思科网络配置案列(精选4篇)
1.思科网络配置案列 篇一
启动接口,分配IP地址:
router>
router> enable
router#
router# configure terminal
router(config)#
router(config)# interface Type Port
router(config-if)# no shutdown
router(config-if)# ip address IP-Address Subnet-Mask
router(config-if)# ^z
配置RIP路由协议:30秒更新一次
router(config)# router rip
router(config-if)# network Network-Number <--通告标准A,B,C类网-->
router(config-if)# ^z
配置IGRP路由协议:90秒更新一次
router(config)# router igrp AS-Number <-- AS-Number范围1~65535-->
router(config-if)# network Network-Number <--通告标准A,B,C类网-->
router(config-if)# ^z
配置Novell IPX路由协议:Novell RIP 60秒更新一次
router(config)# ipx routing [node address]
router(config)# ipx maximum-paths Paths <--设置负载平衡,范围1~512-->
router(config)# interface Type Port
router(config-if)# ipx network Network-Number [encapsulation encapsulation-type] [secondary] <--通告标准A,B,C类网-->
router(config-if)# ^z
配置DDR:
router(config)# dialer-list Group-Number protocol Protocol-Type permit [list ACL-Number]
router(config)# interface bri 0
router(config-if)# dialer-group Group-Number
router(config-if)# dialer map Protocol-Type Next-Hop-Address name Hostname Telphone-Number
router(config-if)# ^z
配置ISDN:
router(config)# isdn swith-type Swith-Type <--配置ISDN交换机类型,中国使用basic-net3-->
router(config-if)# ^z
配置Frame. Relay:
router(config-if)# encapsulation frame-relay [cisco | ietf ]
router(config-if)# frame-relay lmi-type [ansi | cisco | q933a ]
router(config-if)# bandwidth kilobits
router(config-if)# frame-relay invers-arp [ Protocol ] [dlci ]
<--配置静态Invers ARP表:
router(config)# frame-relay Protocol Protocol-Address DLCI [ Broadcast ] [ ietf | cisco ] [ payload-compress | packet-by-packet ]
-->
<--设置Keepalive间隔:
router(config-if)# keepalive Number
-->
<--为本地接口指定DLCI:
router(config-if)# frame-lelay local-dlci Number
-->
<--子接口配置:
router(config-if)# interface Type Port.Subininterface-Number [ multipoint | point-to-point ]
router(config-subif)# ip unnumbered Interface
router(config-subif)# frame-lelay local-dlci Number
-->
router(config-if)# ^z
配置标准ACL:
router(config)# access-list Access-List-Number [ permit | deny ] source [ source-mask ] <-- Access-List-Number 范围:1~99标准ACL;100~199扩展ACL;800~899标准IPX ACL;900~999扩展IPX ACL;1000~1099 IPX SAP ACL;600~699Apple Talk ACL-->
router(config)# interface Type Port
router(config-if)# ip access-group Access-List-Number [ in | out ]
router(config-if)# ^z
配置扩展ACL:
router(config)# access-list Access-List-Number [ permit | deny ] [ Protocol | Protocol-Number ] source source-wildcard [ Source-Port ] destination destination-wildcard [ Destination-Port ] [ established ]
router(config)# interface Type Port
router(config-if)# ip access-group Access-List-Number [ in | out ]
router(config-if)# ^z
配置命名ACL:
router(config)# ip access-list [ standard | extended ] ACL-Name
router(config [ std- | ext- ] nacl)# [ permit | deny ] [ IP-Access-List-Test-Conditions ]
router(config [ std- | ext- ] nacl)# no [ permit | deny ] [ IP-Access-List-Test-Conditions ]
router(config [ std- | ext- ] nacl)# ^z
router(config)# interface Type Port
router(config-if)# ip access-group [ACL-Name | 1~199 ] [ in | out ]
router(config-if)# ^z
配置DCE时钟:
router# show controllers Type Port <--确定DCE接口-->
router(confin-if)# clock rate 64000 <--进入DCE接口设置时钟速率-->
router(config-if)# ^z
配置PPP协议:
router(config)# username Name password Set-Password-Here <--验证方建立数据库-->
router(config)# interface Type Port
router(config-if)# encapsulation ppp <--启动PPP协议-->
router(config-if)# ppp outhentication [ chap | chap pap | pap chap | pap ] <--选择PPP认证-->
router(config-if)# ppp pap sent-username Name password Password <--发送验证信息-->
router(config-if)# ^z
PAP单向认证配置实例:
验证方:
router-server(config)# username Client password 12345 <--验证方建立数据库-->
router-server(config)# interface serial 0
router-server(config-if)# encapsulation ppp
router-server(config-if)# ppp authentication pap <--选择使用PAP实现PPP认证-->
router-server(config-if)# ^z
被验证方:
router-client(config-if)# encapsulation ppp
router-client(config-if)# ppp pap sent-username Client password 12345 <--发送验证信息-->
router-client(config-if)# ^z
PAP双向认证配置实例:
路由器 A:
routerA(config)# username B password 12345
routerA(config)# interface serial 0
routerA(config-if)# encapsulation ppp
routerA(config-if)# ppp authentication pap
routerA(config-if)# ppp pap sent-username A password 54321
routerA(config-if)# ^z
路由器 B:
routerB(config)# username A password 54321
routerB(config)# interface serial 1
routerB(config-if)# encapsulation ppp
routerB(config-if)# ppp authentication pap
routerB(config-if)# ppp pap sent-username B password 12345
routerB(config-if)# ^z
CHAP单向认证配置实例:
验证方:
router-server(config)# username router-client password 12345
router-server(config)# interface serial 0
router-server(config-if)# encapsulation ppp
router-server(config-if)# ppp authentication chap
router-server(config-if)# ^z
被验证方:
router-client(config-if)# encapsulation ppp
router-client(config-if)# ppp authentication chap
router-client(config-if)# ppp chap hostname router-client
router-client(config-if)# ppp chap password 12345
router-client(config-if)# ^z
CHAP双向认证配置实例:
路由器 A:
routerA(config)# username routerB password 12345
routerA(config)# interface serial 0
routerA(config-if)# encapsulation ppp
routerA(config-if)# ppp authentication chap
routerA(config-if)# ppp chap hostname routerA
routerA(config-if)# ppp chap password 54321
routerA(config-if)# ^z
路由器 B:
routerB(config)# username routerA password 54321
routerB(config)# interface serial 1
routerB(config-if)# encapsulation ppp
routerB(config-if)# ppp authentication chap
routerB(config-if)# ppp chap hostname routerB
routerB(config-if)# ppp chap password 12345
routerB(config-if)# ^z
Telnet使用:
routerA# terminal monitor <--可以传回在远端主机执行Debug命令的结果-->
routerA# telnet IP-Address [ Router-Name ] <--Telnet到指定的地址或名字的主机-->
