思科交换机基本配置实例讲解
目录
1、基本概念介绍.................................................................................................................................................. 2
2、密码、登陆等基本配置............................................................................................................................... 2
3、cisco设备端口配置详解.......................................................................................................................... 8
4、vlan的规划及配置................................................................................................................................... 13
4.1 核心交换机的相关配置........................................................................................................................ 13
4.2 接入交换机的相关配置........................................................................................................................ 25
5、配置交换机的路由功能............................................................................................................................. 30
6、配置交换机的DHCP功能........................................................................................................................ 31
7、常用排错命令................................................................................................................................................ 32
IOS: 互联网操作系统,也就是交换机和路由器中用的操作系统
VLAN: 虚拟lan
VTP: VLANTRUNK PROTOCOL
DHCP: 动态主机配置协议
ACL: 访问控制列表
三层交换机:具有三层路由转发能力的交换机
本教程中“#”后的蓝色文字为注释内容。
本节介绍的内容为cisco路由器或者交换机的基本配置,在目前版本的cisco交换机或路由器上的这些命令是通用的。本教程用的是cisco的模拟器做的介绍,一些具体的端口显示或许与你们实际的设备不符,但这并不影响基本配置命令的执行。
Cisco 3640 (R4700) processor (revision0xFF) with 124928K/6144K bytes of memory.
Processor board ID 00000000
R4700 CPU at 100MHz, Implementation 33, Rev1.2
2 Ethernet interfaces
8 Serial interfaces
DRAM configuration is 64 bits wide withparity enabled.
125K bytes of NVRAM.
8192K bytes of processor board System flash(Read/Write)
--- System Configuration Dialog ---
Would you like to enter the initialconfiguration dialog? [yes/no]: n
# 此处我们选择no,不进入他的初始化配置向导
Press RETURN to get started!
# 选择no以后,提示你按回车键开始,此处我们需要按回车键
*Mar 1 00:43:56.591: %IP-5-WEBINST_KILL: Terminating DNS process
*Mar 1 00:43:58.379: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 3600 Software(C3640-JK9O3S-M), Version 12.3(14)T7, RELEASE SOFTWARE (fc2)
Technical Support:http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems,Inc.
Compiled Wed 22-Mar-06 21:46 by pwade
*Mar 1 00:43:58.411: %SNMP-5-COLDSTART: SNMP agent on host Router isundergoing a cold start
Router>
# 等显示稳定后,出现最初的提示符,注意提示符是“>”,目前所处的状态称为用户模式。
Router> 用户模式
Router>
Router>en
# 如果在当前状态下没有重复的命令,我们可以用“TAB”键来补齐这条命令,主要目的是为了便于阅读
Router>enable 进入特权模式
# 从用户模式(usermode)进入到特权模式(exec mode),注意提示符的变化,提示符变为“#”
Router#conf t
Router#configure terminal 进入全局模式
(说明:#在特权模式下输入configure terminal进入全局配置模式(globalconfiguration mode),在这之下输入的命令叫做全局命令,一旦输入,将对整个router产生即时影响。如下,注意提示符的变化:)
Router(config)#exit # 请注意提示符发生了改变,当前的模式据叫做全局配置模式。
Router#conf
*Mar 1 00:44:26.491: %SYS-5-CONFIG_I: Configured from console by console t # 在输入命令的过程中,IOS会出现一些即时提示。
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#exit # 退出当前的全局配置模式的命令是exit
Router#conf t # 重新进入到全局配置模式
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#
*Mar 1 00:44:35.591: %SYS-5-CONFIG_I: Configured from console by consolehos
# 这行是路由器(交换机)出现的一些即时提示。
Router(config)# hostname test
# 这条命令用来更改当前设备的名字(名字中可包含设备的楼层、用途等信息),主要是为了将来便于区分设备。
test(config)#
# 回车后我们就会发现,但前的设备的名字已经发生了改变,变成了test了。
test(config)# enable pass
# 这条命令用来配置设备的登陆密码,用tab键补齐后,再下一行显示完整命令。
test(config)#enable password cisco # 我们输入这台设备的登陆密码为 cisco
test(config)#end # 我们退回到全局配置模式,校验一下刚才输入的密码
test#sh r
# 此命令的完整写法是show running-start,此处的sh r用的是省略的写法,因无其他重复的命令所以可以被执行。
Building configuration...
Current configuration : 1559 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname test # 注意此处显示的是我们配置的设备的名字
!
boot-start-marker
boot-end-marker
!
enable password cisco
# 此处显示的是刚才我们配置的enable密码,注意此时是用明文显示的,有点不安全。
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
!
#到这一行其实并未全部显示完配置的内容,我们可以按键盘上的任意键来终止继续显示。在显示的过程中通过按回车键可以逐行显示,按空格键可以一页一页的显示。这些操作可在实际的设备中体会。
test#conf t # 重新进入到全局配置模式
test(config)#service pass
test(config)#service password-encryption # 利用这条命令给密码加密显示。
test(config)#end
test#sh r # 退出到全局配置模式后,验证刚才的配置。
Building configuration...
Current configuration : 1565 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname test
!
boot-start-marker
boot-end-marker
!
enable password 7 070C285F4D06 cisco
# 注意此处刚才明文显示的密码已经变成加密显示了,这样从一定程度上保证了密码的安全。
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
!
# 验证完毕后按任何一个键中断显示,下面的内容说明终端登陆密码的配置。
test#conf t
Enter configuration commands, one perline. End with CNTL/Z.
test(config)#no service password-encryption
#可利用这条命令(前面加no)来去掉密码加密功能,cisco的所有命令都可以通过这种方式来禁止。
test(config)#line con
test(config)#line console 0 # 利用这条命令来配置用超级终端登陆时的一些参数。
test(config-line)#pass
test(config-line)#password cisco # 添加密码,此处我们配置的密码为cisco
test(config-line)#loggi
test(config-line)#logging ?
# 在任何情况下如果你忘记了命令的相关参数可以用?来获得提示和帮助
synchronous Synchronized message output
test(config-line)#logging sy
test(config-line)#logging synchronous
#在我们进行配置时,IOS会产生一些即时的提示信息,而这些信息会冲乱我们的光标显示,用这条命令可以将光标规矩在下一行,即使出现了一些即时的提示。
test(config-line)#exit # 退出当前console口的参数配置
test(config)#line vt? # telnet登陆时相关参数的配置,此处用了?来寻求提示。
<0-134> First Line number
aux Auxiliary line
console Primary terminal line
tty Terminal controller
vty Virtual terminal
x/y Slot/Port for Modems
test(config)#line vty 0 4
# 我们配置虚拟终端的0到4,也就是同时允许5个用户可以telnet到这台设备上来。
test(config-line)#pass
test(config-line)#password cisco
#我们配置telnet时的密码为cisco,如果此处我们不设置密码,那么用telnet来登陆的时候并不会以空密码登陆,而是会给你提示说:相关密码没有设置,禁止登陆。所以我们为了能远程telnet到这台设备,此处的密码一定要设置好。
test(config-line)#login # 这条命令是允许通过telnet来登录
test(config-line)#exit # 退出当前配置模式到全局配置模式。
test(config)#
test(config)#
test#conf s
# 我们在做配置的时候,会出现输入错误的情况,在这种情况下ios会以为你输入的是一个域名
Translating "s"...domain server(255.255.255.255)
# 那么ios会做长时间的搜寻,试图找到这个域名对应的ip地址.......
Translating "s"...domain server(255.255.255.255)
# 这段时间是比较长的,那么我们如何禁用它的这个功能呢?
% Unknown command or computer name, orunable to find computer address
test#conf t
Enter configuration commands, one perline. End with CNTL/Z.
