stellar-lab-kvm-pfsense-debian
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Stellar WLAN Labor auf Basis von KVM
- Firewall / Internet-GW auf 192.168.2.254
- DHCP auf 192.168.2.1
- DNS auf 192.168.2.1
- NTP auf 192.168.2.1
- OS6450 auf 192.168.2.10 sowie in allen Client-Netzwerken auf .254
OS6450 Konfiguration
Exemplarische Konfiguration auf meinem OS6450-P10.
BennyE$ ssh admin@os6450 admin's password for keyboard-interactive method: Welcome to the Alcatel-Lucent OmniSwitch 6450 Software Version 6.7.2.85.R01 Development, August 11, 2017. Copyright(c), ALE USA Inc., 2017. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent Enterprise registered in the United States Patent and Trademark Office. OS6450-P10-> show configuration snapshot ! Stack Manager : ! Chassis : system name OS6450-P10 system contact "Benny Eggerstedt" system location "Benny's Lab" system timezone CET system daylight savings time enable ! Configuration: ! VLAN : vlan 1 disable name "VLAN 1" vlan 2 enable name "192.168.2.x/24 Server" vlan 2 port default 1/8 vlan 10 enable name "192.168.10.x/24 Stellar OV" vlan 10 port default 1/1 vlan 10 port default 1/3 vlan 10 port default 1/5 vlan 10 port default 1/7 vlan 10 port default 1/11 vlan 10 port default 1/12 vlan 11 enable name "192.168.11.x/24" vlan 12 enable name "192.168.12.x/24" vlan 13 enable name "192.168.13.x/24" vlan 14 enable name "192.168.14.x/24" vlan 14 port default 1/6 vlan 14 port default 1/9 vlan 15 enable name "192.168.15.x/24 Stellar Express" ! VLAN SL: ! IP : ip service all ip interface "vlan-2" address 192.168.2.10 mask 255.255.255.0 vlan 2 ifindex 2 ip interface "vlan-10" address 192.168.10.254 mask 255.255.255.0 vlan 10 ifindex 3 ip interface "vlan-11" address 192.168.11.254 mask 255.255.255.0 vlan 11 ifindex 4 ip interface "vlan-12" address 192.168.12.254 mask 255.255.255.0 vlan 12 ifindex 5 ip interface "vlan-13" address 192.168.13.254 mask 255.255.255.0 vlan 13 ifindex 6 ip interface "vlan-14" address 192.168.14.254 mask 255.255.255.0 vlan 14 ifindex 7 ip interface "vlan-15" address 192.168.15.254 mask 255.255.255.0 vlan 15 ifindex 8 ! IPMS : ! AAA : aaa authentication default "local" user password-size min 9 user password-policy min-uppercase 1 user password-policy min-lowercase 1 user password-policy min-digit 1 user password-policy min-nonalpha 1 ! PARTM : ! 802.1x : ! QOS : ! Policy manager : ! Session manager : session timeout cli 999 session prompt default "OS6450-P10->" ! SNMP : snmp authentication trap enable snmp station 192.168.2.15 162 "snmpv3" v3 enable ! RIP : ! IPv6 : ! IP multicast : ! IPRM : ip static-route 0.0.0.0/0 gateway 192.168.2.254 metric 1 ! RIPng : ! Health monitor : ! Interface : interfaces 1/1 alias "Stellar Wireless AP1221 03:d0:60" interfaces 1/5 alias "Stellar Wireless AP1101 00:12:80" interfaces 1/7 alias "Stellar Wireless AP1221 00:1b:d0" interfaces 1/9 alias "RAP3" interfaces 1/10 alias "Uplink zu Debian KVM" ! Udld : ! Port Mapping : ! Link Aggregate : ! VLAN AGG: ! 