Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1143362
  • 博文数量: 119
  • 博客积分: 1991
  • 博客等级: 上尉
  • 技术积分: 4452
  • 用 户 组: 普通用户
  • 注册时间: 2010-03-23 21:28
文章分类

全部博文(119)

文章存档

2012年(111)

2011年(8)

分类: 系统运维

2012-04-20 00:39:13

原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://blog.chinaunix.net/space.php?uid=9419692&do=blog&id=3182605

网络拓扑:
**************** 基本配置 ****************
SW1> en ;进入特权模式
SW1# conf t ;进入全局配置模式
SW1(config)# hostname SW1 ;设置交换机的主机名
SW1(config)# enable secret cisco ;设置特权加密口令
SW1(config)# enable password cisco ;设置特权非密口令
SW1(config)# line console 0 ;进入控制台口
SW1(config-line)# login ;允许登录
SW1(config-line)# password cisco1 ;设置登录口令xx
SW1(config)# line vty 0 4 ;进入虚拟终端
SW1(config-line)# login ;允许登录
SW1(config-line)# password cisco2 ;设置登录口令xx
SW1# exit ;返回命令

**************** 链路聚合 ****************
SW1:2960
interface Port-channel 1
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/1 - 2
description Connect to SW5 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
switchport trunk allowed vlan all
SW2:2960
interface Port-channel 2
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/1 - 2
description Connect to SW5 on port f0/3-4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable
switchport trunk allowed vlan all
SW3:2960
interface Port-channel 3
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/1 - 2
description Connect to SW5 on port f0/5-6
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode desirable
switchport trunk allowed vlan all
SW4:2960
interface Port-channel 4
description Channel group member f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/1 - 2
description Connect to SW5 on port f0/7-8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode desirable
switchport trunk allowed vlan all

SW5: 3560
interface Port-channel 1
description Channel group member SW1 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/1 - 2
description Connect to SW1 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode auto
switchport trunk allowed vlan all
interface Port-channel 2
description Channel group member SW2 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/3 - 4
description Connect to SW2 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode auto
switchport trunk allowed vlan all
interface Port-channel 3
description Channel group member SW3 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/5 - 6
description Connect to SW3 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode auto
switchport trunk allowed vlan all
interface Port-channel 4
description Channel group member SW4 f0/1-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
int ran f0/7 - 8
description Connect to SW4 on port f0/1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode auto
switchport trunk allowed vlan all

sh ip int bri

**************** 配置VTP ****************
SW5: 3560
SW5#vlan database
SW5(vlan)#vtp server
Device mode already VTP SERVER.
SW5(vlan)#vtp domain tianyu
Changing VTP domain name from NULL to tianyu
SW5(vlan)#vtp password cisco
Setting device VLAN database password to cisco
SW5(vlan)#exit
APPLY completed.
Exiting....
SW1:2960
SW1#vlan database
SW1(vlan)#vtp client
Setting device to VTP CLIENT mode.
SW1(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW1(vlan)#vlan 3 name db
SW1(vlan)#vlan 4 name platform
SW1(vlan)#vlan 5 name web
SW1(vlan)#end
SW1(config)#int range f0/3 - 8
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 3
SW1(config-if-range)#no sh
SW1(config-if-range)#exit
SW1(config)#int ran f0/9 - 14
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 4
SW1(config-if-range)#no sh
SW1(config-if-range)#exit
SW1(config)#int ran f0/15 - 24
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 5
SW1(config-if-range)#no sh
SW1(config-if-range)#exit
SW2:2960
SW2#vlan database
SW2(vlan)#vtp client
Setting device to VTP CLIENT mode.
SW2(vlan)#vtp domain tianyu
Domain name already set to tianyu .
SW2(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW2(config)#int range f0/3 - 8
SW2(config-if-range)#switchport mode access
SW2(config-if-range)#switchport access vlan 3
SW2(config-if-range)#no sh
SW2(config-if-range)#exit
SW2(config)#int ran f0/9 - 14
SW2(config-if-range)#switchport mode access
SW2(config-if-range)#switchport access vlan 4
SW2(config-if-range)#no sh
SW2(config-if-range)#exit
SW2(config)#int ran f0/15 - 24
SW2(config-if-range)#switchport mode access
SW2(config-if-range)#switchport access vlan 5
SW2(config-if-range)#no sh
SW2(config-if-range)#exit
/*SW3、SW4也类似的配置*/
SW5: 3560
SW5(config)#ip routing
SW5(config)#int vlan 3
SW5(config-if)#ip add 192.168.3.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 4
SW5(config-if)#ip add 192.168.4.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit
SW5(config)#int vlan 5
SW5(config-if)#ip add 192.168.5.1 255.255.255.0
SW5(config-if)#no sh
SW5(config-if)#exit

sh ip route
sh vtp stat
sh vlan bri
sh int tr

**************** 配置ACL ****************
/*vlan3与vlan5之间互访,vlan4与vlan5之间互访,禁止vlan3与vlan4之间互访*/
SW5(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
SW5(config)# access-list 103 permit ip 192.168.5.0 0.0.0.255 0.0.0.0 255.255.255.255
**************** 应用ACL至VLAN端口 ****************
SW5(config)# int vlan 3
SW5(config-if)# ip access-group 101 in
SW5(config)# int vlan 4
SW5(config-if)# ip access-group 102 in
SW5(config)# int f0/24
SW5(config-if)# ip access-group 103 in

**************** 端口镜像:3560 ****************
监听指定vlan
SW5#show monitor 检查是否已存在镜像的配置
SW5#conf t 进入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 1 source vlan 3 - 5 both 监控vlan 3 - 5
SW5(config)#monitor session 1 destination int f0/23 把信息复制到f0/23
SW5(config)#end 返回
SW5#show monitor
监听指定端口
SW5#show monitor 检查是否已存在镜像的配置
SW5#conf t 进入全局模式
SW5(config)#no monitor session 1
SW5(config)#monitor session 2 source int f0/24 both 监控端口f0/24
SW5(config)#monitor session 2 destination int f0/23 把信息复制到f0/23
SW5(config)#end 返回
SW5#show monitor session 2

经过以上配置后,就可以用sinffer进行抓包了!

本文出自 “聆听未来” 博客,请务必保留此出处http://blog.chinaunix.net/space.php?uid=9419692&do=blog&id=3182605

阅读(3976) | 评论(6) | 转发(3) |
给主人留下些什么吧!~~

king_8192012-04-25 17:13:27

最乖啦啦: 使用交换机配置访问控制列表的语句怎么写?.....
配置ACL,看这段

king_8192012-04-25 17:13:17

配置ACL,看这段

king_8192012-04-25 17:12:35

鸪灵: 虽然是转载的文章,不过还是学习了,顶.....
转载?  这是我实际环境中用到的

鸪灵2012-04-25 17:00:30

虽然是转载的文章,不过还是学习了,顶

最乖啦啦2012-04-24 11:37:19

使用交换机配置访问控制列表的语句怎么写?