note of cisco

 
配置acl
 
Router2(config)#access-list 1 deny host 24.17.2.18 標準acl
Router2(config)#interface ethernet0
Router2(config-if)#ip access-group 1 in
Router2(config-if)#no ip access-group 1 in
Router1(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15
                any eq telnet log 可擴展acl
Router1(config)#access-list 102 permit ip 24.17.2.0 0.0.0.15 any log
Router1(config)#ip access-list extended deny_ping 可命名acl
Router1(config-ext-acl)#deny icmp host 192.168.1.18 192.168.1.1 0.0.0.0 log
Router1(config-ext-acl)#permit ip any any log
 
配置rip
Router1(config)#router rip
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.0.0.0
Router1(config-router)#network 172.16.0.0
 
 
 
配置OSPF
Router1#config terminal
Router1(config)# router ospf 100
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.1.1.0 0.0.0.255 area 0
Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0
 
配置VTP
Switch3(config)#interface vlan1
Switch3(config-if)#ip address 10.1.1.1 255.255.255.0
Switch3(config-if)#no shutdown
Switch4(config)#interface vlan1
Switch4(config-if)#ip address 10.1.1.2 255.255.255.0
Switch3#vlan database
Switch3(vlan)#vtp server
Switch3(vlan)#vtp domain Boson
Switch3(vlan)#vtp password rules
Switch4(config)#interface fast 0/12
Switch4(config-if)#switchport mode trunk
 
 show version ；顯示設備型號、Flash、DRAM、IOS版本 
    show ip interface brief ；顯示接口簡要信息（類型、狀態、協議狀態、IP地址） 
    show interface e0/0 ；顯示某接口詳細信息（MAC、IP、MASK、…） 
    show ip protocols ；顯示IP路由協議信息
show stacks ；提供路由器進程和處理器利用率信息, 用stack decode 
    show tech-support ；顯示幾個show命令的輸出 
    show access-lists ；查看訪問列表配置 
    show memory ；用於測試內存問題
Show dhcp server
Show arp ；顯示路由器的ARP表
 Ip access-list extended Example-Named-ACL 
    Deny tcp any any eq echo 
    Deny tcp any any eq 37 
    Permit udp host 172.16.10.2 any eq snmp
show startup-config ；顯示寫入NVRAM中的配置內容 
show running-config ；顯示當前運行的配置內容
show access-lists ；查看訪問列表配置
Show ip access-list ；顯示IP訪問列表（1-199） 
Show ip arp ；顯示路由器的ARP緩存（IP、MAC、封裝類型、接口） 
Show ip protocols ；顯示運行在路由器上的IP路由協議的信息 
Show ip route ；顯示IP路由表中的信息 
Show ip traffic ；顯示IP流量統計信息
ip route 0.0.0.0 0.0.0.0 192.168.201.250
ip route 192.168.1.0 255.255.255.0 192.168.201.251
username xxxxxx privilege 15 password 7 xxxxxxxxxxxxxx
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
ip address 192.168.201.1 255.255.255.0
interface range fastethernet 0/1 – 5  端口號之間需要加入空格
configure terminal
 
 
acl
 
interface Ethernet0/0 
ip address 10.1.1.1 255.255.255.0 
ip access-group 101 in      
 
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range EVERYOTHERDAY  
 
time-range EVERYOTHERDAY 
periodic Monday Wednesday Friday 8:00 to 17:00
 
router(config-std-nacl)# 20 permit any 
router(config-std-nacl)# no 10 permit 10.1.1.1
 
 
 
vlan
 
 
show vlan
 
vlan database
3524XL(vlan)#vlan 2 name cisco_vlan_2 
3524XL(vlan)#no vlan 2
3524XL#configure terminal
3524XL(config)#interface fastethernet 0/3
3524XL(config-if)#switchport access vlan 2
3524XL(config-if)#no switchport access vlan 2
3524XL(config-if)#end
 
Switch#show running-config
3524XL#write memory
Switch(config)#interface range fastethernet [mod/slot - mod/slot]
Switch(config-if-range)#switchport access vlan vlan_number
 
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#no shut
 
 
Switch#vlan database    改vlan名
 
Switch(vlan)#vlan 3
 
Switch(vlan)#name CISCO
 
Switch(vlan)#apply
 
Switch#configure terminal
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Switch(config)#access-list 105 permit ip 192.168.1.0 0.0.0.255 any
 
Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip access-group 101 in
Switch(config-if)#exit
 
Switch>enable
Switch#
 
 
 
 
 
 
 
 
 
 
 
 
h3c
 
[h3c]vlan17
[Quidway-vlan17]port g1/0/17
[Quidway-vlan17]interface Vlan-interface17
[h3c-Vlan-interface17]ip address 192.0.17.1 255.255.255.0
[h3c-Vlan-interface17]dhcp-server 1
 
 
5. 在VLAN接口10上選擇全局地址池方式分配IP地址 
[SwitchA-Vlan-interface10]dhcp select global 
6. 創建全局地址池，並命名爲”vlan10” 
[SwitchA]dhcp server ip-pool vlan10 
7. 配置vlan10地址池給用戶分配的地址範圍以及用戶的網關,dns地址 
[SwitchA-dhcp-vlan10]network 10.1.1.0 mask 255.255.255.0 
[SwitchA-dhcp-vlan10]gateway-list 10.1.1.1 
[SwitchA-dhcp-vlan10]dns-list 202.96.209.5 202.96.209.133 
8. 禁止分配給用戶的ip 
[SwitchA]dhcp server forbidden-ip 10.1.1.1 10.1.1.23 
[SwitchA]dhcp server forbidden-ip 10.1.1.200 10.1.1.250 
9.配置vlan接口通過dhcp方式獲取ip（缺省情況下vlan接口不通過dhcp方式獲取ip） 
[h3c]int vlan 3 
[h3c-vlan-intterface]ip address dhcp-alloc
11,路由配置 
[h3c]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
 
telnet配置： 
[h3c]user-intface vty 0 3 
[h3c-vty0 3]authentication-mode password 
[h3c-vty0 3]set authentication password simple 123456 
[h3c-vty0 3]user privilege level 3 設置vty可以執行的命令級別 
[h3c]management-vlan 2 設置管理vlan 
[h3c]local-user zhh 
[h3c-zhh]service-tye telnet level 3 
[h3c]telnet-server source-interface vlan-interface 2(爲telnet服務端指定接口) 
[h3c]telnet-server source-ip 192.168.1.1 (爲telnet服務端指定ip) 
[h3c]telnet source-interface vlan-interface 2 （爲telnet客戶端指定端口） 
[h3c]telent source-ip 192.168.1.1
#定義8:00至18:00的週期時間段。
 
<H3C> system-view
 
[H3C] time-range test 8:00 to 18:00 daily
(2)       定義源IP爲10.1.1.1的ACL
 
#創建並進入ACL 2000視圖。
 
[H3C] acl number 2000
 
#定義源IP爲10.1.1.1的訪問規則。
 
[H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
 
[H3C-acl-basic-2000] quit
 
(3)       在端口上應用ACL
 
#在端口上應用ACL 2000。
 
[H3C] interface Ethernet1/0/1
 
[H3C-Ethernet1/0/1] qos
 
[H3C-qoss-Ethernet1/0/1] packet-filter inbound ip-group 2000