如下為一臺灣企業的CISCO2950J交換機標準配置
1.清空vlan ,清空配置文件,然後重新啟動!
Switch#delete flash:vlan.dat ---刪除vlan
Switch#erase startup-config ---清除配置文件
Switch#reload ---重新啟動交換機
2.重新配置交換機
配置交換機名稱、密碼(enable、secret)
Switch(config)#hostname A-F5-2-01 -A ---把交換機命名成A-F5-2-01-A
A-F5-2-01 -A(config)#enable password switch ---設置enable密碼為switch
A-F5-2-01 -A(config)#enable secret cisco ---設置secret密碼為cisco
3.配置vlan(有兩種方法配置vlan)
a.進配置模式配置
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#vlan 455 ---新增vlan455
A-F5-2-01 -A(config-vlan)#vlan 456 ---新增vlan456
A-F5-2-01 -A(config-vlan)#vlan 457 ---新增vlan457
A-F5-2-01 -A(config-vlan)#vlan 458 ---新增vlan458
b.進vlan database 配置(此模式下不可以用end 退出,只能用exit退出)
A-F5-2-01 -A#vlan database ---進入vlan database模式
A-F5-2-01 -A(vlan)#vlan 465
VLAN 465 added:
Name: VLAN0465 默認名稱為vlan+0+vlan名稱
A-F5-2-01 -A(vlan)#vlan 466 ---新增vlan465
VLAN 466 added:
Name: VLAN0466 ---vlan系統默認名稱為VLAN0466
A-F5-2-01 -A(vlan)#vlan 467 name 467 ---vlan取名為467
VLAN 467 added:
Name: 467
A-F5-2-01 -A(vlan)#
A-F5-2-01 -A(vlan)#end ---end退出報錯誤,此模式下只能用exit退出
^
% Invalid input detected at '^' marker.
A-F5-2-01 -A(vlan)#exit ---exit退出正常
APPLY completed.
Exiting....
A-F5-2-01 -A#
4.配置管理IP、缺省網關、配置vty、console連接、添加登入賬號
A-F5-2-01 -A(config)#interface vlan 455
A-F5-2-01 -A(config-if)#ip address 192.168.1.1. 255.255.255.0 ---配置管理IP
A-F5-2-01 -A(config)#ip default-gateway 192.168. 1.250---配置缺省網關
A-F5-2-01 -A(config)#line ?
<0-16> First Line number
console Primary terminal line
vty Virtual terminal
A-F5-2-01 -A(config)#line vty 0 4 ---配置VTY ,總共可以同時通過5個連接
A-F5-2-01 -A(config-line)#password switch ---配置連接密碼switch
A-F5-2-01 -A(config-line)#login ---一定得配login否則前面配vty無效
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#line console 0 ---配console連接,此處勿配密碼
A-F5-2-01 -A(config-line)#logging synchronous
A-F5-2-01 -A(config-line)# end
A-F5-2-01 -A#conf t
Enter configuration commands, one per line. End with CNTL/Z.
A-F5-2-01 -A(config)#usern
A-F5-2-01 -A(config)#username echo pr
A-F5-2-01 -A(config)#username echo privilege 15 pass
A-F5-2-01 -A(config)#username echo privilege 15 password echo ---配置登錄賬號,權限15級,最高
(service password encryption 賬號加密命令,可配可不配,配了密碼show看不到)
A-F5-2-01 -A#
5.配置主端口、配置主端口允許通過的vlan、配置端口描述
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface gi0/1 ---進入千兆1端口
A-F5-2-01 -A(config-if)#switchport mode trunk ---配置trunk模式,此模式可連交換機
A-F5-2-01 -A(config-if)#no shutdown ---開啟端口
A-F5-2-01 -A(config-if)#exit
A-F5-2-01 -A(config)#interface gi0/2 ---進入千兆2端口
A-F5-2-01 -A(config-if)#switchport mode trunk
A-F5-2-01 -A(config-if)#no shutdown
A-F5-2-01 -A(config)#interface range gi0/1 -2 ---同時進入2個千兆口
A-F5-2-01 -A(config-if-range)#switchport trunk allowed vlan 455,456
------允許vlan 455,456通過
A-F5-2-01 -A(config-if-range)#switchport trunk allow vlan add 465,466
------增加vlan 465,466 通過,一定要加add,否則是替代不是增加
A-F5-2-01 -A(config-if-range)#end
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface gi0/1
A-F5-2-01 -A(config-if)#description connect to 4506 ---配置端口描述
A-F5-2-01 -A(config-if)#exit
A-F5-2-01 -A(config)#interface gi0/2
A-F5-2-01 -A(config-if)#description connect to 4506 ---配置端口描述
A-F5-2-01 -A(config-if)#exit
A-F5-2-01 -A(config)#interface range fa0/1 – 2 ---同時配置1-2號端口
A-F5-2-01 -A(config-if-range)#switchport mode trunk
A-F5-2-01 -A(config-if-range)#no shutdown
A-F5-2-01 -A(config-if-range)exit
A-F5-2-01 -A(config)#interface range fa0/3
A-F5-2-01 -A(config-if)#switchport mode access
A-F5-2-01 -A(config-if)#no shutdown
A-F5-2-01 -A(config)#interface fa0/1
A-F5-2-01 -A(config-if)#description connect to A-F5-2-01-B ---端口描述
A-F5-2-01 -A(config-if)#interface fa0/2 ----此模式下可直接從1端口跳到2端口進行配置
A-F5-2-01 -A(config-if)#description connect to A-F5-2-01-C
A-F5-2-01 -A(config-if)#interface fa0/3
A-F5-2-01 -A(config-if)#description connect to A-F5-2-01-D
A-F5-2-01 -A#
6.配置普通端口assess模式,把普通端口加入vlan
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface range fastEthernet0/4 – 24 ---同時配置4-24號端口
A-F5-2-01 -A(config-if-range)#switchport mode access