test(config)#no ip domain-lookup # 在全局配置模式下,将ip域名的搜寻功能关闭就可以了。
test(config)#end
test#conf
*Mar 1 01:40:46.895: %SYS-5-CONFIG_I: Configured from console by console
test#conf x # 将上述功能关闭以后,再有输入错误的情况会直接提示你输入错误。
^
% Invalid input detected at '^' marker.
test#
test(config)#ip domain-name 202.102.128.68
# 如果有必要将设备配置上DNS功能的话就用这条命令。
### 基本配置完毕后我们验证一下所有的配置###
test#sh run
Building configuration...
Current configuration : 1693 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption # 密码加密显示功能打开
!
hostname test
!
boot-start-marker
boot-end-marker
!
enable password 7 070C285F4D06 # 密码被加密显示了
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
!
!
ip cef
no ip domain lookup # 关闭了域名查找功能
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
no crypto isakmp ccm
!
(略……)
ip http server
no ip http secure-server
ip classless
!
control-plane
!
line con 0
exec-timeout 0 0
password 7 094F471A1A0A # 用超级终端登陆的密码,也同样被加密显示
logging synchronous
line aux 0
line vty 0 4
password 7 00071A150754 # 用telnet登陆的密码,也同样被加密显示
login
!
!
end
test#
User Access Verification
# 从dos提示符下运行telnetip地址,就会连接到相应的交换机或者路由器
Password: # 输入配置号的telnet密码,也就是上节提到的vtp中的密码
test>en # 进入特权模式
Password: # 输入特权模式密码,也就是上节提到的enable密码。注意这些密码在输入的时候屏幕是不显示的。
test#
test#
test#sh ip int brief # 查看当前所有端口状态,包括vlan和实际的物理接口状态
Interface IP-Address OK? Method Status Protocol协议# 这行列示的各种状态的名称
FastEthernet1 unassigned未分配 YES NVRAM down down
Vlan1 192.168.113.254 YES NVRAM up up
# vlan1的状态是active
Vlan2 172.16.0.2 YESNVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YES NVRAM up up
Vlan70 192.168.107.254 YES NVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
GigabitEthernet1/1 unassigned YES unset up up
# 物理接口gi1/1也是active状态
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
#说明:通过上述命令即可以查看当前设备所有状态的情况也可以查看端口的表示方式。在此例中我们登陆的是一台cisco4503的三层交换机;其中GigabitEthernet1/1,表示的是这台交换机上的第1块业务板的第1个端口,并且此端口是个千兆端口;而GigabitEthernet3/19表示的是这台交换机上的第3块业务版的第19个端口,并且此端口也是一个千兆端口,其他的端口以此类推。千兆端口的名称为:GigabitEthernet,百兆端口的名称为:FastEthernet。
test# conf t
# 进入到全局配置模式。要想对端口、vlan、路由等操作一定要到全局配置模式中来。
Enter configuration commands, one perline. End with CNTL/Z.
test(config)#inter
test(config)#interface gi1/2 进入Gi1/2端口
# 通过此命令可进去端口配置模式,此处我们进入的是GigabitEthernet1/2口,gi1/2为简写。
test(config-if)#?
#回车后进入到端口配置模式,注意提示符的变化,输入?寻求在这个模式着那个的帮助。
Interface configuration commands:
access-group Access group configuration
arp Set arptype (arpa, probe, snap) or timeout
auto ConfigureAutomation
backup Modifybackup parameters
bandwidth Setbandwidth informational parameter
bgp-policy Applypolicy propogated by bgp community string
carrier-delay Specifydelay for interface transitions
cdp CDPinterface subcommands
channel-group Etherchannel/port bundling configuration
channel-protocol Select thechannel protocol (LACP, PAgP)
dampening Enableevent dampening
default Set acommand to its defaults
delay Specifyinterface throughput delay
description Interfacespecific description
dot1x InterfaceConfig Commands for 802.1x
duplex Configureduplex operation.
exit Exit frominterface configuration mode
flow-sampler Attachflow sampler to the interface
flowcontrol Configureflow operation.
help Description of the interactive help system
ip InterfaceInternet Protocol config commands
isis IS-IS commands
iso-igrp ISO-IGRPinterface subcommands
keepalive Enablekeepalive
l2protocol-tunnel TunnelLayer2 protocols
lacp LACPinterface subcommands
load-interval Specify interval for load calculation for aninterface
logging Configurelogging for interface
loopback Configureinternal loopback on an interface
mac MACinterface commands
macro Command macro
max-reserved-bandwidth MaximumReservable Bandwidth on an Interface
mtu Set theinterface Maximum Transmission Unit (MTU)
no Negate acommand or set its defaults
pagp PAgPinterface subcommands
power Powerconfiguration
qos QoSconfiguration
rmon ConfigureRemote Monitoring on an interface
service-policy ConfigureQoS Service Policy
shutdown Shutdown the selected interface
snmp ModifySNMP interface parameters
spanning-tree SpanningTree Subsystem
speed Configurespeed operation.
storm-control stormconfiguration
switchport Setswitching mode characteristics
timeout Definetimeout values for this interface
transmit-interface Assign atransmit interface to a receive-only interface
tx-queue Configureinterface transmit queue
udld ConfigureUDLD enabled or disabled and ignore global UDLD setting
vlan-range configvlan
test(config-if)#spe
test(config-if)#speed ?
# 我们可指定这个端口的速度,比如这个端口接的是一个百兆的收发器,我们就可以强制将此端口设置成100M
10 Force 10 Mbps operation # 强制此端口为10M
100 Force 100 Mbps operation # 强制此端口为100M
1000 Force 1000 Mbps operation # 强制此端口为1000M
auto Enable AUTO speedconfiguration # 允许速度自动协商
test(config-if)#speed 100
# 通过此命令就可将此端口强制设成100M,默认的状态下是auto。
test(config-if)#dup
test(config-if)#duplex ? # 用此命令可配置此端口的双工模式,有3个选项供选择。
auto Enable AUTO duplexconfiguration # 自动配置此端口的双工模式
full Force full duplex operation # 强制此端口为全双工模式
half Force half-duplex operation # 强制此端口为半双工模式
test(config-if)#duplex auto
test(config-if)#end # 用end命令可直接退回到特权模式,用exit是一层一层的退出。
test#ter
test#terminal moni
test#terminal monitor
#打开终端监控。当用telnet登陆的时候默认是不显示各端口的实时变化情况的,打开这个功能就能实时的看到这台交换机上哪个端口up,哪个端口down,这对于排错的时候是很有帮助的。
test#conf t
Enter configuration commands, one perline. End with CNTL/Z.
test(config)#int gi1/2 # 重新回到端口配置模式
test(config-if)#shut #此命令可手工关闭此端口
test(config-if)#no shut # 此命令为打开此端口
test(config-if)#switchport access vlan?
