cisco lan switching cli
--------------------------
1. cli 使用方法
--------------------
enter
switch>
switch>?
switch>enable
switch#
switch#configure terminal
switch(config)#
switch(config)#command
switch(config)#no command
switch(config)#end
switch#
switch#show command |{ beign | include | exclude } reg-expression
switch#ctrl+c
swtich#terminal history [size lines]
switch#
switch#more file-url |{begin | include |exclude } reg-expression
switch#more nvram:startup-config
switch#more system:running-config
switch#telnet host
switch#show sessions
switch#disconnect connection-number
switch#
switch#terminal length lines
switch#terminal width characters
switch(config-line)#length lines
switch(config-line)#width characters
switch#
switch(config-line)#absolute-timeout minutes
switch(config-line)#session-timeout minutes [output]
switch(config-line)#exec-timeout minutes [seconds]
switch(config-line)#no exec-timeout
switch(config-line)#exec-timeout 0 0
switch(config-line)#logout-warning [seconds]
switch(config-line)#exit
switch(config)#
switch(config)#ip http server
switch(config)#ip http port number
switch(config)#ip http access-class access-list
switch(config)#ip http authentication {aaa | enable| local |tacacs}
------------------------
Ctrl+Break
rommon>
rommon>?
rommon>command
rommon>history
rommon>repeat value
rommon>set
rommon>PARAMETER=value
rommon>BOOT=
rommon>sync
rommon>reset
rommon>dir [divice:]
rommon>boot [divice:filename]
rommon>
rommon>xmodem
-------------------------
2. 交换机的功能性
---------------------------
catalyst 2000 series
catalyst 3000 series
catalyst 4500 series
catalyst 6500 series
----------------------------
3. 配置 supervisor 引擎
----------------------------
(config)#hostname string
(config)#prompt string
(config)#banner motd & string &
switch(config)#hostname core_switch1
core_switch1(config)#banner motd &
This is core_switch1 for the xyz corporation.
You have accessed a restricted device, unauthorized logins are prohibited.
&
core_switch1(config)#end
core_switch1#copy running-config startup-config
(config)#interface vlan vlannumber
(config-if)#ip address address mask
(config-if)#management
or
(config-subif)#ip address address mask
(config-subif)#management
(config)#service config
#reload
(config)#ip default-gateway gatewayaddress
#show ip route default
(config)#ip domain-lookup
(config)#ip name-server serveraddress1 ......
(config)#ip host name address
(config)#[no] ip http server
switch(config)#interface vlan 986
switch(config-subif)#ip address 10.1.1.5 255.255.255.0
switch(config-subif)#management
switch(config-subif)#ip default-gateway 10.1.1.1
switch(config)#ip name-server 10.1.1.254
switch(config)#no ip http server
switch(config)#end
switch#copy running-config startup-config
(config-line)#login
(config-line)#password password
(config)#enable secret password
(config)#serive password-encryption
switch(config)#enable secret san-fran
switch(config)#line vty 0 4
switch(config-line)#password cisco
switch(config)#line console 0
switch(config-line)#login
switch(config-line)#password cisco
switch(config-line)#end
switch#copy running-config startup-config
switch:
switch:flash_init
switch:load_helper
switch:dir flash:
switch:rename flash:config.text flash:config.old
switch:boot
continue with the configuration dialog?[yes/no]:N
switch>
switch>enable
switch#rename flash:config.old flash:config.text
switch#copy flash:config.text system:running-config
switch#configure terminal
switch(config)#enable secret newpassword
switch(config)#line vty 0 4
switch(config-line)#password newpassword
switch(config)#line console 0
switch(config-line)#password newpassword
switch(config-line)#end
switch#copy running-config startup-config
%OIR-6-CONSOLE:changing console ownership to route processor
Ctrl+Break [issue break]
rommon>
rommon>confreg 0x2142
rommon>reset
! switch output omitted
continue with the configuration dialog?[yes/no]:N
router>enable
router#copy startup-config running-config
router#configure terminal
router(config)#enable secret newpassword
router(config)#line vty 0 4
router(config-line)#password newpassword
router(config)#line console 0
router(config-line)#password newpassword
router(config-line)#end
router#config-register 0x2102
router#copy running-config startup-config
#show module all
#show hardware
#show version
#session slot#
#power cycle module slot
(config)#no power enable module slot
