Cisco 35系列交换机的常用配置方法
==============================================================================
一、添加vlan21
cisco3560#vlan database
cisco3560(vlan)#vlan 21 ?
are Maximum number of All Route Explorer hops for this VLAN
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero if none)
cisco3560(vlan)#vlan 21 name vlan21
VLAN 21 added:
Name: vlan21
cisco3560(vlan)#exit 保存退出
APPLY completed.
Exiting....
cisco3560#
==============================================================================
二、为vlan21添加IP地址
cisco3560(config)#interface vlan 21
cisco3560(config-if)#ip address 172.18.21.254 255.255.255.0
cisco3560(config-if)#exit
===============================================================================
三、添加端口到vlan21
cisco3560#configure terminal
cisco3560(config)#interface gigabitEthernet 0/42
cisco3560(config-if)#switchport access vlan 21
cisco3560(config-if)#no shut 启动端口
cisco3560(config-if)#exit
===============================================================================
四、添加ACL访问控制规则(先添加访问控制组,再添加策略)
cisco3560#conf terminal
cisco3560(config)#interface vlan 21
cisco3560(config-if)#
cisco3560(config-if)#ip access-group 121 ?
in inbound packets
out outbound packets
cisco3560(config-if)#ip access-group 121 in
cisco3560(config-if)#exit 退出到全局配置模式
cisco3560(config)#
cisco3560(config)#access-list 121 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
remark Access list entry comment
cisco3560(config)#access-list 121 ? ip (源)XXX.XXX.XXX.XXX 掩码的反码 目标ip 目标掩码的反码
cisco3560(config)#access-list 121 deny ip 172.18.10.0 0.0.0.255 172.18.12.0 0.0.0.255
access-list 121 deny ip 172.18.10.0 0.0.0.255 172.18.14.0 0.0.0.255
。。。。。
access-list 121 permit ip any any
ACL(访问列表)配置
Switch(config)# access-list 121 permit tcp any host 10.1.1.1 eq smtp
Switch(config)# access-list 121 deny tcp any host 10.1.1.2 eq telnet
Switch(config)# access-list 121 permit tcp any host 10.1.1.2
Switch(config)# access-list 121 deny tcp any any
==============================================================================
五、添加路由的方法
1、到主机的路由
2、到vlan的路由
cisco3560(config)#
ip route 0.0.0.0 0.0.0.0 172.18.101.1
ip route 172.26.0.0 255.255.0.0 172.19.1.10
ip route 172.30.0.0 255.255.0.0 172.19.1.8
ip route 192.168.101.0 255.255.255.0 172.19.1.6
cisco3560(config)#ip route 172.18.13.0 255.255.255.0 vlan 21 ?
<1-255> Distance metric for this route
A.B.C.D Forwarding router's address
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
=============================================================================
六、show命令的用法
cisco3560#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan2 172.18.1.254 YES NVRAM up up
Vlan10 172.18.10.254 YES manual up up
Vlan11 172.18.11.254 YES manual up up
Vlan12 172.18.12.254 YES manual up up
Vlan14 172.18.14.254 YES manual up up
cisco3560#
cisco3560#show vlan brief 查看vlan与端口的对应关系
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/31, Gi0/32, Gi0/37, Gi0/38, Gi0/39, Gi0/50, Gi0/51, Gi0/52
2 vlan2 active Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12, Gi0/49
10 vlan10 active Gi0/22, Gi0/40
11 vlan11 active Gi0/23
12 vlan12 active Gi0/24
13 vlan13 active Gi0/45
14 vlan14 active Gi0/25
15 vlan15 active Gi0/26, Gi0/27, Gi0/28
16 vlan16 active Gi0/29, Gi0/30
cisco3560#show access-lists 查看ACL规则表
Extended IP access list 101
10 deny ip 172.18.10.0 0.0.0.255 172.18.12.0 0.0.0.255
20 deny ip 172.18.10.0 0.0.0.255 172.18.14.0 0.0.0.255
30 deny ip 172.18.10.0 0.0.0.255 172.18.15.0 0.0.0.255
40 permit ip any any (23754 matches)
cisco3560#
cisco3560# show ip interface brief 查看交换机接口配置信息
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan2 172.18.1.254 YES NVRAM up up
Vlan10 172.18.10.254 YES manual up up
Vlan11 172.18.11.254 YES manual up up
Vlan12 172.18.12.254 YES manual up up
Vlan13 172.18.13.254 YES manual up down
Vlan14 172.18.14.254 YES manual up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
GigabitEthernet0/3 unassigned YES unset up up
cisco3560#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.18.101.1 to network 0.0.0.0
172.19.0.0/24 is subnetted, 1 subnets
C 172.19.1.0 is directly connected, Vlan20
172.18.0.0/24 is subnetted, 10 subnets
C 172.18.14.0 is directly connected, Vlan14
C 172.18.15.0 is directly connected, Vlan15
C 172.18.12.0 is directly connected, Vlan12
C 172.18.10.0 is directly connected, Vlan10
C 172.18.11.0 is directly connected, Vlan11
C 172.18.1.0 is directly connected, Vlan2
C 172.18.101.0 is directly connected, Vlan102
S 172.26.0.0/16 [1/0] via 172.19.1.10
S 172.30.0.0/16 [1/0] via 172.19.1.8
S 192.168.101.0/24 [1/0] via 172.19.1.6
S* 0.0.0.0/0 [1/0] via 172.18.101.1
cisco3560#
阅读(2220) | 评论(0) | 转发(0) |