# 这条命令可配置此端口属于哪个vlan,当然此vlan要事先建好。
<1-4094> VLAN ID of theVLAN when this port is in access mode
dynamic When in access mode,this interfaces VLAN is controlled by VMPS
test(config-if)#switchport access vlan 100
# 我们配置此端口属于vlan100,如果此端口事先属于其他vlan那么,会从其他vlan退出
test(config-if)#exit
test(config)#int rang # 亦可成批的配置端口,利用这个命令
test(config)#int range gi 1/1 - 5
# 表示同时对gi1/1到gi1/5这5个端口进行操作,注意命令“1 - 5”,之间有空格。
test(config-if-range)#switchport accessvlan 100 # 可同时配置这5个端口属于vlan100
test(config-if-range)#shutdown # 可同时关闭这5个端口
test(config-if-range)#no shutdown # 可同时启用这5个端口
test(config-if-range)#exit
test(config-if)#end
test#
test#sh int gi1/2 # 在特权模式中,可查看单个端口的状态
GigabitEthernet1/2 is down, line protocolis down (notconnect)
# 这行说明此端口当前的状态是down的
Hardware is Gigabit Ethernet Port, address is 001a.6db4.a3c1 (bia001a.6db4.a3c1)
# 此端口的MAC地址
MTU1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, link type is auto, media type is 10/100/1000-TX
# 此端口的模式为10/100/1000-TX
input flow-control is off, output flow-control is off
ARPtype: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5minute input rate 0 bits/sec, 0 packets/sec
5minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
test#sh int gi1/1
GigabitEthernet1/1 is up, line protocol isup (connected)
# 这行表明此端口是up的,并且连有网线。
Hardware is Gigabit Ethernet Port, address is 001a.6db4.a3c0 (bia001a.6db4.a3c0)
MTU1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX
input flow-control is off, output flow-control is off
ARPtype: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5minute input rate 1293000 bits/sec, 426 packets/sec
5minute output rate 2410000 bits/sec, 528 packets/sec
273591244 packets input, 142285545179 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored # 没有输入错误,表明链路状态良好
0 input packets with dribble condition detected
335026620 packets output, 223732323465 bytes, 0 underruns # 输出数据包统计
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
test#
test#
test#
test#wr # 保存刚才的配置结果
在本节中我们讲解vlan的规划及具体的配置命令。在此例中我们用的是vtp(VLAN Trunking Protocol)server的模式,在这种模式中我们需要配置核心交换机的vtp模式为server,各接入交换机的vtp模式为cilent,那么配置完成后接入交换机就会通过trunk口自动从核心交换机学习到所有的vlan配置信息。在接入交换机中只需要添加相应的端口即可,这样易于管理与部署。具体的配置命令我们通过两小节来演示:
4.1 核心交换机的相关配置
(这是一台已经配置好了的交换机,但这并不会影响我们的演示效果。所有我们新作的配置会在演示结束后清除。)
TEST#sh vlan #显示已经有的vlan信息,并且同时显示了各端口所属的vlan
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7,Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19,Gi1/20, Gi3/12, Gi3/13, Gi3/16
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
# 从这行往下是为其他协议预留的vlan号段,这些不必理会。
1002 fddi-default act/unsup 1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
TEST#conf
Configuring from terminal, memory, ornetwork [terminal]? t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#vlan 200 # 我们新建一个vlan号为200的vlan
TEST(config-vlan)#name test # 给这个vlan命名,这样便于日常的管理。
TEST(config-vlan)#?
VLAN configuration commands:
are Maximum number ofAll Route Explorer hops for this VLAN (or zero if none specified)
backupcrf Backup CRF mode ofthe VLAN
bridge Bridgingcharacteristics of the VLAN
exit Apply changes, bumprevision number, and exit mode
media Media type of theVLAN
mtu VLAN MaximumTransmission Unit
name Ascii name of theVLAN # 刚才我们就是用的这条命令
no Negate a command orset its defaults
parent ID number of theParent VLAN of FDDI or Token Ring type VLANs
private-vlan Configure a privateVLAN
remote-span Configure as RemoteSPAN VLAN
ring Ring number of FDDIor Token Ring type VLANs
said IEEE 802.10 SAID
shutdown Shutdown VLANswitching
state Operational state ofthe VLAN
ste Maximum number of SpanningTree Explorer hops for this VLAN (or zero if none specified)
stp Spanning treecharacteristics of the VLAN
tb-vlan1 ID number of thefirst translational VLAN for this VLAN (or zero if none)
tb-vlan2 ID number of thesecond translational VLAN for this VLAN (or zero if none)
TEST(config-vlan)#END # 建好vlan后退出到特权模式中
TEST#show ip int brief
# 显示目前有的端口配置状态,我们会发现此时并没有vlan200的相关信息
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES NVRAM down down
Vlan1 192.168.113.254 YESNVRAM up up
Vlan2 172.16.0.2 YES NVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YES NVRAM up up
Vlan70 192.168.107.254 YES NVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
GigabitEthernet1/1 unassigned YES unset up up
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
GigabitEthernet1/10 unassigned YES unset down down
GigabitEthernet1/11 unassigned YES unset down down
GigabitEthernet1/12 unassigned YES unset down down
GigabitEthernet1/13 unassigned YES unset down down
GigabitEthernet1/14 unassigned YES unset down down
GigabitEthernet1/15 unassigned YES unset up up
GigabitEthernet1/16 unassigned YES unset down down
GigabitEthernet1/17 unassigned YES unset down down
GigabitEthernet1/18 unassigned YES unset down down
GigabitEthernet1/19 unassigned YES unset down down
GigabitEthernet1/20 unassigned YES unset down down
GigabitEthernet3/1 unassigned YES unset up up
GigabitEthernet3/2 unassigned YES unset up up
GigabitEthernet3/3 unassigned YES unset up up
GigabitEthernet3/4 unassigned YES unset up up
GigabitEthernet3/5 unassigned YES unset up up
GigabitEthernet3/6 unassigned YES unset up up
GigabitEthernet3/7 unassigned YES unset up up
GigabitEthernet3/8 unassigned YES unset down down
TEST#sh vlan # 显示一下vlan信息
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11,Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
200 test active
# 这个是我们新建好的vlan,但是vlan中没有任何端口。
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
TEST#conf t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#interface gigabitEthernet 1/2
# 我们进入端口配置模式,配置gigabitEthernet 1/2这个端口
TEST(config-if)#switchport access vlan 200 # 将此端口加入到刚才建好的vlan200中
TEST(config-if)#end
TEST#sh vlan # 退出来验证一下
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/12,Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/14
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
200 test active Gi1/2
# 现在GI1/2这个端口已经属于vlan200了。
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
TEST#sh ip int brief
# 再显示一下所有端口的状态,我们会发现同样没有vlan200的相关信息。
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES NVRAM down down
Vlan1 192.168.113.254 YESNVRAM up up
Vlan2 172.16.0.2 YES NVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YES NVRAM up up
Vlan70 192.168.107.254 YES NVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
GigabitEthernet1/1 unassigned YES unset up up
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
GigabitEthernet1/10 unassigned YES unset down down
GigabitEthernet1/11 unassigned YES unset down down
GigabitEthernet1/12 unassigned YES unset down down
GigabitEthernet1/13 unassigned YES unset down down
GigabitEthernet1/14 unassigned YES unset down down