(config)#power enable module slot
#show file systems
#cd [filesystem:] //default filesystem directory is flash:
#pwd
#dir [/all] [filesystem:][path/filename]
#show filesystem:
#show file information filesystem:path
#more [/ascii |/binary |/ebcdic] filesystem:path
#more /ascii flash:myconfig.txt
#delete [filesystem:]filename
#undelete index [filesystem:]
#squeeze filesystem
#delete [flash:/filename | bootflash:/filename | nvram:/filename]
#format filesystem:
#copy system:running-config nvram:startup-config
#copy source system:running-config
#copy source tftp://address/filename
#copy source flash-filesystem://path/filename
(config)#boot system flash flash-filesystem:/directory/filename
(config)#boot config device:directory/filename
alias command
cisco ios software version 10.3 to 11.3 command
show running-config
show startup-config
copy running-config startup-config
erase startup-config
copy running-config tftp:
copy startup-config running-config
copy tftp running-config
copy tftp startup-config
cisco ios software version 12.0 to 15.0 (IFS) command
show system:running-config or more system:running-config
show system:startup-config or more system:startup-config
copy ststem:running-config nvram:startup-config
erase nvram:
copy system:running-config tftp://address/filename
copy nvram:startup-config system:running-config
copy tftp://address/filename system:running-config
copy tftp://address/filename nvram:startup-config
#reload
#redundancy force-switchover
#copy source_device:source_filename destination_device:target_filename
(config)#redundancy
(redundancy)#main-cpu
(redundancy-maincpu)#auto-sync bootvar
(redundancy-maincpu)#end
#copy running-config startup-config
#show module all
(config)#cdp run
(config)#cdp timer interval
(config)#cdp holdtime interval
(config)#cdp {advertise-v2 | advertise-v1}
(config-if)#no cdp enable
#show cdp
#show cdp neighbors
#show cdp interface type mod/port
#show cdp port mod/port
(config)#cdp timer 60
(config)#cdp holdtime 180
(config)#interface fastethernet 0/1
(config-if)#no cdp enable
(config-if)#end
#copy running-config startup-config
(config)#clock timezone zone hrs-offset min-offset
(config)#clock summer-time zone recurring [week day month hh:mm week day
month hh:mm [offset]]
(config)#clock summer-time zone date [date month | month date] year hh:mm
[date month |month date] year hh:mm [offset]
#clock set hh:mm:ss [day month | month day] year
#calendar set hh:mm:ss [day month | month day] year
#clock update-calendar
(config)#ntp peer ip-address [version number][key keyid][source interface]
[prefer]
(config)#ntp broadcast
(config)#ntp broadcast client
(config)#ntp broadcastdelay microseconds
(config)#ntp authenticate
(config)#ntp authentication-key key-number md5 value
(config)#ntp trusted-key key-number
(config)#clock timezone EST -5
(config)#clock summer-time EST recurring 1 sunday april 2:00 last sunday
october 2:00
(config)#end
#clock set 15:30:00 August 11 1990
#copy running-config startup-config
(config)#ntp authenticate
(config)#ntp authentication-key 1 md5 sourceA
(config)#ntp authentication-key 2 md5 sourceB
(config)#ntp trusted-key 1
(config)#ntp trusted-key 2
(config)#ntp peer 172.17.76.247 key 1
(config)#ntp peer 172.31.31.1 key 2
#copy running-config startup-config
----------------------------------------
4. 配置2层接口
----------------------------------------
(config)#mac-address-table {dynamic | static | secure} mac-addr {vlan
vlan-id}{interface int1 ....}[protocol{ip | ipx | assigned}]
(config)#mac-address-table aging-time seconds [valn vlan-id]
(config)#no mac-address-table static mac-addr {vlan vlan-id}[interface
int1 ... ] [protocol {ip | ipx | assigned}]
#show mac-address-table dynamic
#show mac-address-table static [address mac-addr | detail |interface
interface-number | protocol protocol |vlan vlan-id]
#show mac-address-table address mac-addr [detail |{interface interface
interface-number}| {protocol protocol}|{vlan vlan-id} | all]
#show mac-address-table aging-time [vlan vlan-id]
#show mac-address-table count [vlan vlan-id] [slot slot-num]
#show mac-address-table address 00b0.d0f5.450e
#show mac-address-table dynamic interface gigabit 0/1
(config)#interface type mod/num
(config)#interface range prot-range
or
(config)#define interface-range macro-name port-range
(config)#interface range macro macro-name
(config)#interface range gig 1/1 - 2,gig 6/1
