)#shut
Host(config-if)#
Host(config-if)#exit
Host(config)#
Host(config)#
Host(config)#interface fastethernet0/1
Host(config-if)#
Host(config-if)#shut
Host(config-if)#
Host(config-if)#exit
Host(config)#
Host(config)#end
Host#
让我们查找系统日志:
Host#show log
Syslog logging: enabled (12 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level critical, 20 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 11 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 42 message lines logged
Log Buffer (64000 bytes):
Nov 4 18:03:05.551: %SYS-5-CONFIG_I: Configured from console by console
Nov 4 18:04:47.527: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 4 18:11:57.371: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
Nov 4 18:11:58.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Nov 4 18:12:07.619: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
Nov 4 18:12:08.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
Nov 4 18:12:36.111: %SYS-5-CONFIG_I: Configured from console by console
Host#
- 我喜欢什么:我可以在 CLI 上工作而不会中断。
- 我不喜欢的:我仍然收到未记录的消息
debug ip icmp。
使用cpt_fink的解决方案标记为正确答案的示例:
配置:
Router_1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router_1(config)#
Router_1(config)#logging console
Router_1(config)#
Router_1(config)#logging console critical
Router_1(config)#
Router_1(config)#logging buffered 64000 debug
Router_1(config)#
Router_1(config)#do clock set 07:29:30 5 november 2014
Router_1(config)#
Router_1(config)#end
Router_1#
Router_1#debug ip icmp
ICMP packet debugging is on
Router_1#
让我们创建至少一条消息:
Router_2#ping 192.168.0.1 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
Router_2#
让我们查找系统日志:
Router_1#show logging | include ICMP
Nov 5 07:30:05.463: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:30:05.467: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Router_1#
让我们挑起更多消息:
Router_2#ping 192.168.0.1 repeat 11
Type escape sequence to abort.
Sending 11, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!!!!!!!
Success rate is 100 percent (11/11), round-trip min/avg/max = 4/4/4 ms
Router_2#
让我们查找系统日志:
Router_1#show logging | include ICMP
Nov 5 07:30:05.463: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:30:05.467: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.807: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.811: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.815: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.819: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.823: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.827: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.831: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.835: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.839: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.843: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Nov 5 07:32:24.847: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
Router_1#
按照命令应该show ?是show sessions显示Information about Telnet connections。虽然我已连接,但会话未显示。两台设备都运行 Cisco IOS。如何查找当前的 Telnet 会话?
在运行 Telnet 服务器的路由器上:
Router2#debug telnet
Incoming Telnet debugging is on
Router2#
Router2#
Oct 25 13:34:59.063: Telnet226: 1 1 251 1
Oct 25 13:34:59.063: TCP226: Telnet sent WILL ECHO (1)
Oct 25 13:34:59.063: Telnet226: 2 2 251 3
Oct 25 13:34:59.063: TCP226: Telnet sent WILL SUPPRESS-GA (3)
Oct 25 13:34:59.063: Telnet226: 80000 80000 253 24
Oct 25 13:34:59.063: TCP226: Telnet sent DO TTY-TYPE (24)
Oct 25 13:34:59.063: Telnet226: 10000000 10000000 253 31
Oct 25 13:34:59.063: TCP226: Telnet sent DO WINDOW-SIZE (31)
Oct 25 13:34:59.071: TCP226: Telnet received DO SUPPRESS-GA (3)
Oct 25 13:34:59.075: TCP226: Telnet received WILL TTY-LOCATION (23) (refused)
Oct 25 13:34:59.079: TCP226: Telnet sent DONT TTY-LOCATION (23)
Oct 25 13:34:59.083: TCP226: Telnet received WILL TTY-SPEED (32) (refused)
Oct 25 13:34:59.087: TCP226: Telnet sent DONT TTY-SPEED (32)
Oct 25 13:34:59.091: TCP226: Telnet received WILL WINDOW-SIZE (31)
Oct 25 13:34:59.091: TCP226: Telnet received WILL LOCAL-FLOW (33)
Oct 25 13:34:59.095: TCP226: Telnet sent DO LOCAL-FLOW (33)
Oct 25 13:34:59.099: Telnet226: Sent SB 33 0
Oct 25 13:34:59.099: TCP226: Telnet received DO ECHO (1)
Oct 25 13:34:59.103: TCP226: Telnet received WONT TTY-TYPE (24)
Oct 25 13:34:59.103: TCP226: Telnet sent DONT TTY-TYPE (24)
Oct 25 13:34:59.103: Telnet226: recv SB NAWS 80 24
Oct 25 13:34:59.107: TCP226: Telnet received WONT TTY-LOCATION (23)
Oct 25 13:34:59.115: TCP226: Telnet received WONT TTY-SPEED (32)
Router2#
Router2#
Router2#show sessions
% No connections open
Router2#
在连接到 Telnet 服务器的路由器上:
Router2>show sessions
% No connections open
Router2>
Router2>
Router2>enable
Password:
Router2#
Router2#show sessions
% No connections open
Router2#
反向区域是否可以在 NS 记录中命名另一个 DNS 服务器?我想将子网内所有地址的 DNS 委托给使用该子网的站点。我们的办公室租用了一个由我们的 ISP 路由的子网。我们希望克服我们可以修改的时间和记录的限制 - 目前,只允许 PTR 并且我们必须提交电子邮件。
示例:ISP 的名称服务器解析 200.0.16.0/27,由 ISP 路由到客户的站点。客户运行本地 DNS 服务器。除了 ISP 的名称服务器之外,是否可以为 200.0.16.0/27 的每个成员设置一个 RR,以便让客户更自主地管理网络?ISP 确实在 Whois 中为 IP 地址和网络名称提供 DNS RR,那么为什么不委派该区域呢?