802.1Q : vlan 11 802.1q 1/1 "TAG PORT 1/1 VLAN 11" vlan 12 802.1q 1/1 "TAG PORT 1/1 VLAN 12" vlan 11 802.1q 1/3 "TAG PORT 1/3 VLAN 11" vlan 12 802.1q 1/3 "TAG PORT 1/3 VLAN 12" vlan 11 802.1q 1/5 "TAG PORT 1/5 VLAN 11" vlan 12 802.1q 1/5 "TAG PORT 1/5 VLAN 12" vlan 11 802.1q 1/7 "TAG PORT 1/7 VLAN 11" vlan 12 802.1q 1/7 "TAG PORT 1/7 VLAN 12" vlan 11 802.1q 1/8 "TAG PORT 1/8 VLAN 11" vlan 12 802.1q 1/8 "TAG PORT 1/8 VLAN 12" vlan 2 802.1q 1/10 "TAG PORT 1/10 VLAN 2" vlan 10 802.1q 1/10 "TAG PORT 1/10 VLAN 10" vlan 11 802.1q 1/10 "TAG PORT 1/10 VLAN 11" vlan 12 802.1q 1/10 "TAG PORT 1/10 VLAN 12" vlan 13 802.1q 1/10 "TAG PORT 1/10 VLAN 13" vlan 14 802.1q 1/10 "TAG PORT 1/10 VLAN 14" vlan 15 802.1q 1/10 "TAG PORT 1/10 VLAN 15" ! Spanning tree : bridge mode 1x1 ! Bridging : ! Bridging : ! Port mirroring : sflow receiver 1 name ovAnalyticService address 192.168.2.15 udp-port 6343 packet-size 1400 version 5 timeout 0 sflow sampler 1 1/1 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/2 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/3 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/4 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/5 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/6 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/7 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/8 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/9 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/10 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/11 receiver 1 rate 128 sample-hdr-size 128 sflow sampler 1 1/12 receiver 1 rate 128 sample-hdr-size 128 ! UDP Relay : ip helper per-vlan only ip helper address 192.168.2.1 vlan 10 ip helper address 192.168.2.1 vlan 11 ip helper address 192.168.2.1 vlan 12 ip helper address 192.168.2.1 vlan 13 ip helper address 192.168.2.1 vlan 14 ip helper address 192.168.2.1 vlan 15 ! System service : ip name-server 192.168.2.1 ip domain-name home ip domain-lookup swlog console level info ! SSH : ! VRRP : ! Web : ! AMAP : ! Lan Power : lanpower stop 1/2 lanpower stop 1/4 lanpower stop 1/6 lanpower stop 1/8 ! NTP : ntp server 192.168.2.1 key 0 version 4 minpoll 6 prefer ntp client enable ! RDP : ! VLAN STACKING: ! Ethernet-OAM : ! EFM-OAM : ! SAA : ! Loopback-detection : ! ERP : ! TEST-OAM : ! PPPOE-IA : ! DHL : ! LLDP : lldp chassis tlv management port-description enable system-name enable system-description enable system-capabilities enable lldp chassis tlv management management-address enable lldp chassis tlv dot1 vlan-name enable port-vlan enable lldp chassis tlv dot3 mac-phy enable lldp chassis tlv med capability enable ! DHCP Server : ! Stack Split-Protection Helper : ! Openflow : ! DHCPv6 : ! TWAMP :
Konfiguration der Linux Bridges
Virtuelle Maschinen können so direkt an jedes Netz angebunden werden (KVM).