(config-if)#speed auto
(config)#interface gig 6/2 - 4
(config-if)#speed auto
(config-if)#description prot-name
(config-if)#speed {10 | 100 | 1000 | auto | nonegotiate}
(config-if)#duplex {full | half | auto}
(config-if)#flowcontrol {send | receive}{desired | off | on}
(config-if)#[no] negotiation auto
(config-if)#link debounce [time debounce_time]
(config-if)#switchport host
(config-if)#power inline {auto | never}
(config-if)#mtu bytes
(config)#errdisable recovery {interval interval}
(config)#[no] errdisable recovery cause reason
(config-if)#shutdown
(config-if)#no shutdown
(config-if)#description mail server
(config-if)#speed 100
(config-if)#duplex full
(config-if)#spanning-tree portfast
(config-if)#switchport mode access
(config-if)#no channel-group
(config-if)#no shutdown
#show interfaces [type num]
#show interfaces counters [broadcast|errors {module mod-num}|{trunk [
module mod-num]}]
#show interfaces [type num]
or
#show catalyst6500 chassis-mac-address
#show interfaces [interface [mod]] flowcontrol
#show port negotiation [mode[/port]]
#show port debounce [mode[/port]]
#show power inline [interface-id] [actual |configured]
#show interfaces [type num]
#show errdisable recovery
#collect top [number_of_ports] counters interface [type | all |layer-2 |
layer-3} [sort-by statistic_type] [interval seconds]
#show top counters interface report [report_num]
#clear top [all | report_num]
(config-if)#channel-protocol {pagp | lacp}
(config)#interface [mod[/port]]
(config-if)#spanning-tree cost cost
#show channel group //pagp
#show lacp-channel group //lacp
(config)#interface [mod[/port]]
(config-if)#spanning-tree vlan vlan-id cost cost
(config)#interface [mod[/port]]
(config-if)#channel-group {channel-group-number} mode {active | auto |
desirable | passive}
(config-if)#channel-group number mode {on | auto [non-silent] | desirable
[non-silent]}
(config-if)#channel-protocol pagp
(config)#port-channel load-balance method
(config)#lacp system-priority {value}
(config-if)#lacp port-priority {value}
(config)#interface [mod[/port]
(config-if)#channel-group number mode {active | on | {auto [non-silent]} |
{desitable [non-silent]} | passive}
(config-if)#channel-protocol lacp
(config)#interface fastethernet 4/1
(config-if)#channel-group 100 mode desirable non-silent
(config)#interface fastethernet 4/2
(config-if)#channel-group 100 mode desitable non-silent
(config)#port-channel load-balance src-des-ip
(config)#lacp system-priority 8192
(config)#interface fastethernet 6/1
(config-if)#channel-group 101 mode active
(config-if)#lacp port-priority 100
(config)#interface fastethernet 6/2
(config-if)#channel-group 101 mode active
(config-if)#lacp prot-priority 100
(config)#interface range fastethernet 6/7 - 8
(config-if-range)#channel-group 101 mode active
(config-if-range)#channel-protocol lacp
(config-if-range)#no shutdown
#show lacp [channel-group-number] | {counters | internal [detail] |
neighbor [detail]} | [sys-id]
#show interfaces capabilities
#show etherchannel summary
#show etherchannel [channel-group] load-balance
#show pagp [group-number] counters
#show etherchannel [channel-group] {port-channel | brief | detail |
summary/port | load-balance | protocol}
----------------------------------------------
5. 配置3层接口
------------------------------------------
(config)#interface type mod/port
(config-if)#no switchport
(config-if)#ip address address netmask
(config-if)#no shutdown
#show ip interface type mod/port
(config)#interface gigabitethernet 1/1
(config-if)#no switchport
(config-if)#ip address 192.168.10.1 255.255.255.0
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface port-channel number
(config-if)#ip address address netmask
(config)#interface tpye mod/port
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-gourp number mode {auto | desirable | on}
(config-if)#no shutdown
#show etherchannel number port-channel
#show interfaces port-channel channel-id
#show etherchannel 1 port-channel
#show interfaces port-channel 1
(config)#interface port-channel 1
(config-if)#ip address 192.168.10.1 255.255.255.0
(config)#interface gigabitethernet 1/1
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-group 1 mode on
(config-if)#no shutdown
(config)#interface gigabitethernet 2/1
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-group 1 mode on
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 0/1