GigabitEthernet1/15 unassigned YES unset up up
GigabitEthernet1/16 unassigned YES unset down down
GigabitEthernet1/17 unassigned YES unset down down
GigabitEthernet1/18 unassigned YES unset down down
GigabitEthernet1/19 unassigned YES unset down down
GigabitEthernet1/20 unassigned YES unset down down
GigabitEthernet3/1 unassigned YES unset up up
GigabitEthernet3/2 unassigned YES unset up up
GigabitEthernet3/3 unassigned YES unset up up
GigabitEthernet3/4 unassigned YES unset up up
GigabitEthernet3/5 unassigned YES unset up up
GigabitEthernet3/6 unassigned YES unset up up
GigabitEthernet3/7 unassigned YES unset up up
GigabitEthernet3/8 unassigned YES unset down down
TEST#conf t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#int vlan 200 # 给这个vlan添加相应的ip地址,注意此处的语法
TEST(config-if)#ip add 10.10.10.0.1255.255.255.0 #添加具体的ip地址
TEST(config-if)#no shut # 使能此端口
TEST(config-if)#end
TEST#sh ip int b
# 重新显示一下所有端口的状态,我们会发现已经有了vlan200的端口信息了。
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES NVRAM down down
Vlan1 192.168.113.254 YESNVRAM up up
Vlan2 172.16.0.2 YES NVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YESNVRAM up up
Vlan70 192.168.107.254 YES NVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
Vlan200 10.10.0.1 YES manual up up
GigabitEthernet1/1 unassigned YES unset up up
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
GigabitEthernet1/10 unassigned YES unset down down
GigabitEthernet1/11 unassigned YES unset down down
GigabitEthernet1/12 unassigned YES unset down down
GigabitEthernet1/13 unassigned YES unset down down
GigabitEthernet1/14 unassigned YES unset down down
GigabitEthernet1/15 unassigned YES unset up up
GigabitEthernet1/16 unassigned YES unset down down
GigabitEthernet1/17 unassigned YES unset down down
GigabitEthernet1/18 unassigned YES unset down down
GigabitEthernet1/19 unassigned YES unset down down
GigabitEthernet1/20 unassigned YES unset down down
GigabitEthernet3/1 unassigned YES unset up up
GigabitEthernet3/2 unassigned YES unset up up
GigabitEthernet3/3 unassigned YES unset up up
GigabitEthernet3/4 unassigned YES unset up up
GigabitEthernet3/5 unassigned YES unset up up
GigabitEthernet3/6 unassigned YES unset up up
GigabitEthernet3/7 unassigned YES unset up up
##小结一下:在刚才的配置过程中,端口Gi1/2下面所连接的电脑的网关就是vlan200的地址——10.10.0.1。下面所连的电脑找到相应的网关后在会去找具体的路由,这些我们下节会讲解。
TEST#show inter trunk
# 显示当前交换机中的trunk接口。作为trunk接口的端口下联的是接入层(或者是汇聚层)的交换机。
Port Mode Encapsulation Status Native vlan
Gi1/15 on 802.1q trunking 1
Gi3/17 on 802.1q trunking 1
Gi3/20 on 802.1q trunking 1
Gi3/21 on 802.1q trunking 1
Gi3/22 on 802.1q trunking 1
Gi3/23 on 802.1q trunking 1
Gi3/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/15 1-4094
Gi3/17 1-4094
Gi3/20 1-4094
Gi3/21 1-4094
Gi3/22 1-4094
Gi3/23 1-4094
Gi3/24 1-4094
Port Vlans allowed and active in management domain
Gi1/15 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/17 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/20 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/21 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/22 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/23 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/24 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Port Vlans in spanning tree forwarding state and not pruned
Gi1/15 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/17 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/20 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/21 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/22 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/23 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
Gi3/24 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160,200
TEST#conf t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#int gi1/15 # 我们以gi1/15来说明,如何将此端口配置成trunk接口
TEST(config-if)#switchport mode ? # 首先定义此接口的模式为trunk
access Settrunking mode to ACCESS unconditionally
dynamic Settrunking mode to dynamically negotiate access or trunk mode
private-vlan Set the mode to private-vlan host orpromiscuous
trunk Settrunking mode to TRUNK unconditionally
TEST(config-if)#switchport mode trunk
TEST(config-if)#switchport trunkencapsulation ?
# 然后定义trunk口的封装类型,此处选择dot1q也叫802.1q,为通用封装类型
dot1q Interface uses only802.1q trunking encapsulation when trunking
isl Interface usesonly ISL trunking encapsulation when trunking
negotiate Device will negotiatetrunking encapsulation with peer on interface
TEST(config-if)#switchport trunkencapsulation dot1q
# 回车后就将此trunk口的封装类型定义成了dot1q
##小结一下:刚才配置的是如何将下联接入层交换机的端口配置成trunk模式,并且如何将此trunk口封装成特定的类型,接下来我们介绍如何配置此核心交换机的VTP的一些相关设置。
TEST(config)#vtp mode ?
client Set the device toclient mode.客服端模式
server Set the device toserver mode.服务器模式
transparent Set the device totransparent mode.透明模式
TEST(config)#vtp mode server
# 首先我们在全局配置模式中将vtp的mode设置成server
TEST(config)#vtp domain pjoe
# 然后配置vtp的domain,所有的交换机应该在一个domain中,此例中我们定义的doamin为pjoe
TEST(config)#vtp password pjoeserver
# 配置此vtp的介入密码,这样可以防止未授权的交换机随便加入到这个domian中来。
TEST#sh vtp status # 配置完毕后显示一下vtp的状态
VTP Version : 2
Configuration Revision : 22
Maximum VLANs supported locally : 1005
Number of existing VLANs :20
VTP Operating Mode : Server # vtp的模式为server模式
VTP Domain Name :pjoe # vtp的域名是pjoe
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation :Enabled
MD5 digest : 0x00 0xB3 0x21 0xB70x56 0xD7 0x06 0x4F
# 此处表示的是vtp的密码(已加密)
Configuration last modified by192.168.113.254 at 12-3-07 22:52:46
Local updater ID is 192.168.113.254 oninterface Vl1 (lowest numbered VLAN interface found)
TEST#
TEST#
##小结一下:经过以上的配置就将核心交换机的vtp等的配置工作完成了,只需要再配置好接入交换机的相关vtp参数和对应的trunk接口,接入交换机就能够从核心交换机上获取到所有的vlan信息,而不需要重新建立各个vlan。
TEST#sh vlan #接下来我们去掉新增加的vlan,先显示一下。
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/12,Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/14,
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6,Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
200 test active Gi1/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
TEST#conf t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#no vlan 200 # 第一步,删除vlan200
TEST(config)#no int vlan 200 # 第二步,删除int vlan200 ,经过这两步就可以彻底的删除vlan200了
TEST(config)int gi1/2 # 进入到gi1/2这个端口中
TEST(config-if)#switchport access vlan 1 # 将这个端口重新划分到vlan1中
TEST(config-if)#end
TEST#shv vlan
# 确认一下,我们成功的将gi1/2回归到vlan1中,并且删除掉了vlan200
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11,Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
4.2 接入交换机的相关配置
##在此例中,我们联入的是一台接入交换机,此交换机的gi0/1口上联至核心交换机。也就意味着我们需要配置gi0/1为trunk口。具体的配置如下:
D-2960-3(config)#int gi0/1
D-2960-3(config-if)#sw
D-2960-3(config-if)#switchport mo
D-2960-3(config-if)#switchport mode ?