routerB# [ exit | logout ] <--退出Telnet-->
routerB# ++<6>再按 <--挂起Telnet-->
routerA# show sessions <--显示当前所有Telnet的信息,包括Connect-Number -->
routerA# Connect-Number <--返回指定的Telnet连接-->
routerA# disconnect IP-Address [ Router-Name ] <--断开指定地址或名字的主机的连接-->
routerA# show user <--显示Telnet到本机的连接信息-->
routerA# clear line [ 0 | 1 | 2 | 3 | 4 ] <--断开指定Telnet到本机的连接-->
禁止任何Telnet到本机:
router(config)# line vty 0 4
router(config-line)# access-class ACL-Number
router(config)# ^z
设置主机名:
router(config)# hostname Set-Hostname
router(config)# ^z
router(config)# ^z
设置用户模式密码:
router(config)# line console 0
router(config-line)# login
router(config-line)# password Set-Password
router(config-line)# ^z
设置Telnet密码:
router(config)# line vty 0 4
router(config-line)# login
router(config-line)# password Set-Password
router(config-line)# ^z
设置特权模式密码:
router(config)# enable password Set-Password <--不加密的密码,明码
2.思科三层交换机配置总结 篇二
CISCO交换机基本配置:Console端口连接 用户模式hostname# ;
特权模式hostname(config)# ;
全局配置模式hostname(config-if)# ; 交换机口令设置:
switch>enable ;进入特权模式
switch#config terminal ;进入全局配置模式
switch(config)#hostname csico ;设置交换机的主机名 switch(config)#enable secret csico1 ;设置特权加密口令 switch(config)#enable password csico8 ;设置特权非密口令 switch(config)#line console 0 ;进入控制台口 switch(config-line)#line vty 0 4 ;进入虚拟终端 switch(config-line)#login ;虚拟终端允许登录
switch(config-line)#password csico6 ;设置虚拟终端登录口令csico6 switch#exit ;返回命令
交换机VLAN创建,删除,端口属性的设置,配置trunk端口,将某端口加入vlan中,配置VTP: switch#vlan database ;进入VLAN设置 switch(vlan)#vlan 2 ;建VLAN 2
switch(vlan)#vlan 3 name vlan3 ;建VLAN 3并命名为vlan3 switch(vlan)#no vlan 2 ;删vlan 2 switch(config)#int f0/1 ;进入端口1
switch(config)#speed ? 查看speed命令的子命令
switch(config)#speed 100 设置该端口速率为100mb/s(10/auto)switch(config)#duplex ? 查看duplex的子命令
switch(config)#duplex full 设置该端口为全双工(auto/half)
switch(config)#description TO_PC1 这是该端口描述为TO_PC1 switch(config-if)#switchport access vlan 2 ;当前端口加入vlan 2
switch(config-if)#switchport mode trunk ;设置为trunk模式(access模式)switch(config-if)#switchport trunk allowed vlan 1,2 ;设置允许的vlan switch(config-if)#switchport trunk encap dot1q ;设置vlan 中继 switch(config)#vtp domain vtpserver ;设置vtp域名相同 switch(config)#vtp password ;设置发vtp密码 switch(config)#vtp server ;设置vtp服务器模式 switch(config)#vtp client ;设置vtp客户机模式
交换机设置IP地址,默认网关,域名,域名服务器,配置和查看MAC地址表: switch(config)#interface vlan 1 ;进入vlan 1
switch(config-if)#ip address 192.168.1.1 255.255.255.0 ;设置IP地址 switch(config)#ip default-gateway 192.168.1.6 ;设置默认网关 switch(config)#ip domain-name cisco.com 设置域名
switch(config)#ip name-server 192.168.1.18 设置域名服务器
switch(config)#mac-address-table? 查看mac-address-table的子命令
switch(config)#mac-address-table aging-time 100 设置超时时间为100ms
switch(config)#mac-address-table permanent 0000.0c01.bbcc f0/3 加入永久地址在f0/3端口
switch(config)#mac-address-table restricted static 0000.0c02.bbcc f0/6 f0/7 加入静态地址目标端口f0/6源端口f0/7
switch(config)#end switch#show mac-address-table 查看整个MAC地址表
switch#clear mac-address-table restricted static 清除限制性静态地址 交换机显示命令:
switch#write ;保存配置信息
switch#show vtp ;查看vtp配置信息 switch#show run ;查看当前配置信息 switch#show vlan ;查看vlan配置信息 switch#show interface ;查看端口信息 switch#show int f0/0 ;查看指定端口信息
switch#show int f0/0 status;查看指定端口状态 switch#dir flash: ;查看闪存
Cisco路由器配置命令大全网络 2010-06-26 06:43:44 阅读657 评论0 字号:大中小 订阅.(1)模式转换命令
用户模式----特权模式,使用命令“enable”
特权模式----全局配置模式,使用命令“config t”
全局配置模式----接口模式,使用命令“interface+接口类型+接口号” 全局配置模式----线控模式,使用命令“line+接口类型+接口号” 注:
用户模式:查看初始化的信息.特权模式:查看所有信息、调试、保存配置信息
全局模式:配置所有信息、针对整个路由器或交换机的所有接口 接口模式:针对某一个接口的配置
线控模式:对路由器进行控制的接口配置(2)配置命令
show running config 显示所有的配置 show versin 显示版本号和寄存器值 shut down 关闭接口 no shutdown 打开接口
ip add +ip地址 配置IP地址
secondary+IP地址 为接口配置第二个IP地址 show interface+接口类型+接口号 查看接口管理性 show controllers interface 查看接口是否有DCE电缆 show history 查看历史记录
show terminal 查看终端记录大小
hostname+主机名 配置路由器或交换机的标识 config memory 修改保存在NVRAM中的启动配置 exec timeout 0 0 设置控制台会话超时为0 service password-encryptin 手工加密所有密码 enable password +密码 配置明文密码 ena sec +密码 配置密文密码 line vty 0 4/15 进入telnet接口 password +密码 配置telnet密码 line aux 0 进入AUX接口 password +密码 配置密码 line con 0 进入CON接口 password +密码 配置密码 bandwidth+数字 配置带宽 no ip address 删除已配置的IP地址
show startup config 查看NVRAM中的配置信息 copy run-config atartup config 保存信息到NVRAM write 保存信息到NVRAM
erase startup-config 清除NVRAM中的配置信息 show ip interface brief 查看接口的谪要信息
banner motd # +信息 + # 配置路由器或交换机的描素信息 description+信息 配置接口听描素信息 vlan database 进入VLAN数据库模式 vlan +vlan号+ 名称 创建VLAN
switchport access vlan +vlan号 为VLAN为配接口 interface vlan +vlan号 进入VLAN接口模式 ip add +ip地址 为VLAN配置管理IP地址
vtp+service/tracsparent/client 配置SW的VTP工作模式 vtp +domain+域名 配置SW的VTP域名 vtp +password +密码 配置SW的密码 switchport mode trunk 启用中继 no vlan +vlan号 删除VLAN
show spamming-tree vlan +vlan号 查看VLA怕生成树议 2.路由器配置命令
ip route+非直连网段+子网掩码+下一跳地址 配置静态/默认路由 show ip route 查看路由表
show protocols 显示出所有的被动路由协议和接口上哪些协议被设置
show ip protocols 显示了被配置在路由器上的路由选择协议,同时给出了在路由选择协议中使用 的定时器 等信息
router rip 激活RIP协议
network +直连网段 发布直连网段 interface lookback 0 激活逻辑接口
passive-interface +接口类型+接口号 配置接口为被动模式 debug ip +协议 动态查看路由更新信息 undebug all 关闭所有DEBUG信息
router eigrp +as号 激活EIGRP路由协议 network +网段+子网掩码 发布直连网段 show ip eigrp neighbors 查看邻居表 show ip eigrp topology 查看拓扑表 show ip eigrp traffic 查看发送包数量 router ospf +process-ID 激活OSPF协议
network+直连网段+area+区域号 发布直连网段 show ip ospf 显示OSPF的进程号和ROUTER-ID encapsulation+封装格式 更改封装格式
no ip admain-lookup 关闭路由器的域名查找 ip routing 在三层交换机上启用路由功能 show user 查看SW的在线用户 clear line +线路号 清除线路 3.三层交换机配置命令 配置一组二层端口 configure terminal 进入配置状态
nterface range {port-range} 进入组配置状态 配置三层端口
configure terminal 进入配置状态
interface {{fastethernet | gigabitethernet} interface-id} | {vlan vlan-id} | {port-channel port-channel-number} 进入端口配置状态 no switchport 把物理端口变成三层口
ip address ip_address subnet_mask 配置IP地址和掩码 no shutdown 激活端口 例:
Switch(config)# interface gigabitethernet0/2 Switch(config-if)# no switchport
Switch(config-if)# ip address 192.20.135.21 255.255.255.0 Switch(config-if)# no shutdown 配置VLAN