$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp # Interface towards ISP auto brWAN iface brWAN inet manual bridge_ports eno5 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off # Interface towards internal network - eno1 # VLAN dot1q 2, 10, 11, 12, 13, 14, 15 auto eno1.2 eno1.10 eno1.11 eno1.12 eno1.13 eno1.14 eno1.15 # Ensure that there is no IP address on the interfaces #iface eno1.1 inet manual iface eno1.2 inet manual iface eno1.10 inet manual iface eno1.11 inet manual iface eno1.12 inet manual iface eno1.13 inet manual iface eno1.14 inet manual iface eno1.15 inet manual auto brvlan2 iface brvlan2 inet static address 192.168.2.1 network 192.168.2.0 netmask 255.255.255.0 gateway 192.168.2.254 bridge_ports eno1.2 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off # Routing towards clients through OS6450 up /sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.2.10 up /sbin/route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.2.10 up /sbin/route add -net 192.168.12.0 netmask 255.255.255.0 gw 192.168.2.10 up /sbin/route add -net 192.168.13.0 netmask 255.255.255.0 gw 192.168.2.10 up /sbin/route add -net 192.168.14.0 netmask 255.255.255.0 gw 192.168.2.10 up /sbin/route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.12.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.13.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.14.0 netmask 255.255.255.0 gw 192.168.2.10 down /sbin/route delete -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.2.10 auto brvlan10 iface brvlan10 inet manual bridge_ports eno1.10 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off auto brvlan11 iface brvlan11 inet manual bridge_ports eno1.11 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off auto brvlan12 iface brvlan12 inet manual bridge_ports eno1.12 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off auto brvlan13 iface brvlan13 inet manual bridge_ports eno1.13 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off auto brvlan14 iface brvlan14 inet manual bridge_ports eno1.14 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off auto brvlan15 iface brvlan15 inet manual bridge_ports eno1.15 bridge_fd 5 bridge_hello 2 bridge_maxage 12 bridge_maxwait 0 bridge_stp off
DHCP Konfiguration (isc-dhcp-server)
Debian Stretch
$ cat /etc/dhcp/dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "home";
option domain-name-servers 192.168.2.1;
default-lease-time 6000;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
#
# Classify Stellar AP as STELLAR
#
class "STELLAR" {
match if substring (option vendor-class-identifier, 0, 4) = "HAP.";
}
#
# Create custom option 138
#
option ovwma code 138 = ip-address;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
option subnet-mask 255.255.255.0;
option routers 192.168.2.10;
option broadcast-address 192.168.2.255;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
default-lease-time 6000;
max-lease-time 72000;
# Pool for Stellar AP
pool {
allow members of "STELLAR";
range 192.168.10.10 192.168.10.20;
option ovwma 192.168.2.15;
}
pool {
range 192.168.10.21 192.168.10.50;
allow unknown-clients;
}
}
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.100 192.168.11.200;
option subnet-mask 255.255.255.0;
option routers 192.168.11.254;
option broadcast-address 192.168.11.255;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 192.168.12.0 netmask 255.255.255.0 {
range 192.168.12.100 192.168.12.200;
option subnet-mask 255.255.255.0;
option routers 192.168.12.254;
option broadcast-address 192.168.12.255;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 192.168.13.0 netmask 255.255.255.0 {
range 192.168.13.100 192.168.13.200;
option subnet-mask 255.255.255.0;
option routers 192.168.13.254;
option broadcast-address 192.168.13.255;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 192.168.14.0 netmask 255.255.255.0 {
range 192.168.14.100 192.168.14.200;
option subnet-mask 255.255.255.0;
option routers 192.168.14.254;
option broadcast-address 192.168.14.255;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 192.168.15.0 netmask 255.255.255.0 {
range 192.168.15.100 192.168.15.200;
option subnet-mask 255.255.255.0;
option routers 192.168.15.254;
option broadcast-address 192.168.15.255;
default-lease-time 6000;
max-lease-time 72000;
}
$ cat /etc/default/isc-dhcp-server # Defaults for isc-dhcp-server initscript # sourced by /etc/init.d/isc-dhcp-server # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). #DHCPD_CONF=/etc/dhcp/dhcpd.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). #DHCPD_PID=/var/run/dhcpd.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead #OPTIONS="" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". #INTERFACES="brvlan2" INTERFACESv4="brvlan2"
stellar-lab-kvm-pfsense-debian.1504452917.txt.gz · Zuletzt geändert: 2024/06/09 10:29 (Externe Bearbeitung)