access Set trunking mode toACCESS unconditionally
dynamic Set trunking mode todynamically negotiate access or trunk mode
trunk Set trunking mode toTRUNK unconditionally
D-2960-3(config-if)#switchport mode trunk
##配置此接口的模式为trunk,在cisoc2960交换机中,配置完接口模式为trunk后就可以了,不需要进一步配置此trunk口的封装状态,因为其默认的也是唯一的封装类型就是dot1q,并且此系列交换机并没有专门的封装配置命令。
D-2960-3(config-if)#exit
D-2960-3(config)#exit
D-2960-3#sh int tru # 退至特权配置模式验证一下刚才的配置
Port Mode Encapsulation Status Native vlan
Gi0/1 auto 802.1q trunking 1
# 这个端口已经配置成trunk模式,并且封装成802.1q了
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-2,10,20,30,40,50,60,70,80,100,110,120,150,160
D-2960-3#conf t # 进入到全局配置模式
D-2960-3(config)#vtp mode client
# 配置vtp模式为client,与核心交换机的server模式相呼应。
D-2960-3(config)#vtp domain pjoe
# 配置vtp域为pjoe,只有一个域中的交换机才能互传vlan信息。
D-2960-3(config)#vtp password pjoeserver # 配置vtp密码
D-2960-3(config)#end
D-2960-3#sh vtp status # 退出到特权模式验证一下刚才的有关vtp的配置
VTP Version : 2
Configuration Revision :23
Maximum VLANs supported locally : 255
Number of existing VLANs :19
VTP Operating Mode : Client # 模式已经设置成client
VTP Domain Name :pjoe # 域名已经设置成pjoe
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation :Disabled
MD5 digest : 0xEC 0x30 0xEF 0x6F0xA5 0x9A 0x39 0x7B
# 密码已经配置完毕,但是被加密显示了
Configuration last modified by192.168.113.254 at 12-3-07 22:58:54
##稍等一会后,验证一下是否学习到了核心交换机的vlan信息,它的学习有一小段的过程30秒的样子。
D-2960-3#sh vlan # 验证一下vlan信息是否全部学到。
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10,Fa0/11,Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20,Fa0/21,Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29, Fa0/30,Fa0/31,Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/36, Fa0/37, Fa0/38, Fa0/39, Fa0/40,Fa0/41,a0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47, Fa0/48, Gi0/2
2 firewall active
# ok,核心交换机上配置好的vlan信息已经被这台交换机学习到了,剩下的工作仅需要将相应的端口添加到相应的vlan中就可以了,此处不赘述。
10 Engineering active
20 Procurement active
30 QAQC active
40 Operation active
50 Yard active
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active
160 Client active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
D-2960-3#
# 配置这台交换机的管理IP
D-2960-3(config)#int vlan 1 # 管理ip地址我们配置在vlan1上
D-2960-3(config-if)#ip address192.168.113.222 255.255.255.0 # 设置实际的ip地址
D-2960-3(config-if)#exit
D-2960-3(config)#ip default-gateway192.168.113.254
# 设置这台交换机的网关,此地址即为核心交换机vlan1的地址。
D-2960-3(config)#end
D-2960-3#sh run # 验证一下完整的配置。
Building configuration...
Current configuration : 2087 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname D-2960-3
!
enable password 7 12090F18170805172924
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
(省略… …)
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ipaddress 192.168.113.222 255.255.255.0
noip route-cache
!
ip default-gateway 192.168.113.254
ip http server
!
control-plane
!
!
line con 0
password 7 12090F18170805172924
line vty 0 4
password 7 12090F18170805172924
login
line vty 5 15
login
!
end
D-2960-3#
5、配置交换机的路由功能
说明:只有在三层交换机上才有路由功能,其他的二层接入交换机要想在不同的vlan之间传送数据需要通过trunk口到核心交换机上进行完路由交换后才可以。
TEST(config)#ip routing #使能三层交换机的路由功能,默认是关闭的
TEST(config)#ip route 0.0.0.0 0.0.0.0172.16.0.1
# 配置交换机的默认路由,也就是总的出口路由。
TEST(config)#end # 退出验证一下刚才的配置
TEST#sh ip rouet
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.0.1 tonetwork 0.0.0.0
C 192.168.106.0/24 is directly connected, Vlan60
# 这种类型的路由——标志为“C”的路由,为静态直连路由。
C 192.168.107.0/24 is directly connected, Vlan70
C 192.168.104.0/24 is directly connected, Vlan40
C 192.168.105.0/24 is directly connected, Vlan50
C 192.168.110.0/24 is directly connected, Vlan100
C 192.168.111.0/24 is directly connected,Vlan110
C 192.168.108.0/24 is directly connected, Vlan80
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Vlan2
C 192.168.115.0/24 is directly connected, Vlan160
C 192.168.113.0/24 is directly connected, Vlan1
C 192.168.112.0/24 is directly connected, Vlan120
C 192.168.102.0/24 is directly connected, Vlan20
C 192.168.103.0/24 is directly connected, Vlan30
C 192.168.100.0/24 is directly connected, Vlan150
C 192.168.101.0/24 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 172.16.0.1 # 为配置的默认路由
TEST#
6、配置交换机的DHCP功能
TEST#sh ip int b # 先显示一下所有的端口配置
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES NVRAM down down
Vlan1 192.168.113.254 YESNVRAM up up
Vlan2 172.16.0.2 YES NVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YES NVRAM up up
Vlan70 192.168.107.254 YES NVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
# 此例中我们想让vlan120提供DHCP功能
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
GigabitEthernet1/1 unassigned YES unset up up
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
GigabitEthernet1/10 unassigned YES unset down down
GigabitEthernet1/11 unassigned YES unset down down
GigabitEthernet1/12 unassigned YES unset down down
GigabitEthernet1/13 unassigned YES unset down down
GigabitEthernet1/14 unassigned YES unset down down
GigabitEthernet1/15 unassigned YES unset up up
GigabitEthernet1/16 unassigned YES unset down down
GigabitEthernet1/17 unassigned YES unset down down
GigabitEthernet1/18 unassigned YES unset down down
GigabitEthernet1/19 unassigned YES unset down down
GigabitEthernet1/20 unassigned YES unset down down
GigabitEthernet3/1 unassigned YES unset up up
GigabitEthernet3/2 unassigned YES unset up up
GigabitEthernet3/3 unassigned YES unset up up
GigabitEthernet3/4 unassigned YES unset up up
GigabitEthernet3/5 unassigned YES unset up up
GigabitEthernet3/6 unassigned YES unset up up
GigabitEthernet3/7 unassigned YES unset up up
GigabitEthernet3/8 unassigned YES unset up up
TEST#
TEST#conf t
Enter configuration commands, one perline. End with CNTL/Z.
