ããéæ·ç½ç»äº¤æ¢æºçé
ç½®å½ä»¤é
ãã交æ¢æº
ãã>Enable è¿å
¥ç¹æ模å¼
ãã#Exit è¿åä¸ä¸çº§æä½æ¨¡å¼
ãã#End è¿åå°ç¹æ模å¼
ãã#write memory æcopy running-config startup-config ä¿åé
ç½®æ件
ãã#del flash:config.text å é¤é
ç½®æ件(交æ¢æºå1700ç³»åè·¯ç±å¨)
ãã#erase startup-config å é¤é
ç½®æ件(2500ç³»åè·¯ç±å¨)
ãã#del flash:vlan.dat å é¤Vlané
置信æ¯ï¼äº¤æ¢æºï¼
ãã#Configure terminal è¿å
¥å
¨å±é
置模å¼
ãã(config)# hostname switchA é
置设å¤å称为switchA
ãã(config)#banner motd & é
ç½®æ¯æ¥æç¤ºä¿¡æ¯ &为ç»æ¢ç¬¦
ãã(config)#enable secret level 1 0 star é
ç½®è¿ç¨ç»éå¯ç 为star
ãã(config)#enable secret level 15 0 star é
ç½®ç¹æå¯ç 为star
ããLevel 1为æ®éç¨æ·çº§å«ï¼å¯é为1~15ï¼15为æé«æé级å«ï¼0表示å¯ç ä¸å å¯
ãã(config)#enable services web-server å¼å¯äº¤æ¢æºWEB管çåè½
ããServices å¯é以ä¸ï¼web-server(WEB管ç)ãtelnet-server(è¿ç¨ç»é)ç
ããæ¥çä¿¡æ¯
ãã#show running-config æ¥çå½åçæçé
置信æ¯
ãã#show interface fastethernet 0/3 æ¥çF0/3端å£ä¿¡æ¯
ãã#show interface serial 1/2 æ¥çS1/2端å£ä¿¡æ¯
ãã#show interface æ¥çææ端å£ä¿¡æ¯
ãã#show ip interface brief 以ç®æ´æ¹å¼æ±æ»æ¥çææ端å£ä¿¡æ¯
ãã#show ip interface æ¥çææ端å£ä¿¡æ¯
ãã#show version æ¥ççæ¬ä¿¡æ¯
ãã#show mac-address-table æ¥ç交æ¢æºå½åMACå°å表信æ¯
ãã#show running-config æ¥çå½åçæçé
置信æ¯
ãã#show vlan æ¥çææVLANä¿¡æ¯
ãã#show vlan id 10 æ¥çæä¸VLAN (å¦VLAN10)çä¿¡æ¯
ãã#show interface fastethernet 0/1 switchport æ¥çæä¸ç«¯å£æ¨¡å¼(å¦F 0/1)
ãã#show aggregateport 1 summary æ¥çèå端å£AG1çä¿¡æ¯
ãã#show spanning-tree æ¥ççææ é
置信æ¯
ãã#show spanning-tree interface fastethernet 0/1 æ¥ç该端å£ççææ ç¶æ
ãã#show port-security æ¥ç交æ¢æºç端å£å®å
¨é
置信æ¯
ãã#show port-security address æ¥çå°åå®å
¨ç»å®é
置信æ¯
ãã#show ip access-lists listname æ¥çå为listnameçå表çé
置信æ¯
ãã#show access-lists
ãã端å£çåºæ¬é
ç½®
ãã(config)#Interface fastethernet 0/3 è¿å
¥F0/3ç端å£é
置模å¼
ãã(config)#interface range fa 0/1-2,0/5,0/7-9 è¿å
¥F0/1ãF0/2ãF0/5ãF0/7ãF0/8ãF0/9ç端å£é
置模å¼
ãã(config-if)#speed 10 é
置端å£éç为10M,å¯é10,100,auto
ãã(config-if)#duplex full é
置端å£ä¸ºå
¨å工模å¼,å¯éfull(å
¨åå·¥),half(ååå¼),auto(èªéåº)
ãã(config-if)#no shutdown å¼å¯è¯¥ç«¯å£
ãã(config-if)#switchport access vlan 10 å°è¯¥ç«¯å£åå
¥VLAN10ä¸,ç¨äºVLAN
ãã(config-if)#switchport mode trunk å°è¯¥ç«¯å£è®¾ä¸ºtrunk模å¼,ç¨äºTag vlan
