Log for
電訊台
平時講咁多廢話, 今日講返D有意義既野先. 我其實唔係Network人, 識小小, 係度分享小小, 睇下會唔會咁啱有人有需要吧.
Cisco device, 定期backup config係好事, backup越密越好, 因為Cisco當你按Enter個一下, 就已經生效, 想後悔都太遲. 呢一點我Buy Juniper, 佢係打好晒command後, 可以比你check check, 睇真D真係無問題, 先至commit, 而且錯左仲可以roll back config, 唔錯.
Cisco config backup有好多方法, 有要錢既方法, 有唔使錢既方法, 有錢當然用要錢既方法好, 大把錢既人搵Vender就會有人招呼你, 所以我講我自己用D唔使錢既方法.
archive
path flash:
/on9-cisco3750G-001_
!path tftp://192.168.2.2/$h_backup
write-memory
time-period 86400
首先你睇睇你既 flash memory 有幾多空間先, 要先規劃一下:
sh flash
Directory of flash:/
3 -rwx 13012539 Apr 2 2014 06:00:08 +08:00 c3750-ipservicesk9-mz.122-55.SE8.bin
511 -rwx 564 Mar 8 2020 21:20:51 +08:00 vlan.dat
9 -rwx 3096 Mar 9 2020 15:01:28 +08:00 multiple-fs
10 -rwx 5511 Mar 9 2020 15:01:28 +08:00 private-config.text
11 -rwx 3847 Mar 9 2020 15:01:28 +08:00 config.text
32514048 bytes total (19485696 bytes free)
(19485696 bytes free) , 即係有19MB咁多, 而個Switch config係 3847 bytes, 除返開, 可以儲成 5065日, 夠晒了.
time-period 86400 , 即係每一日run一次上面既command, 86400係秒數.
如果你有tftp, 可以同時間backup埋, 就係上面個句 path tftp://192.168.2.2/$h_backup
$h 意思係, 會用你個switch既 hostname 黎做file name, 然後後面就加個 _backup 字.
但如果你有FTP Server, 可以用FTP backup, 但做法唔一樣的.
(急屎, 痾完屎先再寫)
Juniper同cisco各有so,cisco 有兩套config,玩壞左running仲有start
config.juniper load晒再commit先叫做左野,但juniper閪嘅地方係佢嘅機好易入recovery mode halt死左
又,如果有hot standby card,cisco可以拆張memory replace
係, Juniper始終都係似電腦既OS架構, 會多功能, 但易炒config, 等於要fsck一樣.
所以, 我都係喜歡Cisco既穩定性, 始終, 出左事咪又係要我做.
ip ftp username on9boy
ip ftp password 7 114D3C15081215020F
kron occurrence Daily-Backup at 7:00 recurring
policy-list Backup
!
kron policy-list Backup
cli show
cli show running-config | redirect
ftp://103.27.124.100/cisco7301.txt
呢個就係直接upload個config去部FTP Server,
先設定個FTP Username and Password, 其他你睇字面都名架啦, 唔解釋了.
但佢好嘅地方係,插usb mount左就可以backup config同倒返config落去,對比cisco 就方便啲,onsite嘅話
用FTP Server既好處係, 我會用Linux(Mr. A), 然後寫個script, 定時去個ftp 目錄內, rename呀, 搬呀, 你想點攪都得.
係各有各好既, Juniper就多功能, D command睇上黎都易明一D
但如果你要定時做野, 記得要整好你個device個clock, 整好D個時鐘, 你個Log都可以show返直實時間, 方便debug
(預設Cisco個鐘係錯尻晒的)
你可以 copy startup-config usb:config.text
ntp server
hk.pool.ntp.orgclock timezone HK +8
service timestamps log datetime localtime msec
未撚過backup,但見過做hotfix patch
Only for rich people, hehe
而Cisco既Logging buffer都比較細, 你可以根據你部機既容量黎改返大D, 我既就係
no logging console
no logging monitor
logging buffered 1024000
login on-failure log
login on-success log
如果你既Switch Port, 係要黎比人插電腦用, 唔係要黎插返switch, 你想防止D 仆街係度派IP, 影響個network上既其他人, 以下係一個唔錯既設定. (但設定左Portfast)後, 確保千寄咪插落switch度, 會looping的.
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
ip dhcp snooping limit rate 100
我剛剛16:00先起身, 食D野先, 寫住咁多.
我知我寫既野只係好普通, 但相個有比我更普通既人可能會有需要的.
i smell portfast in the air
spanning-tree portfast
spanning-tree bpduguard enable
落左呢兩件,最多下游如果有人插switch都係收佢個Port皮啫
如果你控制唔到D人插咩,都係唔好用了,怕d仆街亂插
port security violation error disable
有時雖然部野係你管config,但插野既可能係另一班人
Nien,淨係試過openstack/vsphere
頭先搞咗一輪,終於整到跨 switch 嘅 EtherChannel
Not bad and those with "channel" not a easy shit