TEST(config)#ip dhcp pool wlan # 配置交换机的地址池并命名
TEST(config)#network 192.168.112.0255.255.255.0 # 定义此地址池的网段
TEST(config)#default-router 192.168.112.254 # 定义分发下去的地址的默认网关
TEST(config)#dns-server 202.102.128.68202.102.134.68
# 定义分发下去地址的DNS服务器,此处是2个中间用空格分隔。
TEST(config)#ip dhcp excluded-address192.168.112.200 192.168.112.254
# 定义保留的ip地址端
TEST(dhcp-config)#end
TEST#sh run
##小结一下:至此所属这个vlan的客户机就可以通过自动获取地址的方式来得到正确的ip、网关、dns等信息。
7、常用排错命令
TEST#terminal monitor
# 排除网络故障以前,请打开这一命令以便实时的接收到交换机的提示信息。
TEST#
TEST#sh run
#显示所有的配置清单,可将这些配置保存成文本作为交换机的配置备份。
Building configuration...
Current configuration : 9200 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service compress-config
!
hostname TEST
!
boot-start-marker
boot system flashcat4000-i9s-mz.122-25.EWA8.bin
boot systembootflash:cat4000-i9s-mz.122-25.EWA8.bin
boot-end-marker
!
enable secret 5 $1$c2Ge$eLS42O.0h04yCn1tDZGsB/
enable password 7 1119130A12010E1E122F39
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.112.200192.168.112.254
ip dhcp excluded-address 192.168.115.200192.168.115.254
!
ip dhcp pool Wlan
network 192.168.112.0 255.255.255.0
default-router 192.168.112.254
dns-server 202.102.128.68 202.102.134.68
!
ip dhcp pool Client
network 192.168.115.0 255.255.255.0
default-router 192.168.115.254
dns-server 202.102.134.68 202.102.128.68
!
ip dhcp pool test
host 192.168.112.98 255.255.255.0
client-identifier 0100.1b77.2fa0.39
default-router 192.168.112.254
dns-server 202.102.134.68
!
ip dhcp pool lijing
host 192.168.112.100 255.255.255.0
client-identifier 0100.0e35.891b.46
default-router 192.168.112.254
dns-server 202.102.128.68 202.102.134.68
!
!
no file verify auto
errdisable recovery cause arp-inspection
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
interface FastEthernet1
noip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
switchport access vlan 2
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet3/1
switchport access vlan 150
nocdp enable
!
interface GigabitEthernet3/2
switchport access vlan 150
!
interface GigabitEthernet3/3
switchport access vlan 150
!
interface GigabitEthernet3/4
switchport access vlan 150
!
interface GigabitEthernet3/5
switchport access vlan 150
!
interface GigabitEthernet3/6
switchport access vlan 150
!
interface GigabitEthernet3/7
switchport access vlan 150
!
interface GigabitEthernet3/8
switchport access vlan 150
!
interface GigabitEthernet3/9
switchport access vlan 10
!
interface GigabitEthernet3/10
switchport access vlan 10
!
interface GigabitEthernet3/11
switchport access vlan 160
!
interface GigabitEthernet3/12
!
interface GigabitEthernet3/13
!
interface GigabitEthernet3/14
!
interface GigabitEthernet3/15
switchport access vlan 160
!
interface GigabitEthernet3/16
!
interface GigabitEthernet3/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/18
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet3/19
switchport access vlan 20
switchport mode access
nocdp enable
!
interface GigabitEthernet3/20
switchport trunk encapsulation dot1q
switchport mode trunk
iparp inspection trust
!
interface GigabitEthernet3/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ipaddress 192.168.113.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan2
ipaddress 172.16.0.2 255.255.255.252
iphelper-address 192.168.100.100
noip redirects
noip unreachables
!
interface Vlan10
ipaddress 192.168.101.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan20
ipaddress 192.168.102.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan30
ipaddress 192.168.103.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan40
ipaddress 192.168.104.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan50
ipaddress 192.168.105.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan60
ipaddress 192.168.106.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan70
ipaddress 192.168.107.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan80
ipaddress 192.168.108.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan100
ipaddress 192.168.110.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan110
ipaddress 192.168.111.254 255.255.255.0
iphelper-address 192.168.100.100
!
interface Vlan120
ipaddress 192.168.112.254 255.255.255.0
ipaccess-group 101 in
iphelper-address 192.168.100.100
!
interface Vlan150
ipaddress 192.168.100.254 255.255.255.0
iphelper-address 192.168.100.100
noip redirects
!
interface Vlan160
ipaddress 192.168.115.254 255.255.255.0
ipaccess-group 100 in
ipaccess-group 100 out
iphelper-address 192.168.100.100
noip redirects
!
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip http server
!
!
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.101.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.102.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.103.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.104.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.105.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.106.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.107.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.108.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.110.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.111.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.112.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.113.00.0.0.255
access-list 100 deny ip 192.168.115.0 0.0.0.255 192.168.100.00.0.0.255
access-list 100 permit ip any any
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.101.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.102.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.103.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.104.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.105.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.106.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.107.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.108.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.110.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.111.00.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.113.00.0.0.255
access-list 101 permit ip host192.168.112.100 host 192.168.100.103
access-list 101 permit ip host192.168.112.98 192.168.100.0 0.0.0.255
access-list 101 deny ip 192.168.112.0 0.0.0.255 192.168.100.00.0.0.255
access-list 101 permit ip any any
!
snmp-server community pjoe RW
snmp-server enable traps snmp authenticationlinkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps stpx
snmp-server enable traps rf
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps copy-config
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertionremoval
snmp-server enable traps syslog
snmp-server enable traps bridge
snmp-server enable traps envmon fanshutdown supply temperature status
snmp-server enable traps hsrp
snmp-server enable traps bgp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospfcisco-specific state-change
snmp-server enable traps ospfcisco-specific errors
snmp-server enable traps ospfcisco-specific retransmit
snmp-server enable traps ospfcisco-specific lsa
snmp-server enable traps pimneighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rtr
snmp-server enable traps vlan-membership
snmp-server host 192.168.100.105 pjoe
!
!
line con 0
password 7 0014190901480E1419245E
stopbits 1
line vty 0 4
password 7 03145104031C245E580C0B
login
!