configure terminal 进入配置状态
vlan vlan-id 输入一个VLAN号, 然后进入vlan配态,可以输入一个新的VLAN号或旧的来进行修改。
name vlan-name 可选)输入一个VLAN名,如果没有配置VLAN名,缺省的名字是VLAN号前面用0填满 的4位数,如VLAN0004是VLAN4的缺省名字 mtu mtu-size(可选)改变MTU大小 例
Switch# configure terminal Switch(config)# vlan 20
Switch(config-vlan)# name test20 Switch(config-vlan)# end 或
Switch# vlan database
Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit
将端口分配给一个VLAN
configure terminal 进入配置状态
interface interface-id 进入要分配的端口 switchport mode access 定义二层口
switchport access vlan vlan-id 把端口分配给某一VLAN 例
Switch# configure terminal
Enter configuration commands, one per line.End with CNTL/Z.Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Switch#
配置VLAN trunk
configure terminal 进入配置状态
interface interface-Id 进入端口配置状态
switchport trunk encapsulation {isl | dot1q | negotiate}配置trunk封装ISL 或 802.1Q 或 自动协商 switchport mode {dynamic {auto | desirable} | trunk} 配置二层trunk模式。dynamic auto—自动协商是否成为trunk
dynamic desirable—把端口设置为trunk如果对方端口是trunk, desirable, 配置Native VLAN(802.1q)
或自动模式,trunk—设置端口为强制的trunk方式,而不理会对方端口是否为trunk switchport access vlan vlan-id 可选)指定一个缺省VLAN, 如果此端口不再是trunk switchport trunk native vlan vlan-id 指定802.1Q native VLAN号 例:
Switch# configure terminal
Enter configuration commands, one per line.End with CNTL/Z.Switch(config)# interface fastethernet0/4 Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# end
定义TRUNK允许的VLAN
configure terminal子 进入配置状态 interface interface-id 进入端口配置
switchport mode trunk 配置二层口为trunk
switchport trunk allowed vlan {add | all | except | remove} vlan-list可选)配置trunk允 许的VLAN.使用add, all, except, remove关健字
no switchport trunk allowed vlan 允许所有VLAN通过 例
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport trunk allowed vlan remove 2 Switch(config-if)# end
配置Native VLAN(802.1q)configure terminal 进入配置状态
interface interface-id 进入配置成802.1qtrunk的端口 switchport trunk native vlan vlan-Id 配置native VLAN号
no switchport trunk native vlan 端口配置命令回到缺省的状态 配置基于端口权值的负载均衡
configure terminal 进入Switch 1配置状态 vtp domain domain-name 配置VTP域
vtp mode server 将Switch 1配置成VTP server.show vtp status 验证VTP的配置 show vlan 验证VLAN
configure terminal 进入配置状态
interface fastethernet 0/1 进入F0/1端口
switchport trunk encapsulation {isl | dot1q | negotiate}配置trunk封装 switchport mode trunk 配置成trunk
show interfaces fastethernet0/1 switchport 验证VLAN配置 按以上步骤对想要负载均衡的接口进行配置 在另一个交换机上进行此配置
show vlan 当trunk已经起来,在switch2上验证已经学到相的vlan配置 configure terminal 在Switch 1上进入配置状态 interface fastethernet0/1 进入要配置的端口
spanning-tree vlan 8 port-priority 10 将端口权值10赋与VLAN 8.spanning-tree vlan 9 port-priority 10 将端口权值10赋与VLAN 9.spanning-tree vlan 10 port-priority 10 将端口权值10赋与VLAN 10.interface fastethernet0/2 进入F0/2
spanning-tree vlan 3 port-priority 10 将端口权值10赋与VLAN 3.spanning-tree vlan 4 port-priority 10 将端口权值10赋与VLAN 4 spanning-tree vlan 5 port-priority 10 将端口权值10赋与VLAN 5 spanning-tree vlan 6 port-priority 10 将端口权值10赋与VLAN 10 end 退出
show running-config 验证配置
copy running-config startup-config 保存配置 配置STP路径值的负载均衡
Trunk1走VLAN8-10,Trunk2走VLAN2-4 configure terminal 进入 Switch 1配置状态 interface fastethernet 0/1 进入F0/1
switchport trunk encapsulation {isl | dot1q | negotiate}配置封装 switchport mode trunk 配置Trunk,缺省是ISL封装 exit 退回
在F0/2口上重复2-4步骤 exit 退回
show running-config 验证配置
show vlan验证switch1 已经学到Vlan configure terminal 进入配置状态 interface fastethernet 0/1 进入F0/1
spanning-tree vlan 2 cost 30 设置Vlan2生成树路径值为30 spanning-tree vlan 3 cost 30 设置Vlan3生成树路径值为30 spanning-tree vlan 4 cost 30 设置Vlan4生成树路径值为30 end 退出
在switch1的F0/2上重复9-11步骤设置VLAN8,9,10生成树路径值为30 end 退出
show running-config 验证配置
copy running-config startup-config 保存配置 补充:CISCO命令集——路由选择协议及排障 *ip route命令
Router(config)# ip route <目录网络或子网号> [子网掩码] <下一路由器IP地址 | 从本地出口 的地址> [管理距离0~255,默认为1](注:静态地址配置)*ip default-network命令
Router(config)# ip default-network <目标网络号>
(注:配合路由协使用,用其中的一个动态路由号作默认路由配置)
Router(config)# ip route 0.0.0.0 0.0.0.0 <下一路由器IP地址 | 从本地出口的地址>(注:只有一个公网地址时,在出口路由器上的配置)*内部路由选择协议
*使用router和network命令
Router(config)# router <路由协议rip | igrp | eigrp | ospf | is-is等> [自主系统号] Router(config-router)# network <直接相连的要用此路由协议的网络号> Router(config-router)# network <直接相连的要用此路由协议的网络号> *路由信息协议RIP
Router(config)# router rip Router(config-router)# network <直接相连的要用rip协议的有类别网络号> Router# show ip protocols Router# show ip route Router# debug ip rip
*内部网关路由协议IGRP
Router(config)# router igrp <自主系统号>
Router(config-router)# network <直接相连的要用igrp协议的有类别网络号> Router# show ip interface Router# show ip protocols Router# show ip route Router# debug ip rip *排除网络故障
排除网络故障的一个总体模型
Router# ping <有故障的主机 | 有故障的IP地址> Router# show ip route
Router# show interface <有故障的接口> Router# show run *IP的故故障排除 检查可用的路由
Router# show ip route <有故障的IP地址> 27.4.4 跟踪路由(Tracing the Route)
SUN-A> traceroute <有故障的主机 | 有故障的IP地址> C:/windows/> winipcfg C:/windows/> ipconfig C:/windows/> ipconfig / all
C:/windows/> tracert <有故障的主机 | 有故障的IP地址> 使用扩展的ping来跟踪连接性 Router# ping
*其它可能的故障
一个地址解析(ARP)的故障 Router# show arp
Router# show interface <有故障的接口> C:/windows/> arp-a SUN-A> arp –a
验证终端系统的路由表 C:/windows/> netstat –rn
C:/windows/> route –f add 0.0.0.0 mask 0.0.0.0 <需要添加入的网关地址> C:/windows/> route [–f ] [[print | add | delete | change] [destination] [mask netmask] [gateway]]
C:/windows/> route add mask <网络掩码> <网关ip地址> C:/windows/> route delete mask <网络掩码> <网关ip地址> C:/windows/> nbtstat <相应的参数> SUN-A> netstat-rn路由器
CISCO交换机配置命令大全2009-08-13 21:131.在基于IOS的交换机上设置主机名/系统名: switch(config)# hostname hostname
在基于CLI的交换机上设置主机名/系统名: switch(enable)set system name name-string 2.在基于IOS的交换机上设置登录口令:
switch(config)# enable password level 1 password 在基于CLI的交换机上设置登录口令: switch(enable)set password switch(enable)set enalbepass
3.在基于IOS的交换机上设置远程访问: switch(config)# interface vlan 1
switch(config-if)# ip address ip-address netmask switch(config-if)# ip default-gateway ip-address 在基于CLI的交换机上设置远程访问:
