Cisco端口聚合、VTP、ACL实例
发布时间:2020-12-13 19:41:04 所属栏目:百科 来源:网络整理
导读:网络拓扑: 650) this.width=650;" width="650" src="http://img.jb51.cc/vcimg/static/loading.png" border="0" alt="201007101278750666213.jpg" src="http://img1.51cto.com/attachment/201007/201007101278750666213.jpg"> ****************基本配置****
网络拓扑:
****************基本配置****************
SW1>en;进入特权模式 SW1#conft;进入全局配置模式 SW1(config)#hostnameSW1;设置交换机的主机名 SW1(config)#enablesecretcisco;设置特权加密口令 SW1(config)#enablepasswordcisco;设置特权非密口令 SW1(config)#lineconsole0;进入控制台口 SW1(config-line)#login;允许登录 SW1(config-line)#passwordcisco1;设置登录口令xx SW1(config)#linevty04;进入虚拟终端 SW1(config-line)#login;允许登录 SW1(config-line)#passwordcisco2;设置登录口令xx SW1#exit;返回命令 ****************链路聚合**************** SW1:2960 interfacePort-channel1 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group1modedesirable switchporttrunkallowedvlanall
SW2:2960
interfacePort-channel2 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/3-4 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group2modedesirable switchporttrunkallowedvlanall
SW3:2960
interfacePort-channel3 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/5-6 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group3modedesirable switchporttrunkallowedvlanall
SW4:2960
interfacePort-channel4 descriptionChannelgroupmemberf0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/7-8 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group4modedesirable switchporttrunkallowedvlanall SW5:3560 interfacePort-channel1 descriptionChannelgroupmemberSW1f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW1onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group1modeauto switchporttrunkallowedvlanall
interfacePort-channel2
descriptionChannelgroupmemberSW2f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/3-4
descriptionConnecttoSW2onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group2modeauto switchporttrunkallowedvlanall
interfacePort-channel3
descriptionChannelgroupmemberSW3f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/5-6
descriptionConnecttoSW3onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group3modeauto switchporttrunkallowedvlanall
interfacePort-channel4
descriptionChannelgroupmemberSW4f0/1-2 switchport switchporttrunkencapsulationdot1q switchportmodetrunk
intranf0/7-8
descriptionConnecttoSW4onportf0/1-2 switchporttrunkencapsulationdot1q switchportmodetrunk channel-group4modeauto switchporttrunkallowedvlanall shipintbri ****************配置VTP**************** SW5:3560 SW5#vlandatabase SW5(vlan)#vtpserver DevicemodealreadyVTPSERVER. SW5(vlan)#vtpdomaintianyu ChangingVTPdomainnamefromNULLtotianyu SW5(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco SW5(vlan)#exit APPLYcompleted. Exiting....
SW1:2960
SW1#vlandatabase SW1(vlan)#vtpclient SettingdevicetoVTPCLIENTmode. SW1(vlan)#vtpdomaintianyu Domainnamealreadysettotianyu. SW1(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco. SW1(vlan)#vlan3namedb SW1(vlan)#vlan4nameplatform SW1(vlan)#vlan5nameweb SW1(vlan)#end
SW1(config)#intrangef0/3-8
SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan3 SW1(config-if-range)#nosh SW1(config-if-range)#exit SW1(config)#intranf0/9-14 SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan4 SW1(config-if-range)#nosh SW1(config-if-range)#exit SW1(config)#intranf0/15-24 SW1(config-if-range)#switchportmodeaccess SW1(config-if-range)#switchportaccessvlan5 SW1(config-if-range)#nosh SW1(config-if-range)#exit
SW2:2960
SW2#vlandatabase SW2(vlan)#vtpclient SettingdevicetoVTPCLIENTmode. SW2(vlan)#vtpdomaintianyu Domainnamealreadysettotianyu. SW2(vlan)#vtppasswordcisco SettingdeviceVLANdatabasepasswordtocisco. SW2(config)#intrangef0/3-8 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan3 SW2(config-if-range)#nosh SW2(config-if-range)#exit SW2(config)#intranf0/9-14 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan4 SW2(config-if-range)#nosh SW2(config-if-range)#exit SW2(config)#intranf0/15-24 SW2(config-if-range)#switchportmodeaccess SW2(config-if-range)#switchportaccessvlan5 SW2(config-if-range)#nosh SW2(config-if-range)#exit
/*SW3、SW4也类似的配置*/
SW5:3560
SW5(config)#iprouting SW5(config)#intvlan3 SW5(config-if)#ipadd192.168.3.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit SW5(config)#intvlan4 SW5(config-if)#ipadd192.168.4.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit SW5(config)#intvlan5 SW5(config-if)#ipadd192.168.5.1255.255.255.0 SW5(config-if)#nosh SW5(config-if)#exit shiproute shvtpstat shvlanbri shinttr ****************配置ACL**************** /*vlan3与vlan5之间互访,vlan4与vlan5之间互访,禁止vlan3与vlan4之间互访*/ SW5(config)#access-list101permitip192.168.3.00.0.0.255192.168.5.00.0.0.255 SW5(config)#access-list102permitip192.168.4.00.0.0.255192.168.5.00.0.0.255 SW5(config)#access-list103permitip192.168.5.00.0.0.2550.0.0.0255.255.255.255
****************应用ACL至VLAN端口****************
SW5(config)#intvlan3 SW5(config-if)#ipaccess-group101in SW5(config)#intvlan4 SW5(config-if)#ipaccess-group102in SW5(config)#intf0/24 SW5(config-if)#ipaccess-group103in ****************端口镜像:3560**************** 监听指定vlan SW5#showmonitor检查是否已存在镜像的配置 SW5#conft进入全局模式 SW5(config)#nomonitorsession1 SW5(config)#monitorsession1sourcevlan3-5both监控vlan3-5 SW5(config)#monitorsession1destinationintf0/23把信息复制到f0/23 SW5(config)#end返回 SW5#showmonitor
监听指定端口SW5#showmonitor检查是否已存在镜像的配置SW5#conft进入全局模式SW5(config)#nomonitorsession1SW5(config)#monitorsession2sourceintf0/24both监控端口f0/24SW5(config)#monitorsession2destinationintf0/23把信息复制到f0/23SW5(config)#end返回SW5#showmonitorsession2经过以上配置后,就可以用sinffer进行抓包了!
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |