The translation is temporarily closed for contributions due to maintenance, please come back later.

Translation

(itstool) path: listitem/para
English
The following example sets the maximum number of Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10:
Context English Chinese (Simplified) (zh_CN) State
Several <command>ifconfig</command> parameters are unique to bridge interfaces. This section summarizes some common uses for these parameters. The complete list of available parameters is described in <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>. 有几个<command>ifconfig</command>参数是网桥接口所特有的。本节总结了这些参数的一些常用用途。可用参数的完整列表在 <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>中描述。
private private
A private interface does not forward any traffic to any other port that is also designated as a private interface. The traffic is blocked unconditionally so no Ethernet frames will be forwarded, including <acronym>ARP</acronym> packets. If traffic needs to be selectively blocked, a firewall should be used instead. 私有接口不会转发流量到其他私有接口。流量被无条件阻止,因此不会转发任何以太网帧,包括<acronym>ARP</acronym>数据包。如果需要选择性地阻止流量,应使用防火墙。
span span
A span port transmits a copy of every Ethernet frame received by the bridge. The number of span ports configured on a bridge is unlimited, but if an interface is designated as a span port, it cannot also be used as a regular bridge port. This is most useful for snooping a bridged network passively on another host connected to one of the span ports of the bridge. For example, to send a copy of all frames out the interface named <filename>fxp4</filename>: 跨接端口传输网桥接收到的每一个以太网帧的副本。网桥上配置的跨接端口的数量是无限的,但如果一个接口被指定为跨接端口,则不能同时作为普通网桥端口使用。这对于被动地窥探桥接网络中连接到桥接端口之一的另一台主机上的桥接主机是最有用的。例如,将所有帧的副本发送到名为<filename>fxp4</filename>的接口:
<prompt>#</prompt> <userinput>ifconfig bridge0 span fxp4</userinput> <prompt>#</prompt> <userinput>ifconfig bridge0 span fxp4</userinput>
sticky sticky
If a bridge member interface is marked as sticky, dynamically learned address entries are treated as static entries in the forwarding cache. Sticky entries are never aged out of the cache or replaced, even if the address is seen on a different interface. This gives the benefit of static address entries without the need to pre-populate the forwarding table. Clients learned on a particular segment of the bridge cannot roam to another segment. 如果网桥成员接口被标记为 "粘性(sticky)",则动态学习的地址条目将被视为转发缓存中的静态条目。即使在不同的接口上看到该地址,粘性条目也不会从缓存中老化或被替换。这就带来了静态地址项的好处,而不需要预先填充转发表。在网桥的某个网段上学习的客户端不能漫游到另一个网段。
An example of using sticky addresses is to combine the bridge with <acronym>VLAN</acronym>s in order to isolate customer networks without wasting <acronym>IP</acronym> address space. Consider that <systemitem class="fqdomainname">CustomerA</systemitem> is on <literal>vlan100</literal>, <systemitem class="fqdomainname">CustomerB</systemitem> is on <literal>vlan101</literal>, and the bridge has the address <systemitem class="ipaddress">192.168.0.1</systemitem>: 使用粘性地址的一个例子是将网桥与<acronym>VLAN</acronym>结合在一起,以便在不浪费<acronym>IP</acronym>地址空间的情况下隔离客户网络。考虑<systemitem class="fqdomainname">CustomerA</systemitem>在<literal>vlan100</literal>上,<systemitem class="fqdomainname">CustomerB</systemitem>在<literal>vlan101</literal>上,而网桥的地址是<systemitem class="ipaddress">192.168.0.1</systemitem>:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput>
In this example, both clients see <systemitem class="ipaddress">192.168.0.1</systemitem> as their default gateway. Since the bridge cache is sticky, one host cannot spoof the <acronym>MAC</acronym> address of the other customer in order to intercept their traffic. 在这个例子中,两个客户机都将<systemitem class="ipaddress">192.168.0.1</systemitem>视为默认网关。由于网桥缓存是粘性的,因此一台主机不能欺骗另一台客户的<acronym>MAC</acronym>地址来拦截他们的流量。
Any communication between the <acronym>VLAN</acronym>s can be blocked using a firewall or, as seen in this example, private interfaces: 可以使用防火墙阻止<acronym>VLAN</acronym>之间的任何通信,或者如本示例所示,可以阻止专用接口:
<prompt>#</prompt> <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput> <prompt>#</prompt> <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput>
The customers are completely isolated from each other and the full <systemitem class="netmask">/24</systemitem> address range can be allocated without subnetting. 客户之间是完全隔离的,可以在没有子网的情况下分配完整的<systemitem class="netmask">/24</systemitem>地址范围。
The number of unique source <acronym>MAC</acronym> addresses behind an interface can be limited. Once the limit is reached, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed. 可以限制接口后面的唯一源<acronym>MAC</acronym>地址的数量。一旦达到限制,具有未知源地址的数据包将被丢弃,直到现有的主机缓存条目过期或被删除。
The following example sets the maximum number of Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10: 下面的示例将<systemitem class="fqdomainname">CustomerA</systemitem>在<literal>vlan100</literal>上的最大以太网设备数量设置为10:
<prompt>#</prompt> <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput> <prompt>#</prompt> <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput>