A-F5-2-01 -A(config-if-range)#end
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface range fa0/3
A-F5-2-01 -A(config-if)#switchport access vlan 465 ---把1-3端口加入vlan465
A-F5-2-01 -A(config-if-range)#interface range fa0/4 -24
A-F5-2-01 -A(config-if-range)#switchport access vlan 456 ---把4-24端口加入vlan456
A-F5-2-01 -A(config-if-range)#end
A-F5-2-01 -A#
7.配置廣播風暴,多播風暴,配置
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface range fa0/2 – 24
A-F5-2-01 -A(config-if-range)#storm-control bro
A-F5-2-01 -A(config-if-range)#storm-control broadcast level 2 ---配置廣播風暴
A-F5-2-01 -A(config-if-range)#storm-control multicast level 2 ---配置多播風暴
A-F5-2-01 -A(config-if-range)#storm-control action shutdown ---超過限制自動down掉
A-F5-2-01 -A(config-if-range)#end
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface range fastEthernet0/4 – 24
A-F5-2-01 -A(config-if-range)#spanning-tree portfast ---配置spantree
A-F5-2-01 -A(config-if-range)#spanning-tree bpduguard enable ---配置spantree
A-F5-2-01 -A (config-if-range)#end
8.配置允許兩個MAC地址通過端口
A-F5-2-01 -A#conf t
A-F5-2-01 -A(config)#interface range fa0/4 -24
A-F5-2-01 -A(config-if-range)#switchport port-security ---先啟用port-security
A-F5-2-01 -A(config-if-range)#switchport port-security maximum 2
------配置允許2個MAC地址通過,默認為一個
9.配置802.1X協議
A-F5-2-01 -A#conf t
Enter configuration commands, one per line. End with CNTL/Z.
A-F5-2-01 -A(config-if-range)#dot1x port-control auto ---配置成自動
A-F5-2-01 -A(config-if-range)#dot1x timeout tx-period 15 ---配置連接15s
A-F5-2-01 -A(config-if-range)#dot1x timeout server-timeout 30
A-F5-2-01 -A(config-if-range)#end
A-F5-2-01 -A#wr
A-F5-2-01 -A#show running-config
Building configuration...
Current configuration : 8524 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname A-F5-2-01 -A
!
enable secret 5 $1$0A 9M $TeUTsDGC2MeDZnH8S6l 7C / ---加密了的secret密碼
enable password switch ---enable密碼
!
username XXX privilege 15 password 0 XXX ---登入賬號及密碼
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1 ---連接cisco交換機(廣播、多播風暴在下層交換機端口上設置)
description connect to A-F5-2-01 -B
switchport mode trunk
storm-control action shutdown
!
interface FastEthernet0/2
description connect to A-F5-2-01 -C ---連接asus 2024B交換機
switchport mode trunk
storm-control broadcast level 2.00
storm-control multicast level 2.00
storm-control action shutdown
!
interface FastEthernet0/3 ---連接hub ,此端口設置成access模式,
description connect to A-F5-2-01 -D
switchport access vlan 465 ---假如465是VIP,則下面hub下端口都是VIP
switchport mode access
storm-control broadcast level 2.00
storm-control multicast level 2.00
storm-control action shutdown
!
interface FastEthernet0/4
switchport access vlan 456
switchport mode access ---端口所處模式,此模式不可接交換機,可接HUB
switchport port-security ---啟用port-security,默認不啟用
switchport port-security maximum 2 ---允許通過2個MAC地址
storm-control broadcast level 2.00 ---配置廣播風暴
storm-control multicast level 2.00 ---配置多播風暴
storm-control action shutdown ---超過上面的限制自動down掉
dot1x port-control auto ---802.1X協議
dot1x timeout tx-period 15
spanning-tree portfast ---配置spanning-tree協議
spanning-tree bpduguard enable
!
……
!
interface FastEthernet0/24
switchport access vlan 456
switchport mode access
switchport port-security
switchport port-security maximum 2
storm-control broadcast level 2.00
storm-control multicast level 2.00
storm-control action shutdown
dot1x port-control auto
dot1x timeout tx-period 15
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
description connect to 4506
switchport trunk allowed vlan 455,456,465,466
switchport mode trunk
!
interface GigabitEthernet0/2
description connect to 4506
switchport trunk allowed vlan 455,456,465,466
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan455
ip address 192.168.1.1 255.255.255.0 ---管理IP
no ip route-cache
!
ip default-gateway192.168.1.250 ---網關
ip http server
!
line con 0 --- console連接
logging synchronous
login
line vty 0 4 ---vty連接
password switch ---vty連接密碼
login
line vty 5 15
login
!
!
end