!
end
TEST#
TEST#
TEST#
TEST#sh ip int b #显示所有端口的状态
Interface IP-Address OK? Method Status Protocol
FastEthernet1 unassigned YES NVRAM down down
Vlan1 192.168.113.254 YESNVRAM up up
Vlan2 172.16.0.2 YES NVRAM up up
Vlan10 192.168.101.254 YES NVRAM up up
Vlan20 192.168.102.254 YES NVRAM up up
Vlan30 192.168.103.254 YES NVRAM up up
Vlan40 192.168.104.254 YES NVRAM up up
Vlan50 192.168.105.254 YES NVRAM up up
Vlan60 192.168.106.254 YES NVRAM up up
Vlan70 192.168.107.254 YESNVRAM up up
Vlan80 192.168.108.254 YES NVRAM up up
Vlan100 192.168.110.254 YES NVRAM up up
Vlan110 192.168.111.254 YES NVRAM up up
Vlan120 192.168.112.254 YES NVRAM up up
Vlan150 192.168.100.254 YES NVRAM up up
Vlan160 192.168.115.254 YES NVRAM up up
GigabitEthernet1/1 unassigned YES unset up up
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 unassigned YES unset down down
GigabitEthernet1/9 unassigned YES unset down down
GigabitEthernet1/10 unassigned YES unset down down
GigabitEthernet1/11 unassigned YES unset down down
GigabitEthernet1/12 unassigned YES unset down down
GigabitEthernet1/13 unassigned YES unset down down
GigabitEthernet1/14 unassigned YES unset down down
GigabitEthernet1/15 unassigned YES unset up up
GigabitEthernet1/16 unassigned YES unset down down
GigabitEthernet1/17 unassigned YES unset down down
GigabitEthernet1/18 unassigned YES unset down down
GigabitEthernet1/19 unassigned YES unset down down
GigabitEthernet1/20 unassigned YES unset down down
GigabitEthernet3/1 unassigned YES unset up up
GigabitEthernet3/2 unassigned YES unset up up
GigabitEthernet3/3 unassigned YES unset up up
GigabitEthernet3/4 unassigned YES unset up up
GigabitEthernet3/5 unassigned YES unset up up
GigabitEthernet3/6 unassigned YES unset up up
GigabitEthernet3/7 unassigned YES unset up up
GigabitEthernet3/8 unassigned YES unset up up
GigabitEthernet3/9 unassigned YES unset down down
GigabitEthernet3/10 unassigned YES unset down down
GigabitEthernet3/11 unassigned YES unset down down
GigabitEthernet3/12 unassigned YES unset down down
GigabitEthernet3/13 unassigned YES unset down down
GigabitEthernet3/14 unassigned YES unset down down
GigabitEthernet3/15 unassigned YES unset down down
GigabitEthernet3/16 unassigned YES unset down down
GigabitEthernet3/17 unassigned YES unset up up
GigabitEthernet3/18 unassigned YES unset up up
GigabitEthernet3/19 unassigned YES unset up up
GigabitEthernet3/20 unassigned YES unset up up
GigabitEthernet3/21 unassigned YES unset up up
GigabitEthernet3/22 unassigned YES unset up up
GigabitEthernet3/23 unassigned YES unset up up
GigabitEthernet3/24 unassigned YES unset up up
TEST#
TEST#
TEST#sh vlan # 显示所有的vlan信息
VLAN Name Status Ports
---- ----------------------------------------- -------------------------------
1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11,Gi1/12,Gi1/13,Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/14,Gi3/16
2 firewall active Gi1/1
10 Engineering active Gi3/9, Gi3/10
20 Procurement active Gi3/19
30 QAQC active
40 Operation active
50 Yard active Gi3/18
60 BM active
70 HRAD active
80 Facility active
100 Finance active
110 GO active
120 Wlan active
150 Server active Gi3/1, Gi3/2,Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8
160 Client active Gi3/11, Gi3/15
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ -------------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
150 enet 100150 1500 - - - - - 0 0
160 enet 100160 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
TEST#
TEST#sh vtp sta #显示vtp协议的相关配置
VTP Version : 2
Configuration Revision :23
Maximum VLANs supported locally : 1005
Number of existing VLANs :19
VTP Operating Mode : Server
VTP Domain Name :pjoe
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation :Enabled
MD5 digest : 0xEC 0x30 0xEF 0x6F0xA5 0x9A 0x39 0x7B
Configuration last modified by192.168.113.254 at 12-3-07 22:58:54
Local updater ID is 192.168.113.254 oninterface Vl1 (lowest numbered VLAN interface found)
TEST#
TEST#
TEST#
TEST#
TEST#sh int gi1/2 # 显示具体物理接口的信息
GigabitEthernet1/2 is down, line protocolis down (notconnect)
Hardware is Gigabit Ethernet Port, address is 001a.6db4.a3c1 (bia 001a.6db4.a3c1)
MTU1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, link type is auto, media type is 10/100/1000-TX
input flow-control is off, output flow-control is off
ARPtype: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5minute input rate 0 bits/sec, 0 packets/sec
5minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
TEST#
TEST#
TEST#sh ip route # 显示这台交换机的所有路由信息
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.0.1 tonetwork 0.0.0.0
C 192.168.106.0/24 is directly connected, Vlan60
C 192.168.107.0/24 is directly connected,Vlan70
C 192.168.104.0/24 is directly connected, Vlan40
C 192.168.105.0/24 is directly connected, Vlan50
C 192.168.110.0/24 is directly connected, Vlan100
C 192.168.111.0/24 is directly connected, Vlan110
C 192.168.108.0/24 is directly connected, Vlan80
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Vlan2
C 192.168.115.0/24 is directly connected, Vlan160
C 192.168.113.0/24 is directly connected, Vlan1
C 192.168.112.0/24is directly connected, Vlan120
C 192.168.102.0/24 is directly connected, Vlan20
C 192.168.103.0/24 is directly connected, Vlan30
C 192.168.100.0/24 is directly connected, Vlan150
C 192.168.101.0/24 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 172.16.0.1
TEST#
TEST#
TEST#
TEST#sh processes cpu # 显示交换机的cpu利用率。当前是正常的。
CPU utilization for five seconds: 11%/0%;one minute: 15%; five minutes: 14%
PIDRuntime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 4 33 121 0.00% 0.00% 0.00% 0 Chunk Manager
2 36 107157 0 0.00% 0.00% 0.00% 0 Load Meter
3 76 160 475 0.00% 0.00% 0.00% 0 SpanTree Helper
4 0 1 0 0.00% 0.00% 0.00% 0 Deferred Events
5 679368 81333 8352 0.00% 0.11% 0.11% 0 Check heaps
6 0 4 0 0.00% 0.00% 0.00% 0 Pool Manager
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
9 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
10 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