switch(enable)set interface sc0 ip-address netmask broadcast-address switch(enable)set interface sc0 vlan
switch(enable)set ip route default gateway
4.在基于IOS的交换机上启用和浏览CDP信息: switch(config-if)# cdp enable switch(config-if)# no cdp enable
为了查看Cisco邻接设备的CDP通告信息: switch# show cdp interface [type modle/port]
switch# show cdp neighbors [type module/port] [detail] 在基于CLI的交换机上启用和浏览CDP信息: switch(enable)set cdp {enable|disable} module/port 为了查看Cisco邻接设备的CDP通告信息:
switch(enable)show cdp neighbors[module/port] [vlan|duplex|capabilities|detail] 5.基于IOS的交换机的端口描述:
switch(config-if)# description description-string 基于CLI的交换机的端口描述:
switch(enable)set port name module/number description-string 6.在基于IOS的交换机上设置端口速度: switch(config-if)# speed{10|100|auto} 在基于CLI的交换机上设置端口速度:
switch(enable)set port speed moudle/number {10|100|auto} switch(enable)set port speed moudle/number {4|16|auto} 7.在基于IOS的交换机上设置以太网的链路模式: switch(config-if)# duplex {auto|full|half}
在基于CLI的交换机上设置以太网的链路模式:
switch(enable)set port duplex module/number {full|half} 8.在基于IOS的交换机上配置静态VLAN: switch# vlan database
switch(vlan)# vlan vlan-num name vla switch(vlan)# exit
switch# configure teriminal
switch(config)# interface interface module/number switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan vlan-num switch(config-if)# end
在基于CLI的交换机上配置静态VLAN: switch(enable)set vlan vlan-num [name name]
switch(enable)set vlan vlan-num mod-num/port-list 9.在基于IOS的交换机上配置VLAN中继线: switch(config)# interface interface mod/port switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk encapsulation {isl|dotlq} switch(config-if)# switchport trunk allowed vlan remove vlan-list switch(config-if)# switchport trunk allowed vlan add vlan-list 在基于CLI的交换机上配置VLAN中继线:
switch(enable)set trunk module/port [on|off|desirable|auto|nonegotiate] Vlan-range [isl|dotlq|dotl0|lane|negotiate]
10.在基于IOS的交换机上配置VTP管理域: switch# vlan database
switch(vlan)# vtp domain domain-name 在基于CLI的交换机上配置VTP管理域: switch(enable)set vtp [domain domain-name] 11.在基于IOS的交换机上配置VTP 模式: switch# vlan database
switch(vlan)# vtp domain domain-name switch(vlan)# vtp {sever|cilent|transparent} switch(vlan)# vtp password password 在基于CLI的交换机上配置VTP 模式:
switch(enable)set vtp [domain domain-name] [mode{ sever|cilent|transparent }][password password] 12.在基于IOS的交换机上配置VTP版本: switch# vlan database
switch(vlan)# vtp v2-mode
在基于CLI的交换机上配置VTP版本: switch(enable)set vtp v2 enable
13.在基于IOS的交换机上启动VTP剪裁: switch# vlan database switch(vlan)# vtp pruning
在基于CL I 的交换机上启动VTP剪裁: switch(enable)set vtp pruning enable
14.在基于IOS的交换机上配置以太信道:
switch(config-if)# port group group-number [distribution {source|destination}] 在基于CLI的交换机上配置以太信道:
switch(enable)set port channel moudle/port-range mode{on|off|desirable|auto} 15.在基于IOS的交换机上调整根路径成本:
switch(config-if)# spanning-tree [vlan vlan-list] cost cost 在基于CLI的交换机上调整根路径成本:
switch(enable)set spantree portcost moudle/port cost
switch(enable)set spantree portvlancost moudle/port [cost cost][vlan-list] 16.在基于IOS的交换机上调整端口ID:
switch(config-if)# spanning-tree[vlan vlan-list]port-priority port-priority 在基于CLI的交换机上调整端口ID:
switch(enable)set spantree portpri {mldule/port}priority
switch(enable)set spantree portvlanpri {module/port}priority [vlans] 17.在基于IOS的交换机上修改STP时钟:
switch(config)# spanning-tree [vlan vlan-list] hello-time seconds switch(config)# spanning-tree [vlan vlan-list] forward-time seconds ` switch(config)# spanning-tree [vlan vlan-list] max-age seconds 在基于CLI的交换机上修改STP时钟:
switch(enable)set spantree hello interval[vlan] switch(enable)set spantree fwddelay delay [vlan] switch(enable)set spantree maxage agingtiame[vlan]
18.在基于IOS的交换机端口上启用或禁用Port Fast 特征: switch(config-if)#spanning-tree portfast
在基于CLI的交换机端口上启用或禁用Port Fast 特征:
switch(enable)set spantree portfast {module/port}{enable|disable} 19.在基于IOS的交换机端口上启用或禁用UplinkFast 特征:
switch(config)# spanning-tree uplinkfast [max-update-rate pkts-per-second] 在基于CLI的交换机端口上启用或禁用UplinkFast 特征:
switch(enable)set spantree uplinkfast {enable|disable}[rate update-rate] [all-protocols off|on]
20.为了将交换机配置成一个集群的命令交换机,首先要给管理接口分配一个IP地址,然后使用下列命令: switch(config)# cluster enable cluster-name
21.为了从一条中继链路上删除VLAN,可使用下列命令: switch(enable)clear trunk module/port vlan-range 22.用show vtp domain 显示管理域的VTP参数.23.用show vtp statistics显示管理域的VTP参数.24.在Catalyst交换机上定义TrBRF的命令如下:
switch(enable)set vlan vlan-name [name name] type trbrf bridge bridge-num[stp {ieee|ibm}] 25.在Catalyst交换机上定义TrCRF的命令如下:
switch(enable)set vlan vlan-num [name name] type trcrf
{ring hex-ring-num|decring decimal-ring-num} parent vlan-num
26.在创建好TrBRF VLAN之后,就可以给它分配交换机端口.对于以太网交换,可以采用如下命令给VLAN分配端口:
switch(enable)set vlan vlan-num mod-num/port-num
27.命令show spantree显示一个交换机端口的STP状态.28.配置一个ELAN的LES和BUS,可以使用下列命令: ATM(config)# interface atm number.subint multioint ATM(config-subif)# lane serber-bus ethernet elan-name 29.配置LECS:
ATM(config)# lane database database-name
ATM(lane-config-databade)# name elan1-name server-atm-address les1-nsap-address ATM(lane-config-databade)# name elan2-name server-atm-address les2-nsap-address ATM(lane-config-databade)# name …
30.创建完数据库后,必须在主接口上启动LECS.命令如下: ATM(config)# interface atm number
ATM(config-if)# lane config database database-name ATM(config-if)# lane config auto-config-atm-address
31.将每个LEC配置到一个不同的ATM子接口上.命令如下: ATM(config)# interface atm number.subint multipoint ATM(config)# lane client ethernet vlan-num elan-num 32.用show lane server 显示LES的状态.33.用show lane bus显示bus的状态.34.用show lane database显示LECS数据库可内容.35.用show lane client显示LEC的状态.36.用show module显示已安装的模块列表.37.用物理接口建立与VLAN的连接: router# configure terminal
router(config)# interface media module/port router(config-if)# description description-string router(config-if)# ip address ip-addr subnet-mask router(config-if)# no shutdown
38.用中继链路来建立与VLAN的连接:
router(config)# interface module/port.subinterface