(config-if)#channel-group 1 mode on
(config)#interface gigabitethernet 0/2
(config-if)#channel-group 1 mode on
(config-if)#end
#copy running-config startup-config
(config)#interface type slot/bay/number
(config-if)#ip address address netmask
(config-if)#no shutdown
(config)#interface type slot/subslot/port
(config)#ip address address netmask
(config-if)#no shutdown
(config)#interface pos slot/port
(config-if)#encapsulation {hdlc | ppp}
(config-if)#clock source {line | internal}
(config-if)#ip address address netmask
(config-if)#no shutdown
#show interface type number
#configure terminal
(config)#interface serial 0/0
(config-if)#encapsulation frame-relay
(config)#interface serial 0/0.110
(config-if)#frame-relay interface-dlci 110
(config-if)#ip address 192.168.255.5 255.255.255.252
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
#quit
>enable
#configure terminal
(config)#interface serial 7/0/0
(config-if)#encapsulation frame-relay
(config)#interface serial 7/0/0.120
(config-if)#frame-relay interface-dlci 120
(config-if)#ip address 192.168.255.6 255.255.255.252
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface vlan number
(config-if)#ip address address netmask
(config-if)#no shutdown
(config)#interface type number.subnumber
(config-subif)#encapsulation {dot1q | isl} vlannumber [native]
(config-subif)#ip address address netmask
(config-subif)#no shutdown
#show interface type number.subnumber
#show vlan [number]
3750(config)#interface gigabitethernet 49.10
3750(config-subif)#encapsulation dot1q 10
3750(config-subif)#no shutdown
3750(config)#interface vlan 10
3750(config-if)#ip address 192.168.10.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#end
#copy running-config startup-config
3560#configure terminal
3560(config)#vlan 10
3560(config-vlan)#exit
3560(config)#interface gigabitethernet 0/1
3560(config-if)#switchport mode trunk
3560(config-if)#switchport mode on
3560(config-if)#switchport trunk encapsulation dot1q
3560(config)#interface vlan 10
3560(config-if)#ip address 192.168.10.2 255.255.255.0
3560(config-if)#no shutdown
3560(config-if)#end
3560#copy running-config startup-config
(config-if)#ip address address netmask
(config)#ip route network netmask {nexthop | interface} [admin-distance]
(config)#router protocol
(config-router)#network network
#show protocol route
#show ip route
--------------------------------------------
6. VLALN 与 Trunking
-----------------------------------------
(config)#vtp domain domain-name
(config)#vtp mode transparent
(config)#vlan vlan-id [name vlan-name] [state {suspend | active}] [mtu
mtu-size]
(config)#vlan internal allocation policy descending
(config)#vlan vlan-id [name vlan-name] [state {suspend | active}] [mtu
mtu-size]
(config)#vtp mode transparent
(config)#vlan 5
(config-vlan)#name Cameron
(config)#vlan 8
(config-vlan)#name Logan
(config)#vlan 2112
(config-vlan)#name Rush
(config-valn)#end
#copy running-config startup-config
(config)#vlan 5
(config-vlan)#name Cameron
(config)#vlan 8
(config-vlan)#name Logan
(config-vlan)#end
#copy running-config startup-config
(config)#interface type mod/port
(config-if)#switchport access vlan number
(config)#RADIUS configuration
(config)#radius-server host ip_address
(config)#radius-server key key
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#aaa authorization default group radius
(config)#aaa authorization config-commands
(config)#dot1x system-auth-control
(config)#dot1x max-req
(config)#dot1x timeout quiet-period
(config)#dot1x timeout tx-period
(config)#dot1x timeout re-authperiod
(config)#dot1x re-authentication
(config-if)#dot1x port-control auto
#show dot1x
(config)#interface type mod/port
(config-if)#switchport mode dynamic [auto | desirable]
(config-if)#switchport mode trunk
(config-if)#switchport nonegotiate
(config-if)#no switchport mode trunk
(config)#interface type mod/port
(config-if)#switchport trunk encapsulation [negotiate | isl | dot1q]
(config)#interface type mod/port
(config-if)#switchport trunk native vlan number
(config)#interface type mod/port
(config-if)#swithchport trunk allowed vlan remove vlanlist
(config-if)#swithchport trunk allowed vlan add vlanlist
#show interface trunk
(config)#interface gigabitethernet 2/1
(config-if)#switchport mode trunk
(config-if)#swtichport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan allowed 5,8,10
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 1/1