11 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
12 4 8931 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
13 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
14 212 535724 0 0.00% 0.00% 0.00% 0 IPC Periodic Tim
15 148 535724 0 0.00% 0.00% 0.00% 0 IPC Deferred Por
16 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
17 0 1 0 0.00% 0.00% 0.00% 0 IFS Agent Manage
18 88044 191372 460 0.00% 0.00% 0.00% 0 ARP Input
19 24 14 1714 0.00% 0.00% 0.00% 0 Entity MIB API
20 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
21 212 535723 0 0.00% 0.00% 0.00% 0 Dynamic ARP Insp
22 180 133945 1 0.00% 0.00% 0.00% 0 HC Counter Timer
23 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
24 204 99691 2 0.00% 0.00% 0.00% 0 Net Background
25 0 61 0 0.00% 0.00% 0.00% 0 Logger
26 200 535701 0 0.00% 0.00% 0.00% 0 TTY Background
27 584 536572 1 0.00% 0.00% 0.00% 0 Per-Second Jobs
28 214812 11512 18659 0.00% 0.04% 0.00% 0 Per-minute Jobs
29 8227772 42204744 194 4.07% 4.33% 4.33% 0 Cat4k Mgmt HiPri
30 24446620 19487756 1254 5.91% 8.93% 8.04% 0 Cat4k Mgmt LoPri
31 936 98689 9 0.00% 0.00% 0.00% 0 Galios Reschedul
32 0 11 0 0.00% 0.00% 0.00% 0 IOS ACL Helper
33 0 2 0 0.00% 0.00% 0.00% 0 NAM Manager
34 24 2 12000 0.00% 0.00% 0.00% 0 rf task
35 0 59 0 0.00% 0.00% 0.00% 0 BACK CHECK
36 10224 303460 33 0.00% 0.00% 0.00% 0 Net Input
37 1236 109614 11 0.00% 0.01% 0.00% 0 Compute load avg
38 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
39 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
40 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_ipcQ
41 0 12 0 0.00% 0.00% 0.00% 0 AggMgr Process
42 0 1 0 0.00% 0.00% 0.00% 0 SFF8472
43 0 4 0 0.00% 0.00% 0.00% 0 Collection proce
PIDRuntime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
44 0 3 0 0.00% 0.00% 0.00% 0 CEF switching ba
45 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
46 0 2 0 0.00% 0.00% 0.00% 0 AAA Server
47 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
48 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
49 3795480 5491845 691 0.79% 0.73% 0.73% 0 Spanning Tree
50 12884 632248 20 0.00% 0.01% 0.00% 0 DTP Protocol
51 8 53580 0 0.00% 0.00% 0.00% 0 Ethchnl
52 224 535802 0 0.00% 0.00% 0.00% 0 UDLD
53 4 4815 0 0.00% 0.00% 0.00% 0 DHCP Snooping
54 4 8930 0 0.00% 0.00% 0.00% 0 Port-Security
55 2192160 4404802 497 0.23% 0.19% 0.20% 0 IP Input
56 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
57 15904 318168 49 0.00% 0.02% 0.00% 0 CDP Protocol
59 0 3 0 0.00% 0.00% 0.00% 0 SNMP Timers
61 468 9106 51 0.00% 0.00% 0.00% 0 CEF background p
62 0 2 0 0.00% 0.00% 0.00% 0 XDR mcast
63 0 1 0 0.00% 0.00% 0.00% 0 IPC LC Message H
64 0 1 0 0.00% 0.00% 0.00% 0 XDR RP Ping Back
65 0 4493 0 0.00% 0.00% 0.00% 0 XDR RP backgroun
66 0 1 0 0.00% 0.00% 0.00% 0 XDR RP Test Back
67 0 1 0 0.00% 0.00% 0.00% 0 IP IRDP
68 9692 813686 11 0.07% 0.07% 0.07% 0 CEF: IPv4 proces
69 0 37 0 0.00% 0.00% 0.00% 0 ADJ background
70 80 1199 66 0.00% 0.00% 0.00% 0 L2MM
71 0 1 0 0.00% 0.00% 0.00% 0 MRD
72 120 898 133 0.00% 0.00% 0.00% 0 IGMPSN
73 0 1 0 0.00% 0.00% 0.00% 0 IGMPSN-HA
74 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
75 0 2 0 0.00% 0.00% 0.00% 0 L2TRACE SERVER
76 176 24774 7 0.00% 0.00% 0.00% 0 TCP Timer
77 12 36 333 0.00% 0.00% 0.00% 0 TCP Protocols
78 41232 184874 223 0.00% 0.02% 0.00% 0 HTTP CORE
79 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLE
80 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
81 0 2 0 0.00% 0.00% 0.00% 0 ATIP_UDP_TSK
82 0 1 0 0.00% 0.00% 0.00% 0 DHCP Snooping HA
83 0 1 0 0.00% 0.00% 0.00% 0 Probe Input
84 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
85 23496 78863 297 0.00% 0.00% 0.00% 0 DHCPD Receive
86 88 9115 9 0.00% 0.00% 0.00% 0 IP Background
87 52 8939 5 0.00% 0.00% 0.00% 0 IP RIB Update
88 0 1 0 0.00% 0.00% 0.00% 0 COPS
89 0 6700 0 0.00% 0.00% 0.00% 0 Cluster L2
90 0 53582 0 0.00% 0.00% 0.00% 0 Cluster RARP
PIDRuntime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
91 0 2 0 0.00% 0.00% 0.00% 0 LOCAL AAA
92 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
93 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
94 0 3 0 0.00% 0.00% 0.00% 0 RADIUS TEST CMD
95 0 2 0 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
96 3612 2831796 1 0.00% 0.01% 0.00% 0 PM Callback
97 580 17887 32 0.00% 0.00% 0.00% 0 VLAN Manager
98 0 4465 0 0.00% 0.00% 0.00% 0 DHCPD Timer
99 4 12 333 0.00% 0.00% 0.00% 0 VTP Trap Process
100 0 2 0 0.00% 0.00% 0.00% 0 DHCP Security He
101 0 1 0 0.00% 0.00% 0.00% 0 DiagCard1/-1
102 0 1 0 0.00% 0.00% 0.00% 0 DiagCard3/-1
103 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
104 0 2 0 0.00% 0.00% 0.00% 0 VTPMIB EDIT BUFF
105 0 5 0 0.00% 0.00% 0.00% 0 SPAN switch
106 24 200 120 0.00% 0.00% 0.00% 0 IP SNMP
107 0 7 0 0.00% 0.00% 0.00% 0 PDU DISPATCHER
108 0 7 0 0.00% 0.00% 0.00% 0 SNMP ENGINE
109 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
110 444 216 2055 0.00% 0.00% 0.00% 0 SNMP Traps
111 1016 151762 6 0.00% 0.00% 0.00% 0 DHCPD Database
112 112 267874 0 0.00% 0.00% 0.00% 0 System polling
113 2340 4468 523 0.39% 0.55% 0.37% 2 Virtual Exec
TEST#
TEST#
TEST#
TEST#reloa
TEST#reload #这条命令可重新启动交换机
Y #是否保存
回车 #确定
TEST#
TEST#sh ver # 显示当前设备的版本信息
Cisco IOS Software, Catalyst 4000 L3 SwitchSoftware (cat4000-I9S-M), Version 12.2(25)EWA8, RELEASE SOFTWARE (fc1)
Technical Support:http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems,Inc.
Compiled Wed 24-Jan-07 14:38 by pwade
Image text-base: 0x10000000, data-base:0x114EECF0
ROM: 12.2(20r)EW1
Dagobah Revision 226, Swamp Revision 4
TEST uptime is 6 days, 4 hours, 50 minutes
System returned to ROM by power-on
System image file is"bootflash:cat4000-i9s-mz.122-25.EWA8.bin"
cisco WS-C4503 (MPC8245) processor (revision4) with 262144K bytes of memory.
Processor board ID FOX104406TX
MPC8245 CPU at 267Mhz, Supervisor II+TS
Last reset from PowerUp
15 Virtual Ethernet interfaces
44 Gigabit Ethernet interfaces
511K bytes of non-volatile configurationmemory.
Configuration register is 0x2102
TEST#