router(config-ig)# encapsulation[isl|dotlq] vlan-number router(config-if)# ip address ip-address subnet-mask 39.用LANE 来建立与VLAN的连接: router(config)# interface atm module/port router(config-if)# no ip address
router(config-if)# atm pvc 1 0 5 qsaal router(config-if)# atm pvc 2 0 16 ilni
router(config-if)# interface atm module/port.subinterface multipoint router(config-if)# ip address ip-address subnet-mask router(config-if)# lane client ethernet elan-num
router(config-if)# interface atm module/port.subinterface multipoint router(config-if)# ip address ip-address subnet-name router(config-if)# lane client ethernet elan-name router(config-if)# …
40.为了在路由处理器上进行动态路由配置,可以用下列IOS命令来进行: router(config)# ip routing
router(config)# router ip-routing-protocol
router(config-router)# network ip-network-number router(config-router)# network ip-network-number 41.配置默认路由:
switch(enable)set ip route default gateway
42.为一个路由处理器分配VLANID,可在接口模式下使用下列命令: router(config)# interface interface number router(config-if)# mls rp vlan-id vlan-id-num 43.在路由处理器启用MLSP: router(config)# mls rp ip
44.为了把一个外置的路由处理器接口和交换机安置在同一个VTP域中: router(config)# interface interface number
router(config-if)# mls rp vtp-domain domain-name 45.查看指定的VTP域的信息:
router# show mls rp vtp-domain vtp domain name
46.要确定RSM或路由器上的管理接口,可以在接口模式下输入下列命令: router(config-if)#mls rp management-interface 47.要检验MLS-RP的配置情况: router# show mls rp
48.检验特定接口上的MLS配置:
router# show mls rp interface interface number
49.为了在MLS-SE上设置流掩码而又不想在任一个路由处理器接口上设置访问列表: set mls flow [destination|destination-source|full]
50.为使MLS和输入访问列表可以兼容,可以在全局模式下使用下列命令: router(config)# mls rp ip input-acl
51.当某个交换机的第3层交换失效时,可在交换机的特权模式下输入下列命令: switch(enable)set mls enable
52.若想改变老化时间的值,可在特权模式下输入以下命令: switch(enable)set mls agingtime agingtime 53.设置快速老化:
switch(enable)set mls agingtime fast fastagingtime pkt_threshold
54.确定那些MLS-RP和MLS-SE参与了MLS,可先显示交换机引用列表中的内容再确定: switch(enable)show mls include 55.显示MLS高速缓存记录: switch(enable)show mls entry
56.用命令show in arp显示ARP高速缓存区的内容。
57.要把路由器配置为HSRP备份组的成员,可以在接口配置模式下使用下面的命令: router(config-if)# standby group-number ip ip-address 58.为了使一个路由器重新恢复转发路由器的角色,在接口配置模式下: router(config-if)# standy group-number preempt 59.访问时间和保持时间参数是可配置的:
router(config-if)# standy group-number timers hellotime holdtime 60.配置HSRP跟踪:
router(config-if)# standy group-number track type-number interface-priority 61.要显示HSRP路由器的状态:
router# show standby type-number group brief 62.用命令show ip igmp确定当选的查询器。63.启动IP组播路由选择:
router(config)# ip muticast-routing 64.启动接口上的PIM:
dalllasr1>(config-if)# ip pim {dense-mode|sparse-mode|sparse-dense-mode} 65.启动稀疏-稠密模式下的PIM: router# ip multicast-routing router# interface type number router# ip pim sparse-dense-mode 66.核实PIM的配置:
dallasr1># show ip pim interface[type number] [count] 67.显示PIM邻居:
dallasr1># show ip neighbor type number 68.为了配置RP的地址,命令如下:
dallasr1># ip pim rp-address ip-address [group-access-list-number][override] 69.选择一个默认的RP: dallasr1># ip pim rp-address
通告RP和它所服务的组范围:
dallasr1># ip pim send-rp-announce type number scope ttl group-list access-list-number 为管理范围组通告RP的地址:
dallasr1># ip pim send-rp-announce ethernet0 scope 16 group-list1 dallasr1># access-list 1 permit 266.0.0.0 0.255.255.255 设定一个RP映像代理:
dallasr1># ip pim send-rp-discovery scope ttl 核实组到RP的映像:
dallasr1># show ip pim rp mapping
dallasr1># show ip pim rp [group-name|group-address] [mapping]
70.在路由器接口上用命令ip multicast ttl-threshold ttl-value设定TTL阀值: dallasr1>(config-if)# ip multicast ttl-threshold ttl-value 71.用show ip pim neighbor显示PIM邻居表。72.显示组播通信路由表中的各条记录:
dallasr1>show ip mroute [group-name|group-address][scoure][summary][count][active kbps] 73.要记录一个路由器接受和发送的全部IP组播包: dallasr1> #debug ip mpacket [detail] [access-list][group] 74.要在CISCO路由器上配置CGMP: dallasr1>(config-if)# ip cgmp
75.配置一个组播路由器,使之加入某一个特定的组播组: dallasr1>(config-if)# ip igmp join-group group-address 76.关闭 CGMP:
dallasr1>(config-if)# no ip cgmp 77.启动交换机上的CGMP: dallasr1>(enable)set cgmp enable 78.核实Catalyst交换机上CGMP的配置情况: catalystla1>(enable)show config set prompt catalystla1>
set interface sc0 192.168.1.1 255.255.255.0 set cgmp enable
79.CGMP离开的设置:
Dallas_SW(enable)set cgmp leave
80.在Cisco设备上修改控制端口密码: R1(config)# line console 0 R1(config-line)# login
R1(config-line)# password Lisbon R1(config)# enable password Lilbao R1(config)# login local
R1(config)# username student password cisco
81.在Cisco设备上设置控制台及vty端口的会话超时: R1(config)# line console 0
R1(config-line)# exec-timeout 5 10 R1(config)# line vty 0 4
R1(config-line)# exec-timeout 5 2 82.在Cisco设备上设定特权级:
R1(config)# privilege configure level 3 username R1(config)# privilege configure level 3 copy run start R1(config)# privilege configure level 3 ping R1(config)# privilege configure level 3 show run R1(config)# enable secret level 3 cisco
83.使用命令privilege 可定义在该特权级下使用的命令: router(config)# privilege mode level level command 84.设定用户特权级:
router(config)# enable secret level 3 dallas router(config)# enable secret san-fran
router(config)# username student password cisco 85.标志设置与显示:
R1(config)# banner motd ‘unauthorized access will be prosecuted!’ 86.设置vty访问:
R1(config)# access-list 1 permit 192.168.2.5 R1(config)# line vty 0 4
R1(config)# access-class 1 in 87.配置HTTP访问:
Router3(config)# access-list 1 permit 192.168.10.7 Router3(config)# ip http sever
Router3(config)# ip http access-class 1
Router3(config)# ip http authentication local
Router3(config)# username student password cisco 88.要启用HTTP访问,请键入以下命令: switch(config)# ip http sever
89.在基于set命令的交换机上用setCL1启动和核实端口安全:
switch(enable)set port security mod_num/port_num…enable mac address switch(enable)show port mod_num/port_num
在基于CiscoIOS命令的交换机上启动和核实端口安全:
switch(config-if)# port secure [mac-mac-count maximum-MAC-count] switch# show mac-address-table security [type module/port] 90.用命令access-list在标准通信量过滤表中创建一条记录:
Router(config)# access-list access-list-number {permit|deny} source-address [source-address] 91.用命令access-list在扩展通信量过滤表中创建一条记录:
Router(config)# access-list access-list-number {permit|deny{protocol|protocol-keyword}}{source source-wildcard|any}{destination destination-wildcard|any}[protocol-specific options][log] 92.对于带内路由更新,配置路由更新的最基本的命令格式是:
R1(config-router)#distribute-list access-list-number|name in [type number] 93.对于带外路由更新,配置路由更新的最基本的命令格式是:
R1(config-router)#distribute-list access-list-number|name out [interface-name] routing-process| autonomous-system-number
94.set snmp命令选项:
set snmp community {read-only|ready-write|read-write-all}[community_string] 95.set snmp trap 命令格式如下: set snmp trap {enable|disable}
[all|moudle|classis|bridge|repeater| auth|vtp|ippermit|vmps|config|entity|stpx] set snmp trap rvcr_addr rcvr_community 96.启用SNMP chassis 陷阱:
Console>(enable)set snmp trap enable chassis 97.启用所有SNMP chassis 陷阱: Console>(enable)set snmp trap enable 98.禁用SNMP chassis 陷阱:
Console>(enable)set snmp trap disable chassis 99.给SNMP陷阱接收表加一条记录:
Console>(enable)set snmp trap 192.122.173.42 public 100.show snmp 输出结果。
101.命令set snmp rmon enable 的输出结果。102.显示SPAN信息: Consile> show span 一些华为路由器命令: 删除设备配置
reset saved-configuration 重启 reboot
看当前配置文件
display current-configuration 改设备名 sysname 保存配置 save
进入特权模式 sysview
华为只有2层模式 不像cisco enale之后还要conf t 定义acl
acl nubmere XXXX(3000以上)进入以后
rule permit/deny IP/TCP/UDP等 source XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX(反向)destination XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX(反向)eq 注意 华为默认没有deny any any 防火墙上端口加载ACL
[Quidway-Ethernet0/0]firewall packet-filter 3000 inbound 防火墙上新增加用户 local-user XXX(用户名)password simple XXX(密码)local-user XXX service-type ppp 删除某条命令
undo(类似与cisco的no)静态路由
ip route-static 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 对vpdn用户设置acl的接口 inte***ce Virtual-Template1 查看路由表
display ip routing-table 设定telnet密码
user-inte***ce vty 0 4 user privilege level 3
set authentication password simple XXX 启动/关闭 启动 un shut 关闭 shut 动态nat设置 acl number 3000
rule 0 permit ip source XXX.XXX.XXX.XXX rule 1 permit ip source XXX.XXX.XXX.XXX rule 2 permit ip source XXX.XXX.XXX.XXX inte***ce Ethernet1/0
des cription ====To-Internet(WAN)====
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX nat outbound 3000 ipsec policy policy1
利用acl来做 符合acl的IP地址可以出去(注意 此处的ACL隐含了deny any any)不符合的IP地址不可以出去 创建vlan
[shzb-crsw-s6506-1]vlan 100 华为vlan不支持name 将port放入vlan
创建了vlan后 进入vlan模式
[shzb-crsw-s6506-1-vlan100]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/8 表示从G1/0/1 到1/0/8放入VLAN 100 创建trunk
inte***ce GigabitEthernet1/0/1 duplex full speed 1000
* port link-type trunk
* port trunk permit vlan all port link-aggregation group 1
带*号的是创建trunk链路的语句 vlan地址指定
inte***ce Vlan-inte***ce2 des cription server
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX vrrp vrid 2 virtual-ip XXX.XXX.XXX.XXX vrrp vrid 2 priority 120 vrrp vrid 2 preempt-mode timer delay 10 其中vrrp语句指定vrrp 类似与hsrp 使用vrrp要注意的是华为不支持pvst 只能一台完全是主,一台完全是备份 在主vrrp设备上要指定 stp instance 0 root primary stp TC-protection enable stp enable
在从vrrp设备上要指定 stp instance 0 root secondary stp TC-protection enable stp enable
交换机下面绑acl
首先进入接口模式,输入qos命令
[shzb-crsw-s6506-1-GigabitEthernet1/0/1]qos 在输入如下命令
[shzb-crsw-s6506-1-qoss-GigabitEthernet1/0/1]packet-filter inbound ip-group 3000 华为交换机只能指定inbound方向 启用ospf
[shzb-crsw-s6506-1]ospf 100
[shzb-crsw-s6506-1-ospf-100]area 0
[shzb-crsw-s6506-1-ospf-100-area-0.0.0.0]network XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 配置ospf重发布
[shzb-crsw-s6506-1-ospf-100-area-0.0.0.0]quit [shzb-crsw-s6506-1-ospf-100]import-route static
建立link-group(类似与cisco的channel-group)link-aggregation group 1 mode manual 然后进入接口
port link-aggregation group 1 启用VRRP之前必须输入 vrrp ping-enable
3.思科网络配置案列 篇三
网络拓扑结构为:中心交换机采用Cisco Catalyst 4006-S3,Supervisor Engine III G引擎位于第1插槽,用于实现三层交换;1块24口1000Base-T模块位于第2插槽,用于连接网络服务器;1块6端口1000Base-X模块位于第3插槽,用于连接6台骨干交换机,一台交换机采用Cisco Catalyst 3550-24-EMI,并安装1块1000Base-X GBIC千兆模块。一台交换机采用Cisco Catalyst 3550-24-SMI,也安装1块1000Base-X GBIC千兆模块。另外四台交换机采用Cisco Catalyst 2950G-24-SMI,安装1块1000Base-T GBIC千兆模块。所有服务器划分为一个VLAN,即VLAN 50。四台Catalyst 2950G-24-SMI交换机也只划分为一个VLAN,分别为VLAN 60、VLAN 70、VLAN 80和VLAN 90。
Catalyst 3550-24-EMI划分为4个VLAN,分别为VLAN 10、VLAN 20、VLAN 30和VLAN 40。Catalyst 3550-24-SMI划分2个VLAN,分别为VLAN 60和VLAN 80,与另外两台Catalyst 2950G-24-SMI交换机分别位于同一VLAN。
实例分析
由于所有Catalyst 2950G交换机都是一个独立的VLAN,因此,必须先在这些交换机上创建VLAN(VLAN 60~VLAN 90),并将所有端口都指定至该VLAN。然后,再在Catalyst 4006交换机相应端口上分别创建VLAN。Catalyst 4006的1000Base-X端口分别与各Catalyst 2950G的1000Base-X端口连接。其中,
GigabitEthernet3/2端口连接至1号Catalyst 2950交换机(VLAN 60),GigabitEthernet3/3端口连接至2号Catalyst 2950交换机(VLAN 70),GigabitEthernet3/4端口连接至3号Catalyst 2950交换机(VLAN 80),GigabitEthernet3/5端口连接至4号Catalyst 2950交换机(VLAN 90),GigabitEthernet3/6端口连接至6号楼交换机(VLAN 80)。由于在Catalyst 3550-24-EMI上划分有4个VLAN(VLAN 10~VLAN 40),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/1端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。
同样,在Catalyst 3550-24-SMI上划分有2个VLAN(VLAN 60和VLAN 80),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/6端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。
另外,所有服务器均连接至Catalyst 4006的1000Base-T模块,并单独成为一个VLAN(VLAN 90),因此,也必须为这些交换机创建一个VLAN,并将所有端口指定至该VLAN。需要注意的是,考虑到网络管理的需要,也可以剩余几个RJ-45端口 (如21至24端口)不指定至任何VLAN,从而便于连接网络管理设备。默认状态下,所有端口都属于VLAN1,而且也只有在VLAN1中才能实现对网络中所有设备的管理。
配置清单
●Cisco Catalyst 4006交换机配置清单
Current configuration : 5594 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname hsnc
!
boot system bootflash:cat4000-is-mz.121-8a.EW1.bin
no logging console
enable secret level 1 5 $1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/
!
ip subnet-zero
!
!
!
interface GigabitEthernet1/1
no snmp trap link-status
!--不为Supervisor Engine III G引擎中的1000Base-X插槽指定VLAN
interface GigabitEthernet1/2
no snmp trap link-status
!