(config-if)#switchport encapsulation negotiate
(config-if)#switchport mode dynamic auto
(config-if)#switchport trunk allowed valn allowed 1,10
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan allowed 5,8,10
(config-if)#end
#copy running-config startup-config
#vlan database //old command
(vlan_database)#vtp domain name
or
(config)#vtp domain name // new command //now is using
(config)#interface type mod/port
(config-if)#switchport mode dynamic [auto | desirable]
(config-if)#switchport mode trunk
(config-if)#switchport nonegatiate
#vlan database //old command
(vlan_database)#vtp password password
(vlan_database)#vtp {server | client | transparent}
(valn_database)#vtp pruning
(vlan_database)#vtp v2-mode
or
(config)#vtp password password //new command //now is using
(config)#vtp mode {server | client | transparent}
(config)#vtp pruning
(config)#vtp version 2
(config)#interface type mod/port
(config-if)#switchport trunk pruning vlan remove vlanlist
(config-if)#switchport trunk pruning vlan addd vlanlist
#show vtp status
#configure terminal
(config)#vtp mode transparent
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#exit
(config)#interface gigabitethernet 1/2
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp domain GO-CATS
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#exit
(config)#interface gigabitethernet 2/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp pruning
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsultion isl
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp mode client
(config)#interface gigabitethernet 0/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchort trunk pruning vlan remove 10
(config-if)#end
#copy running-config startup-config
3560#vlan database //old command
3560(vlan_database)#vtp transparent
or
3560(config)#vtp mode transparent //new command //now is using
(config)#vlan primary_number
(config-vlan)#private-vlan primary
(config)#vlan secondary_number
(config-vlan)#private-vlan [isolated | community]
(config)#vlan primary_number
(config-vlan)#private-vlan association secondary_number_list [add
secondary_number_list]
(config)#interface type mod/port
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association primary_number
secondary_number
(config)#interface type mod/port
(config-if)#switchport
(config-if)#switchport mode private-vlan promiscuous
(config-if)#switchport mode private-vlan mapping primary_number
secondary_number
(config)#interface primary_unmber
(config-if)#ip address address mask
(config-if)#private-vlan mapping primary_number secondary_number
(config)#interface type mod/port
(config-if)#port protected
#show prot protected
#show vlan private-vlan [type]
#show interface private-vlan mapping
#show interface type mod/port switchport
#configure terminal
(config)#vtp mode transparent
(config)#vlan 90
(config-vlan)#private-vlan primary
(config)#vlan 900
(config-vlan)#private-vlan isolated
(config)#vlan 901
(config-vlan)#private-vlan community
(config)#vlan 90
(config-vlan)#private-vlan association 900,901
(config)#interface range fastethernet 3/1 - 2
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association 90 900
(config-if)#no shutdown
(config)#interface range fastethernet 3/46, 3/48
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association 90 901
(config-if)#no shutdown
(config)#interface gigabitethernet 1/2
(config-if)#switchport
(config-if)#switchport mode private-vlan promiscuous
(config-if)#switchport mode private-vlan mapping 90 900,901
(config-if)#no shutdown
(config)#interface vlan 90
(config-if)#ip address 10.10.90.1 255.255.255.0
(config-if)#private-vlan mapping 90 900,901
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#interface fastethernet 0/1
(config-if)#switchport access vlan 10
(config-if)#port protected
(config)#interface fastethernet 0/2
(config-if)#switchport access vlan 10
(config-if)#port protected
(config)#interface gigabitethernet 0/3
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#end
#copy running-config startup-config
-----------------------------------------------
7. 生成树协议(STP)
----------------------------------------------
(config)#[no] spanning-tree [vlan vlan]
(config)#spanning-tree mode {pvst | mst | rapid-pvst}
(config)#spanning-tree mst configuration
(config-mst)#name name
(config-mst)#revision revision-number
(config-mst)#instance instance-id vlan vlan-range
