Cisco交换机端口聚合、VTP、ACL配置实例
生活随笔
收集整理的這篇文章主要介紹了
Cisco交换机端口聚合、VTP、ACL配置实例
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
網絡拓撲:**************** 基本配置 ****************
SW1> en ?;進入特權模式
SW1# conf t ?;進入全局配置模式
SW1(config)# hostname SW1? ?;設置交換機的主機名
SW1(config)# enable secret cisco ?;設置特權加密口令
SW1(config)# enable password cisco ?;設置特權非密口令
SW1(config)# line console 0 ?;進入控制臺口
SW1(config-line)# login ??;允許登錄
SW1(config-line)# password cisco1 ?;設置登錄口令xx
SW1(config)# line vty 0 4 ?;進入虛擬終端
SW1(config-line)# login ??;允許登錄
SW1(config-line)# password cisco2 ?;設置登錄口令xx
SW1# exit ;返回命令
**************** 鏈路聚合 ****************
SW1:2960
interface Port-channel 1
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
switchport trunk allowed vlan allSW2:2960
interface Port-channel 2
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/3-4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable
switchport trunk allowed vlan allSW3:2960
interface Port-channel 3
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/5-6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode desirable
switchport trunk allowed vlan allSW4:2960
interface Port-channel 4
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/7-8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode desirable
switchport trunk allowed vlan all
SW5: 3560
interface Port-channel 1
description Channel group member SW1 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW1 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode auto
switchport trunk allowed vlan allinterface Port-channel 2
description Channel group member SW2 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/3 - 4
description Connect to SW2 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode auto
switchport trunk allowed vlan allinterface Port-channel 3
description Channel group member SW3 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/5 - 6
description Connect to SW3 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode auto
switchport trunk allowed vlan allinterface Port-channel 4
description Channel group member SW4 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/7 - 8
description Connect to SW4 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode auto
switchport trunk allowed vlan all
sh ip int bri
**************** 配置VTP ****************?
SW5: 3560
SW5#vlan database?
SW5(vlan)#vtp server
Device mode already VTP SERVER.
SW5(vlan)#vtp domain tianyu
Changing VTP domain name from NULL to tianyu
SW5(vlan)#vtp password cisco
Setting device VLAN database password to cisco
SW5(vlan)#exit
APPLY completed.
Exiting....SW1:2960
SW1#vlan database?
SW1(vlan)#vtp client?
Setting device to VTP CLIENT mode.
SW1(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW1(vlan)#vlan 3 name db
SW1(vlan)#vlan 4 name platform
SW1(vlan)#vlan 5 name web
SW1(vlan)#endSW1(config)#int range f0/3 - 8
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 3
SW1(config-if-range)#no sh?
SW1(config-if-range)#exit
SW1(config)#int ran f0/9 - 14
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 4
SW1(config-if-range)#no sh?
SW1(config-if-range)#exit
SW1(config)#int ran f0/15 - 24
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 5
SW1(config-if-range)#no sh
SW1(config-if-range)#exitSW2:2960
SW2#vlan database?
SW2(vlan)#vtp client?
Setting device to VTP CLIENT mode.
SW2(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW2(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW2(config)#int range f0/3 - 8
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 3
SW2(config-if-range)#no sh?
SW2(config-if-range)#exit
SW2(config)#int ran f0/9 - 14
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 4
SW2(config-if-range)#no sh?
SW2(config-if-range)#exit
SW2(config)#int ran f0/15 - 24
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 5
SW2(config-if-range)#no sh
SW2(config-if-range)#exit/*SW3、SW4也類似的配置*/SW5: 3560
SW5(config)#ip routing?
SW5(config)#int vlan 3
SW5(config-if)#ip add 192.168.3.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 4
SW5(config-if)#ip add 192.168.4.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 5
SW5(config-if)#ip add 192.168.5.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
sh ip route
sh vtp stat
sh vlan bri
sh int tr
**************** 配置ACL ****************
/*vlan3與vlan5之間互訪,vlan4與vlan5之間互訪,禁止vlan3與vlan4之間互訪*/
SW5(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 103 permit ip 192.168.5.0 0.0.0.255 0.0.0.0 255.255.255.255**************** 應用ACL至VLAN端口 ****************
SW5(config)# int vlan 3
SW5(config-if)# ip access-group 101 in?
SW5(config)# int vlan 4
SW5(config-if)# ip access-group 102 in
SW5(config)# int f0/24
SW5(config-if)# ip access-group 103 in
****************? 端口鏡像:3560 ****************
監聽指定vlan
SW5#show monitor????? 檢查是否已存在鏡像的配置
SW5#conf t??????????????????? 進入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 1 source vlan 3 - 5 both????? 監控vlan 3 - 5
SW5(config)#monitor session 1 destination int f0/23???? 把信息復制到f0/23
SW5(config)#end??????? 返回
SW5#show monitor監聽指定端口
SW5#show monitor????? 檢查是否已存在鏡像的配置
SW5#conf t??????????????????? 進入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 2 source int f0/24 both????? 監控端口f0/24
SW5(config)#monitor session 2 destination int f0/23???? 把信息復制到f0/23
SW5(config)#end??????? 返回
SW5#show monitor session 2
?
經過以上配置后,就可以用sinffer進行抓包了!
