Cisco端口聚合、VTP、ACL实例
发布时间:2020-05-22 16:30:50 所属栏目:程序设计 来源:互联网
导读:网络拓扑: ****************基本配置**************** SW1en;进入特权模式 SW1#conft;进入全局配置模式 SW1(config)#hostnameSW1;设置交换机的主机名 SW1(config)#enablesecretcisco;设置特权加密口令 SW1(config)#enablepasswordcisco;设置特权非密口
网络拓扑: ****************基本配置****************SW1>en;进入特权模式 SW1#conft;进入全局配置模式 SW1(config)#hostnameSW1;设置交换机的主机名 SW1(config)#enablesecretcisco;设置特权加密口令 SW1(config)#enablepasswordcisco;设置特权非密口令 SW1(config)#lineconsole0;进入控制台口 SW1(config-line)#login;允许登录 SW1(config-line)#passwordcisco1;设置登录口令xx SW1(config)#linevty04;进入虚拟终端 SW1(config-line)#login;允许登录 SW1(config-line)#passwordcisco2;设置登录口令xx SW1#exit;返回命令 ****************链路聚合**************** SW1:2960 interfacePort-channel1 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/1-2 descriptionConnecttoSW5onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group1modedesirable switchporttrunkallowedvlanall SW2:2960 interfacePort-channel2 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/1-2 descriptionConnecttoSW5onportf0/3-4 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group2modedesirable switchporttrunkallowedvlanall SW3:2960 interfacePort-channel3 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/1-2 descriptionConnecttoSW5onportf0/5-6 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group3modedesirable switchporttrunkallowedvlanall SW4:2960 interfacePort-channel4 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/1-2 descriptionConnecttoSW5onportf0/7-8 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group4modedesirable switchporttrunkallowedvlanall SW5:3560 interfacePort-channel1 descriptionChannelgroupmemberSW1f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/1-2 descriptionConnecttoSW1onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group1modeauto switchporttrunkallowedvlanall interfacePort-channel2 descriptionChannelgroupmemberSW2f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/3-4 descriptionConnecttoSW2onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group2modeauto switchporttrunkallowedvlanall interfacePort-channel3 descriptionChannelgroupmemberSW3f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/5-6 descriptionConnecttoSW3onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group3modeauto switchporttrunkallowedvlanall interfacePort-channel4 descriptionChannelgroupmemberSW4f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk intranf0/7-8 descriptionConnecttoSW4onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group4modeauto switchporttrunkallowedvlanall shipintbri ****************配置VTP**************** SW5:3560 SW5#vlandatabase SW5(vlan)#vtpserver DevicemodealreadyVTPSERVER. SW5(vlan)#vtpdomaintianyu ChangingVTPdomainnamefromNULLtotianyu SW5(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco SW5(vlan)#exit APPLYcompleted. Exiting.... SW1:2960 SW1#vlandatabase SW1(vlan)#vtpclient SettingdevicetoVTPCLIENTmode. SW1(vlan)#vtpdomaintianyu Domainnamealreadysettotianyu. SW1(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco. SW1(vlan)#vlan3namedb SW1(vlan)#vlan4nameplatform SW1(vlan)#vlan5nameweb SW1(vlan)#end SW1(config)#intrangef0/3-8 SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan3 SW1(config-if-range)#nosh SW1(config-if-range)#exit SW1(config)#intranf0/9-14 SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan4 SW1(config-if-range)#nosh SW1(config-if-range)#exit SW1(config)#intranf0/15-24 SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan5 SW1(config-if-range)#nosh SW1(config-if-range)#exit SW2:2960 SW2#vlandatabase SW2(vlan)#vtpclient SettingdevicetoVTPCLIENTmode. SW2(vlan)#vtpdomaintianyu Domainnamealreadysettotianyu. SW2(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco. SW2(config)#intrangef0/3-8 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan3 SW2(config-if-range)#nosh SW2(config-if-range)#exit SW2(config)#intranf0/9-14 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan4 SW2(config-if-range)#nosh SW2(config-if-range)#exit SW2(config)#intranf0/15-24 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan5 SW2(config-if-range)#nosh SW2(config-if-range)#exit /*SW3、SW4也类似的配置*/ SW5:3560 SW5(config)#iprouting SW5(config)#intvlan3 SW5(config-if)#ipadd192.168.3.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit SW5(config)#intvlan4 SW5(config-if)#ipadd192.168.4.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit SW5(config)#intvlan5 SW5(config-if)#ipadd192.168.5.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit shiproute shvtpstat shvlanbri shinttr ****************配置ACL**************** /*vlan3与vlan5之间互访,vlan4与vlan5之间互访,禁止vlan3与vlan4之间互访*/ SW5(config)#access-list101permitip192.168.3.00.0.0.255192.168.5.00.0.0.255 SW5(config)#access-list102permitip192.168.4.00.0.0.255192.168.5.00.0.0.255 SW5(config)#access-list103permitip192.168.5.00.0.0.2550.0.0.0255.255.255.255 ****************应用ACL至VLAN端口**************** SW5(config)#intvlan3 SW5(config-if)#ipaccess-group101in SW5(config)#intvlan4 SW5(config-if)#ipaccess-group102in SW5(config)#intf0/24 SW5(config-if)#ipaccess-group103in ****************端口镜像:3560**************** 监听指定vlan SW5#showmonitor检查是否已存在镜像的配置 SW5#conft进入全局模式 SW5(config)#nomonitorsession1 SW5(config)#monitorsession1sourcevlan3-5both监控vlan3-5 SW5(config)#monitorsession1destinationintf0/23把信息复制到f0/23 SW5(config)#end返回 SW5#showmonitor 监听指定端口SW5#showmonitor检查是否已存在镜像的配置SW5#conft进入全局模式SW5(config)#nomonitorsession1SW5(config)#monitorsession2sourceintf0/24both监控端口f0/24SW5(config)#monitorsession2destinationintf0/23把信息复制到f0/23SW5(config)#end返回SW5#showmonitorsession2经过以上配置后,就可以用sinffer进行抓包了! (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |