先查询系统是否已经有docker安装包

安装docker
两种方式,如果从阿里云下载的镜像,默认是不带docker安装包的,需要安装epel-release镜像源
第一种 ,阿里云镜像

[root@control yum.repos.d]# yum install epel-release -y 
[root@control yum.repos.d]# yum install docker-io -y

第二种,官方下载的镜像

[root@control yum.repos.d]# yum install docker -y

两种方法,哪个都可以!

接下来操作部分
启动doker并加入到开机启动

[root@control yum.repos.d]# systemctl start docker
[root@control yum.repos.d]# systemctl enable docker

通过docker info查看简信息

[root@control yum.repos.d]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.13.1
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Init Binary: /usr/libexec/docker/docker-init-current
containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 8891bca22c049cd2dcf13ba2438c0bac8d7f3343 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b44866

配置docker加速器
容器镜像服务 (aliyun.com)

[root@control docker]# /etc/docker
[root@control docker]# ls
certs.d  daemon.json  key.json  seccomp.json
[root@control docker]# vi daemon.json
先把原来的{}删除, 加入以下内容。  
{
  "registry-mirrors": ["https://zg11lmao.mirror.aliyuncs.com"]
}

下载时间明显缩短

[root@control docker]# time docker run centos
Unable to find image 'centos:latest' locally
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for docker.io/centos:latest

real    0m39.473s
user    0m0.028s
sys     0m0.108s

实验 2 运行镜像

[root@control docker]# docker -h
Flag shorthand -h has been deprecated, please use --help

Usage:  docker COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -D, --debug              Enable debug mode
      --help               Print usage
  -H, --host list          Daemon socket(s) to connect to (default [])
  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  container   Manage containers
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  volume      Manage volumes

Commands:
  attach      Attach to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

docker 拉取镜像

docker pull[选项] [仓库地址] 仓库名:标签
docker pull nginx

docker 运行镜像

docker run 等同于docker pull +docker  create + docker start
docker 常用操作

docker run -itd -v /root:/root -p 80:80 --name aaa  nginx:latest /bin/bash 运行一个最新版本的nginx 容器

docker ps    #查看运行中的容器
docker ps -a #查看所有容器
docker run -itd
           -i 在交互模式下运行
           -t tty伪终端
           -d 在后台运行
           -v 把指定的文件夹,挂载到容器内部的文件夹
           -p 把指定的端口绑给某个容器去使用
           --name 指定容器名字
 nginx:latest   nginx是指容器名称 latest是指标容器上的标签,目前是最新的,如果不加签,也会以最新的版本运行某个容器
 /bin/bash 在运行时容器内部使用/bin/bash解释器

docker start “容器名或者id” 启动容器
docker stop “容器名或者id”  停止容器
docker images 等同于docker image ls 查看容器本地所有镜像

删除容器

[root@control docker]# docker stop 1027d488b7e8
[root@control docker]# docker rm 102 

删除容器的镜像

[root@control docker]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/nginx     latest              605c77e624dd        11 months ago       141 MB
docker.io/centos    latest              5d0da3dc9764        14 months ago       231 MB
[root@control docker]#
[root@control docker]# docker rmi 605
Untagged: docker.io/nginx:latest
Untagged: docker.io/nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5
Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14
Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4
Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c
Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f

[root@control docker]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos    latest              5d0da3dc9764        14 months ago       231 MB
[root@control docker]#

一键清理dokcer 停止的容器与无用的镜像

[root@control /]# docker system prune -a
WARNING! This will remove:
        - all stopped containers
        - all volumes not used by at least one container
        - all networks not used by at least one container
        - all images without at least one container associated to them






        省级云计算比赛要在郑州奥体举行,领导说比赛的时候要进行pvlan隔离,pvlan对应是华为家的mux vlan ,于是就弄的拓扑先进行测试测了一下。


需要:

1、比赛机之间不能互相通信

2、赛机需要把视频上传到服务器

3、展示电脑需要读取服务器上web,前台展示

4、所有电脑需要连接外网

配置如下:

交换机:

vlan batch 2 to 3 5
#
vlan 5
 mux-vlan
 subordinate separate 2
 subordinate group 3
#

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 2
 port mux-vlan enable
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2
 port mux-vlan enable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 5
 port mux-vlan enable
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 5
 port mux-vlan enable
#
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 3
 port mux-vlan enable
#

路由器:

dhcp enable

interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
dhcp select interface


1、在线云盘共享网址: 音乐在线试听 .

