quit
7、 Trunk鏈路配置
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan all
quit
動態VLAN (在trunk端口上開啟gvrp)
gvrp
GigabitEthernet1/1/3
gvrp
quit
端口隔離
interface GigabitEthernet 1/0/1
port-isolate enable
quit
interface GigabitEthernet 1/0/2
port-isolate enable
quit
interface GigabitEthernet 1/0/3
port-isolate enable
ACL VLAN之間不能互通 (VLAN2與VLAN3不能互通)
acl number 3000
rule 0 deny ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule 1 permit ip
Interface vlan-interface 2
packet-filter inbound ip-group 3000
8、 S3100交換機堆疊
stacking ip-pool 129.10.1.15 3 255.255.255.0
stacking enable
quit
display stacking
9、 3600交換機堆疊
fabric-port GigabitEthernet 1/1/1 enable
fabric-port GigabitEthernet 1/1/2 enable
change self-unit to 1
set unit 1 name unit 1
sysname fabric
irf-fabric authentication-mode simple hello
fabric-port GigabitEthernet 1/1/1 enable
fabric-port GigabitEthernet 1/1/2 enable
change self-unit to 2
set unit 2 name unit 2
sysname fabric
irf-fabric authentication-mode simple hello
display ftm information
display irf-fabric
10、 OSPF簡易配置過程
ospf
area 0
network 192.168.1.0 0.0.0.255
11、 OSPF和RIP路由的雙向引入
ospf
import-route rip
rip
import-route ospf
stp生成樹
stp enable 開啟stp功能
stp root primary 設置此交換機為主根
stp root secondary 設置此交換機為備根
stp bpdu-protection BPDU保護功能
interface Ethernet 0/1
stp root-protection 根保護 配置在主副根交換機所有端口
stp edged-port enable 邊緣端口 建議同時配置BPDU保護 提高STP收斂速度
stp loop-protection 環路保護
DHCP(全局DHCP)
dhcp server ip-pool vlan2
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.1
dns-list 192.168.4.5
quit
dhcp server forbidden-ip 192.168.2.1
dhcp server ip-pool vlan3
network 192.168.3.0 mask 255.255.255.0
gateway-list 192.168.3.1
dns-list 192.168.4.5
quit
dhcp server forbidden-ip 192.168.3.1
interface vlan-interface 2
dhcp select global
quit
interface vlan-interface 3
dhcp select global
quit
NAT地址轉換
acl number 2001
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.30.0 0.0.0.255
rule 20 permit source 192.168.40.0 0.0.0.255
rule 25 permit source 192.168.50.0 0.0.0.255
rule 30 deny
nat address-group 1 1.1.1.3 1.1.1.3
interface GigabitEthernet0/0/1
ip address 1.1.1.2 255.255.255.248
nat outbound 2001 address-group 1
端口映射
nat server protocol tcp global 123.1.1.2 inside 192.168.4.5
nat server protocol tcp global 123.1.1.3 inside 192.168.4.6
設置服務器IP,MAC和端口綁定
Am user-bind ip-address 192.168.4.5 mac-address 00e0-fcab-cd11 interface e0/4
Am user-bind ip-address 192.168.4.6 mac-address 0000-0cab-cd12 interface e0/5
閱讀更多 電腦磚家鶴哥哥 的文章