ããå¯é模å¼ä¸ºaccess , trunk
ãã(config-if)#port-group 1 å°è¯¥ç«¯å£åå
¥èå端å£AG1ä¸,ç¨äºèå端å£
ããèå端å£çå建
ãã(config)# interface aggregateport 1 å建èåæ¥å£AG1
ãã(config-if)# switchport mode trunk é
置并ä¿è¯AG1为 trunk 模å¼
ãã(config)#int f0/23-24
ãã(config-if-range)#port-group 1 å°ç«¯å£ï¼ç«¯å£ç»ï¼åå
¥èå端å£AG1ä¸
ããçææ
ãã(config)#spanning-tree å¼å¯çææ åè®®
ãã(config)#spanning-tree mode stp æå®çææ ç±»å为stp
ããå¯é模å¼stp , rstp , mstp
ãã(config)#spanning-tree priority 4096 设置交æ¢æºçä¼å
级为4096 , ä¼å
级å¼å°ä¸ºé«ãä¼å
级å¯éå¼ä¸º0ï¼4096ï¼8192ï¼â¦â¦ï¼ä¸º4096çåæ°ã交æ¢æºé»è®¤å¼ä¸º32768
ããVLANçåºæ¬é
ç½®
ãã(config)#vlan 10 å建VLAN10
ãã(config-vlan)#name vlanname å½åVLAN为vlanname
ãã(config-if)#switchport access vlan 10 å°è¯¥ç«¯å£åå
¥VLAN10ä¸
ããæ端å£çæ¥å£é
置模å¼ä¸è¿è¡
ãã(config)#interface vlan 10 è¿å
¥VLAN 10çèæ端å£é
置模å¼
ãã(config-if)# ip address 192.168.1.1 255.255.255.0 为VLAN10çèæ端å£é
ç½®IPåæ©ç ï¼äºå±äº¤æ¢æºåªè½é
ç½®ä¸ä¸ªIPï¼æ¤IPæ¯ä½ä¸ºç®¡çIP使ç¨ï¼ä¾å¦ï¼ä½¿ç¨Telnetçæ¹å¼ç»å½çIPå°å
ãã(config-if)# no shutdown å¯ç¨è¯¥ç«¯å£
ãã端å£å®å
¨
ãã(config)# interface fastethernet 0/1 è¿å
¥ä¸ä¸ªç«¯å£
ãã(config-if)# switchport port-security å¼å¯è¯¥ç«¯å£çå®å
¨åè½
ãã1ï¼é
ç½®æ大è¿æ¥æ°éå¶
ãã(config-if)# switchport port-secruity maxmum 1 é
置端å£çæ大è¿æ¥æ°ä¸º1ï¼æ大è¿æ¥æ°ä¸º128
ãã(config-if)# switchport port-secruity violation shutdown
ããé
ç½®å®å
¨è¿ä¾çå¤çæ¹å¼ä¸ºshutdownï¼å¯é为protect (å½å®å
¨å°åæ°æ»¡åï¼å°æªç¥åå°å丢å¼)ãrestrict(å½è¿ä¾æ¶ï¼åéä¸ä¸ªTrapéç¥)ãshutdown(å½è¿ä¾æ¶å°ç«¯å£å
³éï¼å¹¶åéTrapéç¥ï¼å¯å¨å
¨å±æ¨¡å¼ä¸ç¨errdisable recoveryæ¥æ¢å¤)
ãã2ï¼IPåMACå°åç»å®
ãã(config-if)#switchport port-security mac-address xxxx.xxxx.xxxx ip-address 172.16.1.1
ããæ¥å£é
置模å¼ä¸é
ç½®MACå°åxxxx.xxxx.xxxxåIP172.16.1.1è¿è¡ç»å®(MACå°å注æç¨å°å)
ããä¸å±è·¯ç±åè½(é对ä¸å±äº¤æ¢æº)
ãã(config)# ip routing å¼å¯ä¸å±äº¤æ¢æºçè·¯ç±åè½
ãã(config)# interface fastethernet 0/1
ãã(config-if)# no switchport å¼å¯ç«¯å£çä¸å±è·¯ç±åè½(è¿æ ·å°±å¯ä»¥ä¸ºæä¸ç«¯å£é
ç½®IP)
ãã(config-if)# ip address 192.168.1.1 255.255.255.0
ãã(config-if)# no shutdown
ããä¸å±äº¤æ¢æºè·¯ç±åè®®
ãã(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1 é
ç½®éæè·¯ç±