2、手机端安装nplayer,苹果手机IOS版下载链接: 下载地址  安卓版: 下载地址

下载后,打开app

image.png

交流群二群维码:


详细操作步骤:

配置参数:

主机:106.53.231.192

帐号:admin

密码:admin    

端口:81

路径:/dav

视频教程 

下一篇跟大家说一下,怎么把你们喜欢的音乐添加进来。

    跟着上一篇文章的思路,第一点 配置隧道接入点capwap,第二点 保证路由通,第三点 保证ap知道capwap地址


image.png



拓扑图如上所示


     网络规划如下:

ac1上面

vlanif3192.168.1.1
GE0/0/1port link-type access

port default vlan 3

    路由器AR1

GE0/0/1
192.168.1.2
GE0/0/0172.16.1.1

    交换机LSW1

 GE0/0/1

port link-type access

 port default vlan 2

GE0/0/2

 port link-type trunk

 port trunk allow-pass vlan 2

vlanif2172.16.1.2
vlanif110.10.10.1

    按照上一篇的思路:

首先把我们的IP地址补全,在AC上面配置capwap 控制隧道接入点设置为vlanif3

capwap source interface vlanif3

第二步 让交换机下发IP地址,业务VLAN是VLAN2  ap管理地址vlan1(和AC的vlan3没有任何关系)

dhcp enable

interface Vlanif1

 ip address 10.10.10.1 255.255.255.0

 dhcp select interface

 dhcp server option 43 sub-option 2 ip-address 192.168.1.1(给ap下发ac的capwap地址)

#

interface Vlanif2

 ip address 172.16.1.2 255.255.255.0

 dhcp select interface

第三步 配置静态路由 ar1 ac1 LSW1上配置路由,让ap----ac ,ac----ap能够互相访问

LSW1

ip route-static 0.0.0.0 0.0.0.0 172.16.1.1

AR1

ip route-static 10.10.10.0 255.255.255.0 172.16.1.2

AC1

ip route-static 10.10.10.0 255.255.255.0 192.168.1.2


这个时候我们静静等待三五分钟,就可以用抓包工具来抓取数据包,可以看到

image.png

ap此时已经把capwap报文上送至AC了,这个时候我们进到AC里面,把AP的认证模式改成不认证,华为设备默认情况针对ap的认证是mac地址认证,我们改成不认证,就可以ap自动上线,并发现我们的ap

[AC6605]wlan 

[AC6605-wlan-view]ap auth-mode no-auth 


[AC6605]dis ap all 

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

nor  : normal          [1]

--------------------------------------------------------------------------------

-------------------

ID   MAC            Name           Group   IP           Type            State ST

A Uptime

--------------------------------------------------------------------------------

-------------------

0    00e0-fcc4-0350 00e0-fcc4-0350 default 10.10.10.254 AP6050DN        nor   0 

  8S

--------------------------------------------------------------------------------

-------------------

Total: 1


接下来,需要在vap模板里面把sevice-vlan 改成vlan 2即可

因为我比较懒直接采用ac内置的模板,所以我直接进入内置的默认模板default里面调了

[AC6605]wlan

[AC6605-wlan-view] vap-profile name default

[AC6605-wlan-vap-prof-default] service-vlan vlan-id 2

调完后,进到ap组里面,因为ap上线后,默认就属于default组,进到默认组里面,应用我们的vap模板

[AC6605-wlan-view]ap-group name default

AC6605-wlan-ap-group-default]vap-profile default wlan 1 radio all 

调完后,我们就可以看到ap把信号打出来了

笔记本连上后,获取的IP地址就是vlan2的IP 地址

image.png




   这篇文章既然做为一个傻瓜式教程 ,那么来咱们就来深究一下影响无线网络信号打出来因素。

第一点:capwap 称为无线隧道接入点,这个是设置我们ac上用哪个IP地址来进行和ap通信的,所以这个东西是必配的,少了它可不行。所以在我们ac上必须配置这个,不管你是基于接口的还是基于IP地址的,最终都是拿capwap接口上的IP地址来与ap进行通信。

