GNS3でアクセスVLANの設定が不安定②

アクセスVLANの設定が不安定の件、

・ポートがリンクアップしてしばらくするとアクセスVLANの設定が消える。

・ポートを閉塞するとアクセスVLANの設定が復活する。

ということがわかった。

S32#sh int g1/1 summary

*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-----------------------------------------------------------------------------------------------------------------
* GigabitEthernet1/1 0 2 0 0 1000 3 1000 2 0
S32#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0, Gi1/2, Gi1/3, Gi2/0
Gi2/1, Gi2/2, Gi2/3
30 VLAN0030 active Gi0/1, Gi1/0
100 VLAN100 active
200 VLAN0200 active
300 VLAN0300 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

S32#sh run int g1/1
Building configuration...

Current configuration : 98 bytes
!
interface GigabitEthernet1/1
switchport access vlan 30
media-type rj45
negotiation auto
end

S32#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S32(config)#int g1/1
S32(config-if)#shutdown
S32(config-if)#
*Mar 10 14:16:18.374: %LINK-5-CHANGED: Interface GigabitEthernet1/1, changed state to administratively down
*Mar 10 14:16:19.374: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

S32(config-if)#end
S32#sh vla
*Mar 10 14:16:28.547: %SYS-5-CONFIG_I: Configured from console by console
S32#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0, Gi1/2, Gi1/3, Gi2/0
Gi2/1, Gi2/2, Gi2/3
30 VLAN0030 active Gi0/1, Gi1/0, Gi1/1
100 VLAN100 active
200 VLAN0200 active
300 VLAN0300 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

 

これは検証をする上でかなりまずい。。。 

起動するために出てくる下記メッセージが関係してるのかも?

*Mar 10 15:32:21.865: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 850: pm_vlan_set_portlist)
-Traceback= 1C492C9z F385ABz FA5581z FA5245z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196BF98z FA5266z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196D35Cz FA527Az F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 850: pm_vlan_set_portlist)
-Traceback= 1C492C9z F385ABz FA5581z FA5245z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196BF98z FA5266z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196D35Cz FA527Az F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.866: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 850: pm_vlan_set_portlist)
-Traceback= 1C492C9z F385ABz FA5581z FA5245z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.867: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196BF98z FA5266z F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:21.867: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196D35Cz FA527Az F92213z 3013F8Fz F8E160z 3013F31z F8DE46z F8DDF9z 3013F8Fz F94B40z 3013F31z F9C955z F7C69Ez FF081Az
*Mar 10 15:32:22.613: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 870: pm_vlan_test_portlist)
-Traceback= 1C492C9z F385ABz FA54E0z FA5617z F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z
*Mar 10 15:32:22.613: %PM-3-INTERNALERROR: Port Manager Internal Software Error (pm_vlan_test_portlist(vlan, pd->globalNumber): ../switch/pm/pm_vlan.c: 1777: pm_vlan_rem_port)
-Traceback= 1C492C9z F385ABz FA578Bz F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z F0BD6Bz
*Mar 10 15:32:22.613: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 860: pm_vlan_clear_portlist)
-Traceback= 1C492C9z F385ABz FA58F1z FA5665z F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z
*Mar 10 15:32:22.614: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196BF98z FA5699z F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z
*Mar 10 15:32:22.614: %PM-3-INTERNALERROR: Port Manager Internal Software Error (pm_vtpvlan_bitlist_test(&pd->operInfo.trunkVlans, vlan): ../switch/pm/pm_vlan.c: 1789: pm_vlan_rem_port)
-Traceback= 1C492C9z F385ABz FA5700z F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z F0BD6Bz
*Mar 10 15:32:22.614: %BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095
-Traceback= 1C492C9z 196C71Fz 196C008z FA56A7z F9398Bz F93AF1z 3013F8Fz F9C941z F7C69Ez FF15B7z F0AF14z F0E376z 3B0D01Cz 3B0CF6Dz F0DDABz F0C923z
*Mar 10 15:32:24.282: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet0/3 VLAN1.
*Mar 10 15:32:24.282: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet0/3 on VLAN0001. Inconsistent port type.
*Mar 10 15:34:44.854: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios_l2-adventerprisek9-m' passed code signing verification

 

GNS3でアクセスVLANの設定が不安定

GNS3でアクセスVLANが特定のインターフェースだけ入らない。

g1/0の先の設備のみ、pingが飛ばない。
show runでコンフィグを見ると入っている。

S32#sh run
Building configuration...