ãã注:172.16.1.0 255.255.255.0 为ç®æ ç½ç»çç½ç»å·ååç½æ©ç
ãã172.16.2.1 为ä¸ä¸è·³çå°åï¼ä¹å¯ç¨æ¥å£è¡¨ç¤º,å¦ip route 172.16.1.0 255.255.255.0 serial 1/2(172.16.2.0ææ¥ç端å£)
ãã(config)# router rip å¼å¯RIPåè®®è¿ç¨
ãã(config-router)# network 172.16.1.0 ç³ææ¬è®¾å¤çç´è¿ç½æ®µä¿¡æ¯
ãã(config-router)# version 2 å¼å¯RIP V2ï¼å¯é为version 1(RIPV1)ãversion 2(RIPV2)
ãã(config-router)# no auto-summary å
³éè·¯ç±ä¿¡æ¯çèªå¨æ±æ»åè½(åªæå¨RIPV2æ¯æ)
ãã(config)# router ospf å¼å¯OSPFè·¯ç±åè®®è¿ç¨ï¼é对1762ï¼æ é使ç¨è¿ç¨IDï¼
ãã(config)# router ospf 1 å¼å¯OSPFè·¯ç±åè®®è¿ç¨ï¼é对2501ï¼éè¦å OSPFè¿ç¨IDï¼
ãã(config-router)# network 192.168.1.0 0.0.0.255 area 0
ããç³æç´è¿ç½æ®µä¿¡æ¯ï¼å¹¶åé
åºåå·(area0为骨干åºå)
ããIP ACLï¼
ãã交æ¢æºéç¨å½åç访é®æ§å¶å表ï¼åæ å(stand)åæ©å±(extended)两ç§
ãã1.æ åACL
ãã(config)#ip access-list stand listname å®ä¹å½åæ åå表ï¼å½å为listnameï¼stand为æ åå表
ãã(config-std-nacl)#deny 192.168.30.0 0.0.0.255 æç»æ¥èª192.168.30.0ç½æ®µçIPæµééè¿
ãã注ï¼denyï¼æç»éè¿ï¼å¯éï¼deny(æç»éè¿)ãpermit(å
许éè¿)
ãã192.168.30.0 0.0.0.255ï¼æºå°ååæºå°åéé
符ï¼å¯ä½¿ç¨any表示任ä½IP
ãã(config-std-nacl)#permit any
ãã(config-std-nacl)#end è¿å
ãã2.æ©å±ACL
ãã(config)#ip access-list extended listname
ããå®ä¹å½åæ©å±å表ï¼å½å为listname,extended为æ©å±
ãã(config-ext-nacl)#deny tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 eq www æç»æºå°å为192.168.30.0ç½æ®µçIP访é®ç®çå°å为192.168.10.0ç½æ®µçWWWæå¡
ãã注ï¼denyï¼æç»éè¿ï¼å¯éï¼deny(æç»éè¿)ãpermit(å
许éè¿)
ããtcp: åè®®å称ï¼åè®®å¯ä»¥æ¯udp, ipï¼eigrp, gre, icmp, igmp, igrpççã
ãã192.168.10.0 0.0.0.255ï¼æºå°ååæºå°åéé
符
ãã192.168.30.0 0.0.0.255ï¼ç®çå°ååç®çå°åéé
符
ããeqï¼æä½ç¬¦ï¼lt-å°äºï¼eq-çäºï¼gt-大äºï¼neg-ä¸çäºï¼range-å
å«ï¼
ããwwwï¼ç«¯å£å·ï¼å¯ä½¿ç¨å称æå
·ä½ç¼å·
ããå¯ä»¥ä½¿ç¨çåè®®å称ï¼æç¼å·ï¼å端å£å称ï¼æç¼å·ï¼è¯·æï¼æ¥è¯¢ã
ãã(config-ext-nacl)#permit ip any any å
许å
¶å®éè¿
ãã(config-ext-nacl)#end è¿å
ãã(config)#interface vlan 10 è¿å
¥ç«¯å£é
置模å¼
ãã(config-if)# ip access-group listname in 访é®æ§å¶å表å¨ç«¯å£ä¸inæ¹ååºç¨ï¼å¯éï¼in(å
¥æ )ãout(åºæ )
ãã(config-if)#end è¿å
ãã注ï¼é
ç½®ACLæ¶ï¼è¥åªæ³å¯¹å
¶ä¸é¨åIPè¿è¡éå¶è®¿é®æ¶ï¼å¿
é¡»é
ç½®å
许å
¶æµééè¿ï¼å¦å设å¤åªä¼å¯¹éå¶IPè¿è¡å¤çï¼ä¸ä¼å¯¹ééå¶IPè¿è¡å
许éè¿å¤çã
温馨提示:答案为网友推荐,仅供参考