第二点:路由 ac可以做旁挂,也可以做直连,不管是采用哪种方式,最终ap是要和ac去通信的,所以要保证ap和ac两者之间能够通信。

第三点:ap需要知道capwap的地址。ap可以通过广播方式发现ac控制器的capwap地址,也可以通过dhcp下发,也可以通过手动给ap设置capwap地址来和ac地行通信。

   如果以上三点没有什么问题,那么你的ap就可以轻松的启动起来,下面咱们来从直连ap入手来看看,下面是拓扑图:

图片上传中(0)...


    交换机上先不做任何配置,我来看看ac上面的配置

依照上方所说

第一点。先配置capwap接入点


第二点 配置和ap通够和ac互通。因为是直连的,又是用的vlan1,交换机默认放行vlan1,ac上面的接口不做配置,默认状态下也是放行的vlan1,所以我们只需要在ac里面启用dhcp功能,在接口上启动基于接口的dhcp分配功能


接口上


第三点 因为是直连ac,我们可以通过抓包软件来看一下


当我们ap获取到IP地址之后,就会发送广播报文来发现我们的ac,在ac控制器上,首先们需要把ap的认证模式改成不认证。

因为默认情况下采取mac地址认证,为了让ap快速上线,这里我们就改成不认证,让大家来更好的理解我们的ap上线


然后我们就可以通过命令来查看发现的两个ap


当我们的ap上线后,如果不下发vap模板是没有信号出来的,华为ac内置的默认vap模板,名称是default,可以直接拿过来用,默认的vap模板调用了vlan1的地址做为业务地址池。当我们的ap上线后,所有ap也都属于默认组,默认组的名称是default,

我们只需要在默认组里面调用vap模板和射频模板即,调用完我们的ap信号就出来了

[AC6005-wlan-view]ap-group name default
[AC6005-wlan-ap-group-default]vap-profile default wlan 1 radio all



[AC6005]dis cu
#
 set memory-usage threshold 0
#
ssl renegotiation-rate 1 
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
 rsa local-key-pair default
 enrollment self-signed
#
ike proposal default
 encryption-algorithm aes-256 
 dh group14 
 authentication-algorithm sha2-256 
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256 
 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
 authentication-scheme default
 authentication-scheme radius
  authentication-mode radius
 authorization-scheme default
 accounting-scheme default
 domain default
  authentication-scheme radius
  radius-server default
 domain default_admin
  authentication-scheme default
 local-user admin password irreversible-cipher $1a$ipSsS|i+,*$Lq7aB(Va:+d=ZmB]B0
kQqi1d;&Vae>1(]O=ZW3#($
 local-user admin privilege level 15
 local-user admin service-type http
#
interface Vlanif1
 ip address 192.168.1.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
 undo negotiation auto
 duplex half
#
interface GigabitEthernet0/0/8
 undo negotiation auto
 duplex half
#
interface NULL0
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
capwap source interface vlanif1
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 protocol inbound all
user-interface vty 16 20
 protocol inbound all
#
wlan
 traffic-profile name default
 security-profile name default
 security-profile name default-wds
 security-profile name default-mesh
 ssid-profile name default
 vap-profile name default
 wds-profile name default
 mesh-handover-profile name default
 mesh-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default
 wireless-access-specification
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 serial-profile name preset-enjoyor-toeap 
 ap auth-mode no-auth
 ap-group name defult
 ap-group name default
  radio 0
   vap-profile default wlan 1
  radio 1
   vap-profile default wlan 1
  radio 2
   vap-profile default wlan 1
 ap-id 0 type-id 56 ap-mac 00e0-fcef-7480 ap-sn 210235448310C00F9265
 ap-id 1 type-id 56 ap-mac 00e0-fc8c-0980 ap-sn 210235448310AD405C41
 ap-id 2 type-id 56 ap-mac 00e0-fcb8-75c0 ap-sn 210235448310BF40CF6A
 provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return