!
interface GigabitEthernet2/1
switchport access vlan 50
no snmp trap link-status
!--将端口GigabitEthernet2/1指定至VLAN 50
!
interface GigabitEthernet2/2
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/3
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/4
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/5
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/6
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/7
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/8
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/9
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/10
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/11
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/12
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/13
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/14
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/15
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/16
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/17
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/18
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/19
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/20
switchport access vlan 50
no snmp trap link-status
!--不将GigabitEthernet2/20~24指定至任何VLAN
!interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--确保未被授权的VLAN通过该Trunk,实现VLAN的访问安全
switchport mode trunk
!--将该端口设置为Trunk
description netcenter
no snmp trap link-status
!
interface GigabitEthernet3/2
switchport access vlan 60
no snmp trap link-status
!--将端口GigabitEthernet3/2指定至VLAN 60
!
interface GigabitEthernet3/3
switchport access vlan 70
no snmp trap link-status
!--将端口GigabitEthernet3/3指定至VLAN 70
!
interface GigabitEthernet3/4
switchport access vlan 80
no snmp trap link-status
!--将端口GigabitEthernet3/4指定至VLAN 80
!
interface GigabitEthernet3/5
switchport access vlan 90
no snmp trap link-status
!--将端口GigabitEthernet3/5指定至VLAN 90
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--从而确保未被授权的VLAN通过该Trunk,实现VLAN访问安全
switchport mode trunk
!--将该端口设置为Trunk
description netcenter
no snmp trap link-status
!
interface Vlan1
description netmanger
no ip address
!
!--对VLAN1进行描述
interface Vlan10
description network center
no ip address
!--对VLAN2进行描述
!
interface Vlan20
description computer center
no ip address
!
interface Vlan30
description network lab
no ip address
!
interface Vlan40
description huaxuelou
no ip address
!
interface Vlan50
description wulilou
no ip address
!
interface Vlan60
description shengwulou
no ip address
!interface Vlan70
description zhongwenxi
no ip address
!
interface Vlan80
description tushuguan
no ip address
!
!
line con 0
stopbits 1
line vty 0 4
password aaa
login
!
end ●Cisco Catalyst 3550-EMI配置清单
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!--将端口FastEthernet0/1指定至VLAN 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 30
no ip address
!--将端口FastEthernet0/6指定至VLAN 30
!
interface FastEthernet0/12
switchport access vlan 30
no ip address
!
interface FastEthernet0/13
switchport access vlan 30
no ip address
!
interface FastEthernet0/14
switchport access vlan 30
no ip address
!
nterface FastEthernet0/15
switchport access vlan 30
no ip address
!
interface FastEthernet0/16
switchport access vlan 30
no ip address
!
interface FastEthernet0/17
switchport access vlan 30
no ip address
!
interface FastEthernet0/18
switchport access vlan 30
no ip address
!
interface FastEthernet0/19
switchport access vlan 40
ip address
!--将端口FastEthernet0/6指定至VLAN 40
!interface FastEthernet0/20
witchport access vlan 40
no ip address
!
interface FastEthernet0/21
switchport access vlan 40
no ip address
!
interface FastEthernet0/22
switchport access vlan 30
no ip address
!
interface FastEthernet0/23
switchport access vlan 40
no ip address
!
interface FastEthernet0/24
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
itchport mode trunk
!--将该端口设置为Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.12 255.255.255.0
!--LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end ●Cisco Catalyst 3550-SMI配置清单
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 60
!--将端口FastEthernet0/1指定至VLAN 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!
interface FastEthernet0/12
switchport access vlan 80
no ip address
!
interface FastEthernet0/13
switchport access vlan 80
no ip address
!
interface FastEthernet0/14
switchport access vlan 80
no ip address
!
interface FastEthernet0/15
switchport access vlan 80
no ip address
interface FastEthernet0/16
switchport access vlan 80
no ip address
!
interface FastEthernet0/17
switchport access vlan 80
no ip address
!
interface FastEthernet0/18
switchport access vlan 80
no ip address
!
interface FastEthernet0/19
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!interface FastEthernet0/20
switchport access vlan 80
no ip address
!
interface FastEthernet0/21
switchport access vlan 80
no ip address
!
interface FastEthernet0/22
switchport access vlan 80
no ip address
!
interface FastEthernet0/23
switchport access vlan 80
no ip address
!
interface FastEthernet0/24
switchport access vlan 80
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
switchport mode trunk
!--从将该端口设置为Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.13 255.255.255.0
!--为LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end ●Cisco Catalyst 2950G配置清单
四台Cisco Catalyst 2950G的配置基本相同,下面仅列出VLAN 60的配置情况。
Building configuration...
Current configuration : 2143 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msl
!
enable password aaa
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 60
no ip address
!
interface FastEthernet0/7
switchport access vlan 60
no ip address
!
interface FastEthernet0/8
switchport access vlan 60
no ip address
!
interface FastEthernet0/9
switchport access vlan 60
no ip address
!
interface FastEthernet0/10
switchport access vlan 60
no ip address
!
interface FastEthernet0/11
switchport access vlan 60
no ip address
!interface FastEthernet0/12
switchport access vlan 60
no ip address
!
interface FastEthernet0/13
switchport access vlan 60
no ip address
!
interface FastEthernet0/14
switchport access vlan 60
no ip address
!
interface FastEthernet0/15
switchport access vlan 60
no ip address
!
interface FastEthernet0/16
switchport access vlan 60
no ip address
!
interface FastEthernet0/17
switchport access vlan 60
no ip address
!
interface FastEthernet0/18
switchport access vlan 60
no ip address
!
interface FastEthernet0/19
switchport access vlan 60
no ip address
!
interface FastEthernet0/20
switchport access vlan 60
no ip address
!
interface FastEthernet0/21
switchport access vlan 60
no ip address
!
interface FastEthernet0/22
switchport access vlan 60
no ip address
!
interface FastEthernet0/23
switchport access vlan 60
no ip address
!
interface FastEthernet0/24
switchport access vlan 60
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.10 255.255.255.0
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end 以下内容 ancy 由撰写
经典的三层网络案例分析,
改进中。。。新加很多先进技术噢!新增路由器的配置。
经典的三层网络案例分析。
目的:让不同的vlan 之间可以互相通讯。
IP规划
vlna ID ip网段 vlan网关
vlan 1 172.16.1.0/24 172.16.1.7-9
vlan 2 172.16.2.0/24 172.16.2.252-254
vlan 3 172.16.3.0/24 172.16.3.252-254
vlan 4 172.16.4.0/24 172.16.4.252-254
vlan 5 172.16.5.0/24 172.16.5.252-254
vlan 6 172.16.6.0/24 172.16.6.252-254
vlan 7 172.16.7.0/24 172.16.7.252-254
vlan 8 172.16.8.0/24 172.16.8.252-254
vlan 9 172.16.9.0/24 172.16.9.252-254 拓朴图见最后面
器配置
cisco路由器配置:
Enable
Configure terminal
Service password-encryption
Hostname cisco1721
Enable secret 654321
Enable password 123456
ip subnet-zero
ip name-server 202.96.134.133 202.96.172.218
interface fastethernet 0
ip address 61.142.221.5 255.255.255.240
speed auto
no shutdown
interface serial 0
ip unnumbered fastethernet 0
encapsulation ppp
no fair-queue
bandwidth 2048
no shutdown
exit
ip classless
ip route 0.0.0.0 0.0.0.0 serial 0
no ip http server
line con 0
line aux 0
line vty 0 4
password 12345678
login
no scheduler allocate
end 请注意NAT等是在防火墙设置的.
交换机配置
一、Catalyst 4006-s3交换机配置:
Enable
Configure terminal
service pad
service password-encryption
hostname c4006-s3
enable password 123456.