Bridge interfaces also support monitor mode, where the packets are discarded after <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> stream. This is useful for reconstructing the traffic for network taps that transmit the RX/TX signals out through two separate interfaces. For example, to read the input from four network interfaces as one stream: 网桥接口还支持监控模式,即在<citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry>处理后,数据包被丢弃,不再处理或转发。这可用于将两个或多个接口的输入复用到一个<citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry>流中。这对于通过两个独立的接口将RX/TX信号传输出去的网络分路器的流量重构非常有用。例如,将四个网络接口的输入作为一个流读取:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
<prompt>#</prompt> <userinput>tcpdump -i bridge0</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
<prompt>#</prompt> <userinput>tcpdump -i bridge0</userinput>
<acronym>SNMP</acronym> Monitoring <acronym>SNMP</acronym>监视
The bridge interface and <acronym>STP</acronym> parameters can be monitored via <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> which is included in the FreeBSD base system. The exported bridge <acronym>MIB</acronym>s conform to <acronym>IETF</acronym> standards so any <acronym>SNMP</acronym> client or monitoring package can be used to retrieve the data. 网桥接口和 <acronym>STP</acronym> 参数可以通过 FreeBSD 基本系统中包含的 <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> 来监控。导出的桥接 <acronym>MIB</acronym>符合 <acronym>IETF</acronym> 标准, 因此任何 <acronym>SNMP</acronym> 客户端或监控包都可以用来检索数据。
To enable monitoring on the bridge, uncomment this line in <filename>/etc/snmpd.config</filename> by removing the beginning <literal>#</literal> symbol: 要在网桥上启用监控,请删除<filename>/etc/snmpd.config</filename>中以<literal>#</literal>开头的行来取消对这该行注释:
begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
Other configuration settings, such as community names and access lists, may need to be modified in this file. See <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>snmp_bridge</refentrytitle><manvolnum>3</manvolnum></citerefentry> for more information. Once these edits are saved, add this line to <filename>/etc/rc.conf</filename>: 此文件中的其他设置,如社区名称和访问列表等,可能需要修改。请参阅<citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> 和 <citerefentry><refentrytitle>snmp_bridge</refentrytitle><manvolnum>3</manvolnum></citerefentry>以了解更多信息。完成修改后,在 <filename>/etc/rc.conf</filename>中添加这一行:
bsnmpd_enable="YES" bsnmpd_enable="YES"
Then, start <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry>: 然后启动 <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
<prompt>#</prompt> <userinput>service bsnmpd start</userinput> <prompt>#</prompt> <userinput>service bsnmpd start</userinput>
The following examples use the <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a bridge from a client system. The <package>net-mgmt/bsnmptools</package> port can also be used. From the <acronym>SNMP</acronym> client which is running <application>Net-SNMP</application>, add the following lines to <filename>$HOME/.snmp/snmp.conf</filename> in order to import the bridge <acronym>MIB</acronym> definitions: 以下示例使用<application>Net-SNMP</application>软件(<package>netmgmt/net-snmp</package>)从客户端系统查询网桥。也可以使用<package>net-mgmt/bsnmptools</package>。在<application>Net-SNMP</application>运行的<acronym> SNMP</acronym>客户端中,将以下行添加到<filename>$HOME/.snmp/snmp.conf</filename>以导入网桥<acronym>MIB</acronym>定义:
mibdirs +/usr/share/snmp/mibs
mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB
mibdirs +/usr/share/snmp/mibs
mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB
To monitor a single bridge using the IETF BRIDGE-MIB (RFC4188): 使用 IETF BRIDGE-MIB (RFC4188) 监视网桥:
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports
BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds
BRIDGE-MIB::dot1dStpTopChanges.0 = Counter32: 2
BRIDGE-MIB::dot1dStpDesignatedRoot.0 = Hex-STRING: 80 00 00 01 02 4B D4 50
...
BRIDGE-MIB::dot1dStpPortState.3 = INTEGER: forwarding(5)
BRIDGE-MIB::dot1dStpPortEnable.3 = INTEGER: enabled(1)
BRIDGE-MIB::dot1dStpPortPathCost.3 = INTEGER: 200000
BRIDGE-MIB::dot1dStpPortDesignatedRoot.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedCost.3 = INTEGER: 0
BRIDGE-MIB::dot1dStpPortDesignatedBridge.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedPort.3 = Hex-STRING: 03 80
BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports
BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds
BRIDGE-MIB::dot1dStpTopChanges.0 = Counter32: 2
BRIDGE-MIB::dot1dStpDesignatedRoot.0 = Hex-STRING: 80 00 00 01 02 4B D4 50
...
BRIDGE-MIB::dot1dStpPortState.3 = INTEGER: forwarding(5)
BRIDGE-MIB::dot1dStpPortEnable.3 = INTEGER: enabled(1)
BRIDGE-MIB::dot1dStpPortPathCost.3 = INTEGER: 200000
BRIDGE-MIB::dot1dStpPortDesignatedRoot.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedCost.3 = INTEGER: 0
BRIDGE-MIB::dot1dStpPortDesignatedBridge.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedPort.3 = Hex-STRING: 03 80
BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)

Loading…

The following example sets the maximum number of Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10:
下面的示例将<systemitem class="fqdomainname">CustomerA</systemitem>在<literal>vlan100</literal>上的最大以太网设备数量设置为10:
8 months ago
Browse all component changes

Glossary

English Chinese (Simplified) (zh_CN)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: listitem/para
Source string location
book.translate.xml:65535
String age
a year ago
Source string age
a year ago
Translation file
books/zh_CN/handbook.po, string 11015