Current configuration : 5644 bytes
!
! Last configuration change at 14:57:10 UTC Sat Mar 9 2019
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname S32
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
vtp domain CISCO-vIOS
vtp mode transparent
!
!
!
ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 30
!
vlan 100
name VLAN100
!
vlan 200,300
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30,40,50,60,70,80,90,100
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/3
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
switchport access vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
interface GigabitEthernet2/0
media-type rj45
negotiation auto
!
interface GigabitEthernet2/1
media-type rj45
negotiation auto
!
interface GigabitEthernet2/2
media-type rj45
negotiation auto
!
interface GigabitEthernet2/3
media-type rj45
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
end

S32#

 

S32を再起動、GNSの再起動を行うも事象変わらず。
ふとshow vlanで確認するとvlan 30にg1/0が入っていない。。。

S32#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0, Gi0/3, Gi1/1, Gi1/2
Gi1/3, Gi2/0, Gi2/1, Gi2/2
Gi2/3
30 VLAN0030 active Gi0/1
100 VLAN100 active
200 VLAN0200 active
300 VLAN0300 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

 

g1/0を一度shutdownして再度vlan 30を設定するも事象変わらず。
仕方なくg1/1にvlan 30を設定したところ反映されpingも通った。

ブログにメモを残し始めたところ、再びping NG。
show vlanを見てみると、g1/0にvlanが設定されていてg1/1が消えている。

S32#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0, Gi0/3, Gi1/2, Gi1/3
Gi2/0, Gi2/1, Gi2/2, Gi2/3
30 VLAN0030 active Gi0/1, Gi1/0
100 VLAN100 active
200 VLAN0200 active
300 VLAN0300 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

 

show runにはg1/0, g1/1両方にvlan 30は設定されている。

S32#sh run
Building configuration...

Current configuration : 5671 bytes
!
! Last configuration change at 15:19:35 UTC Sat Mar 9 2019
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname S32
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
vtp domain CISCO-vIOS
vtp mode transparent
!
!
!
ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 30
!
vlan 100
name VLAN100
!
vlan 200,300
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30,40,50,60,70,80,90,100
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/3
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
switchport access vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
switchport access vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
interface GigabitEthernet2/0
media-type rj45
negotiation auto
!
interface GigabitEthernet2/1
media-type rj45
negotiation auto
!
interface GigabitEthernet2/2
media-type rj45
negotiation auto
!
interface GigabitEthernet2/3
media-type rj45
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv - Cisco Systems Confidential *
* *
* This software is provided as is without warranty for internal *
* development and testing purposes only under the terms of the Cisco *
* Early Field Trial agreement. Under no circumstances may this software *
* be used for production purposes or deployed in a production *
* environment. *
* *
* By using the software, you agree to abide by the terms and conditions *
* of the Cisco Early Field Trial Agreement as well as the terms and *
* conditions of the Cisco End User License Agreement at *
* http://www.cisco.com/go/eula *
* *
* Unauthorized use or distribution of this software is expressly *
* Prohibited. *
**************************************************************************^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
end 

 

GNS3のアクセスVLANの設定は不安定なのだろうか。。。

 

 

vIOS-L2のポート数は12まで

vIOS-L2をGNS3で動かしてみた。ポート数を24で設定。

f:id:mm2911:20190304002124p:plain

 

下記が装置に入ってポート数を確認した結果。

vIOS-L2-1#sh interfaces summary

*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-----------------------------------------------------------------------------------------------------------------
* GigabitEthernet0/0 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/1 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/2 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet1/0 0 0 0 0 0 0 0 0 0
* GigabitEthernet1/1 0 0 0 0 0 0 0 0 0

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-----------------------------------------------------------------------------------------------------------------
* GigabitEthernet1/2 0 0 0 0 0 0 0 0 0
* GigabitEthernet1/3 0 0 0 0 0 0 1000 1 0
* GigabitEthernet2/0 0 0 0 0 0 0 0 0 0
* GigabitEthernet2/1 0 0 0 0 0 0 0 0 0
* GigabitEthernet2/2 0 0 0 0 0 0 0 0 0
* GigabitEthernet2/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/0 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/1 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/2 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-----------------------------------------------------------------------------------------------------------------
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet3/3 0 0 0 0 0 0 0 0 0

 

vIOS-L2 では12ポートまでしか設定できない模様。

2019年度ISMS/PMS対応メモ①

今年もISMS/PMS対応の時期が来てしまった。

弊社ではセキュリティ担当の部署よりまず招集がかかり、

前年度の振り返りと今年度の資料の提出日程を提示される。

前年度の振り返りとしては

ISMS/PMSの認証は継続できました。

・継続できたけど細かい資料のミスが目立った。

・2019年度は注意をするようように。

といういつもどおりのものだったが、下記説明には会場のみんな苦笑いだった。

「同じミスが2017年度、2018年度で続いていることなんてないよね?」と社長から質問があり「ない」と答えましたが、後から「あった」ことがわかりました。該当部署からは2019年度は絶対に同じミスはしないと握れたので訂正はしていません。皆さんは気をつけてください。

なぜなら2017年度も「社長への報告内容と実態に齟齬があったが、該当部署と話をして社長には訂正していません」と説明をしていたから。「気をつけるのはセキュリティ担当では?」と思ったけどメンツを重んじるセキュリティ担当の確信犯という気もする。

今年度の資料の提出日程は例年通りだったが、今年度はGDPR対応が始まるということでPMSで作成をしない書類が増えてしまった。GDPR対応は、親会社から預かっている情報資産と子会社(弊社)の情報資産で扱いが違うようなのだが、親会社のセキュリティに確認すると子会社側のGDPR対応を把握していないとのこと。高飛車に現場に指示するセキュリティ担当、こんな時こそしっかりしてほしい。

GNS3の勉強用のsyslogをUbuntuで取得する①

GNS3を使ったテストをする際、各ノードのシスログが一箇所で確認ができるようシスログサーバーを立てたい。

検証用のPCはUbuntuを使用しているので、探してみたところ下記の記事を発見。

learningnetwork.cisco.com

 

手順を参考にTCP/UDPポートからのシスログメッセージを受け取れるようにする。

f:id:mm2911:20190217182545p:plain

f:id:mm2911:20190217182747p:plain

 

見様見真似でシェルスクリプトを動かしてみる。

m@PC-VN770GS1SR:~$ vi loopback_test.sh

#!/usr/bin/env bash

#----------------------------------------------------------

# Purpose:     Create loopback interface for use with gns3

# Author:      Luca Francesca

# Created:     25/08/2013

# Copyright:   (c) Luca Francesca 2013

# Licence:     GPL2

#-----------------------------------------------------------

IP=$1

MASK=$2

 

 

function usage() {

  echo -e "Usage: $0 IP MASK"

  exit 1

}

 

 

$# -eq 0 && usage

 

 

sudo ip tuntap add dev tap1 mode tap user <USER> group <GROUP>

sudo ifconfig tap1 $IP netmask $MASK up

 

コマンドは弾かれなかったけど、うまくいったのかな? 

f:id:mm2911:20190217183744p:plain

 

うまく言った場合、GNS3のCloudにtap1が追加されるみたいだけど

f:id:mm2911:20190217184902p:plain
tap1は追加されていない。。。

もう少しちゃんと調べてみよう。

 

 

参考にしたサイト

初心者が調べた。shellとは - Qiita

【初心者向け】シェルスクリプトの作り方と実行方法

 