Enable secret 654321
Ip subnet-zero
Ip name-server 172.16.8.1 172.16.8.2
ip routing
Exit
Vlan database
Vtp mode server
Vtp domain centervtp
Vlan 2 name vlan2
Vlan 3 name vlan3
Vlan 4 name vlan4
Vlan 5 name vlan5
Vlan 6 name vlan6
Vlan 7 name vlan7
Vlan 8 name vlan8
Vlan 9 name vlan9
Exit
Configure terminal
Interface port-channel 1
Interface gigabitethernet 2/1
channel-group 1
Interface gigabitethernet 2/2
channel-group 1
Interface gigabitethernet 2/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/3
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchprot trunk allowed vlan all
interface gigbitethernet 2/7
switchport access vlan 9
no shutdown
interface range gigabitethernet 2/8 – 20
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast
interface gigabitethernet 3/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 3/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree vlan 1-9 root primary
spanning-tree backbonefast
interface vlan 1
ip address 172.16.1.7 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 110 preempt
interface vlan 2
ip address 172.16.2.252 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 110 preempt
interface vlan 3
ip address 172.16.3.252 255.255.255.0
no shutdown
standby 3 ip 172.16.3.254
standby 3 priority 110 preempt
interface vlan 4
ip address 172.16.4.252 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 110 preempt
interface vlan 5
ip address 172.16.5.252 255.255.255.0
no shutdown
standby 5 ip 172.16.5.254
standby 5 priority 110 preempt
interface vlan 6
ip address 172.16.6.252 255.255.255.0
no shutdown
standby 6 ip 172.16.6.254
standby 6 priority 110 preempt
interface vlan 7
ip address 172.16.7.252 255.255.255.0
no shutdown
standby 7 ip 172.16.7.254
standby 7 priority 110 preempt
interface vlan 8
ip address 172.16.8.252 255.255.255.0
no shutdown
standby 8 ip 172.16.8.254
standby 8 priority 110 preempt
interface vlan 9
ip address 172.16.9.252 255.255.255.0
no shutdown
standby 9 ip 172.16.9.254
standby 9 priority 110 preempt
exit
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.9.250
line con 0
line aux 0
line vty 0 15
password 12345678
login
end
二、Catalyst 3550-12T交换机配置:
Enable
Configure terminal
service pad
service password-encryption
hostname c3550-12t
enable password 123456
enable secret 654321
ip subnet-zero
ip name-server 172.16.8.1. 172.16.8.2
ip routing
exit
vlan database
vtp mode server
vtp domain centervtp
vlan 2 name vlan2
vlan 3 name vlan3
vlan 4 name vlan4
vlan 5 name vlan5
vlan 6 name vlan6
vlan 7 name vlan7
vlan 8 name vlan8
vlan 9 name vlan9
exit
configure terminal
interface port-channel 1
interface gigabitethernet 0/1
channel-group 1
interface gigabitethernet 0/2
channel-group 1
exit
interface gigabitethernet 0/1
switchport mode trunk
switchport encapsulation dotlq
swithchport trunk allowed vlan all
interface gigabitethernet 0/3
switchport mode trunk
switchport trunk encapsulation dotlq
swithcport trunk allowed vlan all
interface gigabitethernet 0/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/7
switchport access vlan 9
no shutdown
interface range gigabitethernet 0/8 – 10
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast
interface gigabitethernet 0/11
switchport mode trunk
switchport trunk encapsulation dotlq
swithcprot trunk allowed vlan all
interface gigabitethernet 0/12
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree vlan 1-9 root secondary
spanning-tree backbonefast
interface vlan 1
ip address 172.16.1.8 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 100 preempt
interface vlan 2
ip address 172.16.2.253 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 100 preempt
interface vlan 3
ip address 172.16.3.253 255.255.255.0
not shutdown
standby 3 ip 172.16.3.254
standby 3 priority 100 preempt
interface vlan 4
ip address 172.16.4.253 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 100 preempt
interface vlan 5
ip addess 172.16.5.253 255.255.255.0
no shutdown
standby 5 ip 172.16.5.253
standby 5 priority 100 preempt
interface vlan 6
ip address 172.16.6.253 255.255.255.0
no shutdown
standby 6 ip 172.16.6.254
standby 6 priority 100 preempt
interface vlan 7
ip address 172.16.7.253 255.255.255.0
no shutdown
standby 7 ip 172.16.7.254
standby 7 priority 100 preempt
interface vlan 8
ip address 172.16.8.253 255.255.255.0
no shutdown
standby 8 ip 172.16.8.254
standby 8 priority 100 preempt
interface vlan 9
ip address 172.16.9.253 255.255.255.0
no shutdown
standby 9 ip 172.16.9.254
standby 9 priority 100 preempt
exit
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.9.250
ip http server
line con 0
line aux 0
line vty 0 15
password 12345678
login
end
三、Catalyst 2950-24 vlan2 交换机配置:
Enable
Configure terminal
Service pad
Service password-encryption
Hostname c2950-241
Enable password 123456
Enable secret 654321
Ip subnet-zero
Interface vlan 1
Ip address 172.16.1.1 255.255.255.0
management
No shutdown
Ip default-gateway 172.16.1.9
Ip name-server 172.16.8.1 172.16.8.2
exit
Vlan database
Vtp mode client
Vtp domain centervtp
Exit
Configure terminal
Interface range fastethernet 0/1 – 20
Switchport mode access
Switchport accesss vlan 2
No shutdown
Spanning-tree portfast
Spanning-tree uplinkfast
Spanning-tree backbonefast
Interface gigabitethernet 0/1
Switchport mode trunk
Switchport trunk encapculation dotlq
Switchport trunk allowed vlan all
Spanning-tree cost 10
Interface gigabitethernet 0/2
Switchport mode trunk
Switchport trunk encapculation dotlq
Switchport trunk allowed vlan all
Spanning-tree cost 20
Exit
Line con 0
Line aux 0
Line vty 0 15
Password 12345678
Login
End
四、catalyst 2950-24 vlan 3 交换机配置:
enable
configure terminal
service pad
service password-encryption
hostname c2950-242
enable password 123456
enable secret 654321
ip subnet-zero
interface vlan 1
ip address 172.16.1.2 255.255.255.0
management
no shutdown
ip default-gateway 172.16.1.9
ip name-server 172.16.8.1 172.16.8.2
exit
vlan database
vtp domain centervtp
vtp mode client
exit
configure terminal
interface range fastethernet 0/1 – 20
switchport mode access
switchport access vlan 3
no shutdown
spanning-tree portfast
spanning-tree uplinefast
spanning-tree backbonefast
interface gigabitethernet 0/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree cost 10
interface gigabitethernet 0/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree cost 20
exit
line con 0
line aux 0
line vty 0 15
password 12345678
login
end
copy running-config startup-config
reload
4.思科网络配置案列 篇四
2960 Switch#configure terminal Switch(config)#vlan 2 Switch(config-vlan)#exit
第一步 创建vlan Switch(config)#vlan 3 Switch(config-vlan)#exit Switch(config)#interface fastEthernet 0/2 Switch(config-if)#switchport access vlan 2 Switch(config-if)#exit Switch(config)#interface fastEthernet 0/3
端口划分vlan Switch(config-if)#switchport access vlan 3 Switch(config-if)#exit Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport mode trunk
交换机跟路由器连接的端口改为trunk Switch(config-if)#exit
Router>enable
开启路由器端口 Router#configure terminal
Router(config)#interface fastEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastEthernet 0/0.1
进入子端口 Router(config-subif)# %LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up
Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.2
进入子端口 Router(config-subif)# %LINK-5-CHANGED: Interface FastEthernet0/0.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.2, changed state to up
Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-subif)#end Router#show ip route
Codes: Cstatic, IRIP, MBGP
DEIGRP external, OOSPF inter area
N1OSPF NSSA external type 2
E1OSPF external type 2, EIS-IS, L1IS-IS level-2, iacandidate default, UODR
P-periodic downloaded static route
Gateway of last resort is not set
C
192.168.1.0/24 is directly connected, FastEthernet0/0.1 C
192.168.2.0/24 is directly connected, FastEthernet0/0.2
dot1q就是802.1q,是vlan的一种封装方式。
cisco模拟器中dot1Q 2是什么意思? 答
封装为dot1q,这个是trunk的封装
【思科网络配置案列】推荐阅读:
网络贷款案列08-17
网络配置实训总结09-24
网络广告宣传,网络广告文案08-13
从网络大国到网络强国学习心得体会07-09
网络谣言论文06-24
网络与道德06-26
股票心得--网络06-28
网络调查06-28
网络贷款07-05
网络广告文案08-09