本文出自 “聆聽未來” 博客,請務必保留此出處http://kerry.blog.51cto.com/172631/347349
SW1> en ?;進入特權模式
SW1# conf t ?;進入全局配置模式
SW1(config)# hostname SW1? ?;設置交換機的主機名
SW1(config)# enable secret cisco ?;設置特權加密口令
SW1(config)# enable password cisco ?;設置特權非密口令
SW1(config)# line console 0 ?;進入控制臺口
SW1(config-line)# login ??;允許登錄
SW1(config-line)# password cisco1 ?;設置登錄口令xx
SW1(config)# line vty 0 4 ?;進入虛擬終端
SW1(config-line)# login ??;允許登錄
SW1(config-line)# password cisco2 ?;設置登錄口令xx
SW1# exit ;返回命令
**************** 鏈路聚合 ****************
SW1:2960
interface Port-channel 1
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
switchport trunk allowed vlan allSW2:2960
interface Port-channel 2
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/3-4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable
switchport trunk allowed vlan allSW3:2960
interface Port-channel 3
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/5-6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode desirable
switchport trunk allowed vlan allSW4:2960
interface Port-channel 4
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW5 on port f0/7-8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode desirable
switchport trunk allowed vlan all
SW5: 3560
interface Port-channel 1
description Channel group member SW1 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/1 - 2
description Connect to SW1 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode auto
switchport trunk allowed vlan allinterface Port-channel 2
description Channel group member SW2 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/3 - 4
description Connect to SW2 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode auto
switchport trunk allowed vlan allinterface Port-channel 3
description Channel group member SW3 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/5 - 6
description Connect to SW3 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode auto
switchport trunk allowed vlan allinterface Port-channel 4
description Channel group member SW4 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunkint ran f0/7 - 8
description Connect to SW4 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode auto
switchport trunk allowed vlan all
sh ip int bri
**************** 配置VTP ****************?
SW5: 3560
SW5#vlan database?
SW5(vlan)#vtp server
Device mode already VTP SERVER.
SW5(vlan)#vtp domain tianyu
Changing VTP domain name from NULL to tianyu
SW5(vlan)#vtp password cisco
Setting device VLAN database password to cisco
SW5(vlan)#exit
APPLY completed.
Exiting....SW1:2960
SW1#vlan database?
SW1(vlan)#vtp client?
Setting device to VTP CLIENT mode.
SW1(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW1(vlan)#vlan 3 name db
SW1(vlan)#vlan 4 name platform
SW1(vlan)#vlan 5 name web
SW1(vlan)#endSW1(config)#int range f0/3 - 8
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 3
SW1(config-if-range)#no sh?
SW1(config-if-range)#exit
SW1(config)#int ran f0/9 - 14
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 4
SW1(config-if-range)#no sh?
SW1(config-if-range)#exit
SW1(config)#int ran f0/15 - 24
SW1(config-if-range)#switchport mode access?
SW1(config-if-range)#switchport access vlan 5
SW1(config-if-range)#no sh
SW1(config-if-range)#exitSW2:2960
SW2#vlan database?
SW2(vlan)#vtp client?
Setting device to VTP CLIENT mode.
SW2(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW2(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW2(config)#int range f0/3 - 8
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 3
SW2(config-if-range)#no sh?
SW2(config-if-range)#exit
SW2(config)#int ran f0/9 - 14
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 4
SW2(config-if-range)#no sh?
SW2(config-if-range)#exit
SW2(config)#int ran f0/15 - 24
SW2(config-if-range)#switchport mode access?
SW2(config-if-range)#switchport access vlan 5
SW2(config-if-range)#no sh
SW2(config-if-range)#exit/*SW3、SW4也類似的配置*/SW5: 3560
SW5(config)#ip routing?
SW5(config)#int vlan 3
SW5(config-if)#ip add 192.168.3.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 4
SW5(config-if)#ip add 192.168.4.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 5
SW5(config-if)#ip add 192.168.5.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
sh ip route
sh vtp stat
sh vlan bri
sh int tr
**************** 配置ACL ****************
/*vlan3與vlan5之間互訪,vlan4與vlan5之間互訪,禁止vlan3與vlan4之間互訪*/
SW5(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 103 permit ip 192.168.5.0 0.0.0.255 0.0.0.0 255.255.255.255**************** 應用ACL至VLAN端口 ****************
SW5(config)# int vlan 3
SW5(config-if)# ip access-group 101 in?
SW5(config)# int vlan 4
SW5(config-if)# ip access-group 102 in
SW5(config)# int f0/24
SW5(config-if)# ip access-group 103 in
****************? 端口鏡像:3560 ****************
監聽指定vlan
SW5#show monitor????? 檢查是否已存在鏡像的配置
SW5#conf t??????????????????? 進入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 1 source vlan 3 - 5 both????? 監控vlan 3 - 5
SW5(config)#monitor session 1 destination int f0/23???? 把信息復制到f0/23
SW5(config)#end??????? 返回
SW5#show monitor監聽指定端口
SW5#show monitor????? 檢查是否已存在鏡像的配置
SW5#conf t??????????????????? 進入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 2 source int f0/24 both????? 監控端口f0/24
SW5(config)#monitor session 2 destination int f0/23???? 把信息復制到f0/23
SW5(config)#end??????? 返回
SW5#show monitor session 2
?
經過以上配置后,就可以用sinffer進行抓包了!
本文出自 “聆聽未來” 博客,請務必保留此出處http://kerry.blog.51cto.com/172631/347349
轉載于:https://blog.51cto.com/vmeng/1126830
總結
以上是生活随笔為你收集整理的Cisco交换机端口聚合、VTP、ACL配置实例的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 目标跟踪之相关滤波
- 下一篇: Columns Controller