Network Introduction
As a typical enterprise network architecture, the network topology of this unit is roughly divided into three levels, and all Nortel products are used. The first level consists of ATM switches, network servers, multimedia workstations, etc. work on the backbone network, and the second level consists of a large number of Ethernet switches, providing high-density ports for the third-level desktop. And provide the actual VLAN port according to the divided VLAN (Vitual Local Area Network). The network protocol uses TCP / IP, and the IP address planning uses static IP address allocation, which is planned by the network administrator in a unified way.
statement of problem
We know that on the Internet and Intranet networks, each host must have an independent IP address when using the TCP / IP protocol, and a host with an IP address can communicate with other hosts on the network. With the vigorous promotion of network applications, network customers have exploded. Due to static IP address allocation, the troubles of IP address conflicts have come one after another. IP address conflicts have a very bad impact. First of all, network customers cannot work properly. As long as there are conflicting machines on the network and the power is turned on, the address conflict prompt will frequently appear on the client: "If an application on the network is safe Policies (such as access rights, access control, etc.) are based on IP addresses, and such illegal IP users pose a serious threat to the security of application systems.
Analyze the reasons
Sometimes problems can not be found in time. Only when conflicting network customers are turned on at the same time, the problems can be revealed, so it is quite hidden. There are several reasons for the analysis to cause IP address conflicts.
1. Many users do not understand TCP / IP, and do not know how to set parameters such as "IP address", "subnet mask", and "default gateway". Sometimes users do not get the information of the above parameters from the administrator, or It is the user who has unintentionally modified this information; 2. When the administrator or the user sets the parameters according to the above parameters provided by the administrator, the parameters are input incorrectly due to errors; 4. Someone steals another person's IP address.
Solution
After receiving the conflict report, we first determine the VLAN where the conflict occurred. Use the vlan definition of the IP plan and the conflicting IP address to find the network segment where the conflicting address is located. This is critical to successfully find the MAC address of the network card, because some network commands cannot be accessed across network segments.
First isolate the client from the network, and let the computer with the illegal IP address run on the Internet, and the network administrator can try to find it. The applied network test commands are ping command and arp command. Use the ping command, assuming the conflicting IP address is 10.119.40.40. In the msdos window, the command format is as follows, where the italic part is the command result.
C: \ WIDOWS \> ping 10.119.40.40
Request TImed out
Reply from 10.119.40.40: bytes = 32 TIme <1ms TTL = 128
The reason why we want to ping this machine is for two purposes. First, we need to know that the machine we are looking for is indeed on the network. Second, we need to know the MAC address of the network card of this machine, so how do we know its Where is the MAC address? This requires the use of the second command arp: the arp command can only be used in a certain VLAN, it is a low-level protocol, and can not cross routing.
C: \ WIDOWS \〉 arp -a
Interface: ...... on Inerface ......
Internet Address / Physical Address / Type
10.119.40.40/00-00-21-34-63-56/ dynamic is omitted below
The above list shows that the MAC address of the network card at the conflicting IP address 10.119.40.40 is 00-00-21-34-63-56. What we are looking for next is the specific physical location of the network card with MAC address 00-00-21-34-63-56.
It has been stated in the network introduction that each client's network card is directly connected to the second-level switch, then facing a large number of Ethernet switches, we want to find the switch port corresponding to the conflicting MAC. The device connected to the customer in this network is Bay's 303/304. This article takes 303 as an example to describe how to find the port location where a certain MAC address is located. There are many ways for Bay303's network management. The following describes the method of finding illegal MAC only in the form of a web browser.
Before searching, we must first determine the location of the switches in the VLAN, find out the IP addresses of these switches, and use the switch address to access the network management information of the switch.
* Launch the browser on the network administrator's machine
* Type the IP address of the switch
* Enter user name and password after prompting for login information
* Enter the "MAC Address Table" option
The display table is as follows:
Index / MAC address / Learned on Port / Learning Method / Filter Packets to this Address 1
00: 00: 21: 34: 63: 56
13
Dynamic
No
2
00: 00: 81: 65: c3: a0
N / A
StaTIc
No
3
00: 00: a2: f7: c3: e4
25
Dynamic
No
4
00: 00: 21: 34: 63: 56
2
Dynamic
No
The following is omitted.
At this point you can see the fourth item in the index, which is the MAC address we are looking for, and its port number is 2. According to the comprehensive wiring information, the physical location of the corresponding information point can be found, so as to locate the position of the connected microcomputer. Of course, this is an example for a specific switch. In actual work, we have to find many switches to find the MAC address we are looking for. When there are a large number of switches in the VLAN, we need to switch among these switches one by one It's a rather cumbersome thing to find until you find it.
For the case where there is a down-link switch in the port of a switch, because the switch supports multiple MAC addresses, there will be a record of the lower-level MAC in the upper-level MAC table, so first search the upper-level switch MAC table, and then find the specific location The next-level switch will greatly reduce the search range.
Management strategy
For LANs, such IP address conflicts often occur. The larger the user size, the more difficult it is to find, so network administrators must think about it. There are currently two solutions, one is to use dynamic IP address allocation (DHCP), and the other is to use static address allocation, but the management of MAC addresses must be strengthened.
The biggest advantage of using dynamic IP address allocation (DHCP) is that the configuration of the client network is very simple. Without the help and intervention of the administrator, the user can set up the network connection himself. However, because the IP address is dynamically allocated, the network administrator cannot identify the customer's identity from the IP address, and the corresponding IP layer management will be useless. Furthermore, the use of dynamic IP address allocation requires an additional DHCP server.
Using static IP address allocation can make reasonable IP address planning for various departments, and can easily track and manage on the third layer. If we strengthen the management of MAC addresses, it will also effectively solve this problem.
While network users are connected to the Internet, establish IP and MAC address information files, and implement strict management and registration systems for LAN clients from beginning to end, linking each user ’s IP address, MAC address, uplink port, physical location and user Information such as identity is recorded in the database of the network administrator. Imagine that in our case above, if we know the MAC address of the illegal user, we can search it from the administrator database. If we have a comprehensive record of the MAC address, we can immediately find the specific user information. It will save us a lot of precious time and avoid the trouble of finding a needle in a haystack. At the same time, we should avoid the use of IP addresses to restrict permissions for certain applications. If we restrict from MAC addresses, it is relatively safer, which can effectively prevent someone from stealing IP addresses.
Reverse Conducting Thyristor(RCT) is also called Reverse- appreciation Thyristor.The characteristic is that a diode is connected in reverse parallel between the anode and cathode of thyristor, so that the transmitting junction of anode and cathode is short-circuited.As a result of this special circuit structure, it has high voltage resistance, high temperature resistance, short turn-off time, low switching voltage and other good performance.For example, the turn-off time of the reverse thyristor is only a few microseconds, and the working frequency is dozens of KHZ, which is better than the fast thyristor (FSCR).This device is suitable for switching power supply and UPS uninterrupted power supply. One RCT can replace one thyristor and one continuous current diode respectively.
Reverse Conducting Thyristor(RCT)
Reverse Conducting Thyristor,Original Reverse Conducting Thyristor,New Reverse Conducting Thyristor,Reverse-Conducting Thyristor 2200V
YANGZHOU POSITIONING TECH CO., LTD. , https://www.yzpst.com