Ubuntuでライブカメラを作ってみる

日経LinuxUbuntuを使ったライブカメラの作り方が掲載されていたので挑戦。

trendy.nikkeibp.co.jp

 

apache2のインストールまでは順調。

m@PC-VN770GS1SR:~$ sudo apt install apache2

http://localhost」にアクセスして下記が表示されることを確認。

f:id:mm2911:20190211202730p:plain

 

ffmegコマンドでWebカメラで撮影した映像をストリーミング再生できるようにする。

ffmegコマンドが実行できなかったので、下記を参考にインストール。

qiita.com

 

日経リナックスに紹介されていたコマンドを投入。

m@PC-VN770GS1SR:/var/www/html$ sudo ffmpeg -f alsa -thread_queue_size 1024 -f v412 -thread_queue_size 512 -input_format yuyv422 -video_size 800x600 -i /dev/video0 -filter_complex scale=800x600,fps=12 -c:v h264 -b:v 764k -g 24 -c:a aac -b:a 64k -flags +cgop+global_header -f hls -hls_time 2 -hls_list_size 3 -hls_allow_cache 0 -hls_segment_filename stream_%d.ts -hls_flags delete_segments out.m3u8
ffmpeg version 3.4.4-0ubuntu0.18.04.1 Copyright (c) 2000-2018 the FFmpeg developers
built with gcc 7 (Ubuntu 7.3.0-16ubuntu3)
configuration: --prefix=/usr --extra-version=0ubuntu0.18.04.1 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --enable-gpl --disable-stripping --enable-avresample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-librsvg --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-libdc1394 --enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libopencv --enable-libx264 --enable-shared
WARNING: library configuration mismatch
avcodec configuration: --prefix=/usr --extra-version=0ubuntu0.18.04.1 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --enable-gpl --disable-stripping --enable-avresample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-librsvg --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-libdc1394 --enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libopencv --enable-libx264 --enable-shared --enable-version3 --disable-doc --disable-programs --enable-libopencore_amrnb --enable-libopencore_amrwb --enable-libtesseract --enable-libvo_amrwbenc
libavutil 55. 78.100 / 55. 78.100
libavcodec 57.107.100 / 57.107.100
libavformat 57. 83.100 / 57. 83.100
libavdevice 57. 10.100 / 57. 10.100
libavfilter 6.107.100 / 6.107.100
libavresample 3. 7. 0 / 3. 7. 0
libswscale 4. 8.100 / 4. 8.100
libswresample 2. 9.100 / 2. 9.100
libpostproc 54. 7.100 / 54. 7.100
Unknown input format: 'v412'
m@PC-VN770GS1SR:/var/www/html$

 「Unknown input format: 'v412'」と表示されてしまったが、とりあえず進める。

 

Chromeでもストリーミング再生できるようする。

m@PC-VN770GS1SR:~$ sudo gedit /var/www/html/stream.html

 Webページのソースコード「stream.html」を下記のように編集。

<html>
<head>
<meta charset="utf-8">
<title>ストリーミング</title>
<script src="https://cdn.jsdelivr.net/hls.js/latest/hls.min.js"></script>
</head>
<body>
<h1>自宅の近況</h1>
<div>
<video id="live" width="640" height="480" crossOrigin="anonymous" autoplay="autoplay" controls="controls">
</div>
<script>
if (Hls.isSupported()) {
var video = document.getElementById('live');
var hls = new Hls();
hls.loadSource('./out.m3u8');
hls.attachMedia(live);

hls.on(Hls.Events.MAINFEST_PARSED, function () {  
video.play(); }); }
</script>
</body>
</html>

 

これで必要な準備は完了。「http://UbuntuのPCアドレス/stream.html」へアクセス。

f:id:mm2911:20190211204422p:plain

 

うーん、映らない。。。

 

ffmpegで「Unknown input format: 'v412'」と表示されてるのが原因なのかな?

ちょっと考えてみます。