| Home | Mirror | Search |
過程 9.1. Cisco Catalyst 3750 series Example
進入交換機
Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#
劃分VLAN.
Switch#VLAN database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2
VLAN 2 added:
Name: VLAN0002
Switch(vlan)#vlan 3
VLAN 3 added:
Name: VLAN0003
Switch(vlan)#
Switch(config)#interface vlan 1 Switch(config-if)#ip address 172.16.0.100 255.255.255.0 Switch(config)#exit Switch(config)#interface vlan 2 Switch(config-if)#ip address 10.10.0.1 255.255.255.0 Switch(config)#interface vlan 3 Switch(config-if)#ip address 10.10.1.254 255.255.255.0
DHCP
Switch(config)#ip dhcp pool vlan2 Switch(dhcp-config)#network 10.10.0.0 255.255.255.0 Switch(dhcp-config)#default-router 10.10.0.1 Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Switch(dhcp-config)#lease 7 Switch(dhcp-config)#exit Switch(config)#ip dhcp pool vlan3 Switch(dhcp-config)#network 10.10.1.0 255.255.255.0 Switch(dhcp-config)#default-router 10.10.1.254 Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Switch(dhcp-config)#lease 7 Switch(dhcp-config)#exit
啟用路由 vlan 路由
Switch(config)#ip routing Switch(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.254
配置介面
Switch(config)#interface GigabitEthernet1/0/2 Switch(config-if)#switchport access vlan 2 Switch(config-if)# switchport mode access Switch(config-if)# spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on GigabitEthernet1/0/2 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)# ip dhcp snooping trust Switch(config-if)#exit Switch(config)#interface GigabitEthernet1/0/3 Switch(config-if)#switchport access vlan 3 Switch(config-if)#switchport mode access Switch(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on GigabitEthernet1/0/3 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)#ip dhcp snooping trust Switch(config-if)#exit
配置訪問控制列表
Switch(config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 Switch(config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Switch(config)access-list 103 permit udp any any eq bootpc Switch(config)access-list 103 permit udp any any eq tftp Switch(config)access-list 103 permit udp any eq bootpc any Switch(config)access-list 103 permit udp any eq tftp any Switch(config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 Switch(config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255 Switch(config)access-list 104 permit udp any eq tftp any Switch(config)access-list 104 permit udp any eq bootpc any Switch(config)access-list 104 permit udp any eq bootpc any Switch(config)access-list 104 permit udp any eq tftp any
應用訪問控制列表
/*將訪問控制列表應用到VLAN 3和VLAN 4,VLAN 2不需要*/
Switch(config)Int Vlan 3 Switch(config-vlan)ip access-group 103 out Switch(config-vlan)Int Vlan 4 Switch(config-vlan)ip access-group 104 out
結束並保存配置
Switch(config)#end Switch#write memory Building configuration... [OK] Switch# 00:43:52: %SYS-5-CONFIG_I: Configured from console by console
例 9.7. Cisco Catalyst 3750 series Example
Switch#show running-config Building configuration... Current configuration : 2085 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! no aaa new-model switch 1 provision ws-c3750g-24ts system mtu routing 1500 ip subnet-zero ip routing ! ip dhcp pool vlan2 network 10.10.0.0 255.255.255.0 default-router 10.10.0.1 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ip dhcp pool vlan3 network 10.10.1.0 255.255.255.0 default-router 10.10.1.254 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface GigabitEthernet1/0/3 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 ip address 172.16.0.100 255.255.255.0 ! interface Vlan2 ip address 10.10.0.1 255.255.255.0 ! interface Vlan3 ip address 10.10.1.254 255.255.255.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.0.254 ip http server ! ! control-plane ! ! line con 0 line vty 5 15 ! end