(config-mst)#end
(config)#spanning-tree vlan vlan root {primary | secondary} [diameter
net-diameter] [hello-time hello-time]
or
(config)#spanning-tree mst instance-id root {primary | secondary} [
diameter net-diameter] [hello-time hello-time]
(config)#spanning-tree vlan vlan priority priority [diameter net-diameter]
[hello-time hello-time]
or
(config)#spanning-tree mst instance-id priority [diameter net-diameter] [
hello-time hello-time]
(config-if)#spanning-tree rootguard //old command
(config-if)#spanning-tree guard {root | loop | none} //new command
(config)#spanning-tree pathcost defaultcost-method {long | short}
(config-if)#spanning-tree cost cost
(config-if)#spanning-tree vlan vlan-id cost cost
or
(config-if)#spanning-tree mst instance-id cost cost
(config-if)#spanning-tree port-priority port-priority
(config-if)#spanning-tree vlan vlan-list port-priority priority
or
(config-if)#spanning-tree mst instance-id port-priority priority
(config)#udld {enable | aggressive}
(config)#udld message time interval
(config-if)#udld {enable | disable} //old command
(config-if)#udld port [aggressive] //new command
(config-if)#udld port disable
(config-if)#udld aggressive //old command
(config-if)#udld port aggressive //new command
(config-if)#spanning-tree loopguard //old command
(config-if)#spanning-tree guard loop //new command
#show spanning-tree vlan vlan
#show spanning-tree interface mod/num
(config)#spanning-tree vlan 10 root primary
or
(config)#spanning-tree vlan 10 priority 8192
(config)#spanning-tree vlan 100 root primary
(config)#spanning-tree vlan 101 root primary
or
(config)#spanning-tree vlan 100 priority 8192
(config)#spanning-tree vlan 101 priority 8192
(config)#spanning-tree vlan 100 root secondary
(config)#spanning-tree vlan 101 root secondary
or
(config)#spanning-tree vlan 100 priority 8200
(config)#spanning-tree vlan 101 priority 8200
(config)#interface fastethernet 1/1
(config-if)#spanning-tree vlan 101 cost 1000
(config)#interface fastethernet 1/2
(config-if)#spanning-tree vlan 100 cost 1000
(config)#spanning-tree vlan [vlan] hello-time interval
(config)#spanning-tree mst [instance-id] hello-time interval
(config)#spanning-tree vlan [vlan] forward-time delay
(config)#spanning-tree mst [instance-id] forward-time delay
(config)#spanning-tree vlan [vlan] max-age agingtime
(config)#spanning-tree mst [instance-id] max-age agingtime
(config)#spanning-tree portfast [trunk]
(config)#spanning-tree portfast bpduguard //old command
(config)#spanning-tree portfast bpduguard default //new command
(config-if)#spanning-tree bpduguard {enable | disable}
(config-if)#spanning-tree bpdu-filter //old command
(config-if)#spanning-tree bpdufilter {enable | disable} //new command
(config)#spanning-tree portfast bpdufilter default
(config)#spanning-tree uplinkfast [max-update-rate packets-per-second]
(config)#spanning-tree backbonefast
#show spanning-tree vlan vlan detail
#show spanning-tree vlan vlan [brief]
#show spanning-tree brief | begin VLAN vlan
#show spanning-tree brief | begin VLAN534
#show cdp neighbor type mod/num detail
#show cdp neighbor gigabitethernet 0/1 detail
#show cdp neighbor detail
#show spanning-tree brief | begin VLANvlan
#show spanning-tree vlan vlan | include BLOCKING
-------------------------------------------------------
8. 配置高可用特性
-----------------------------------
(config)#redundancy
(config-red)#mode {rpr | rpr-plus}
#copy running-config startup-config
#show redundancy states
(config)#redundancy
(config-red)#mode sso
#copy running-config startup-config
(config)#mls ip multicast sso convergence-time time
(config)#mls ip multicast sso leak interval
(config)#mls ip multicast sso leak percentage
(config)#router bgp as-number number
(config-router)#bgp graceful-restart
(config)#router ospf process-id
(config-router)#nsf
(config)#router eigrp as-number
(config-router)#nsf
#show redundancy states
#show mls ip sip multicast sso
(config-if)#standby [group-number] ip [ip-address [secondary]]
(config-if)#standby [group-number] priority priority [preempt [delay
minimum delay]]
(config-if)#standby [group-number] authentication string
(config-if)#standby [group-number] timers [msec] hellotime [msec] holdtime
(config)#interface vlan 199
(config-if)#standby 1 ip 192.168.104.1
(config-if)#standby 1 priority 210 preempt delay 60
(config-if)#standby 1 authentication myhsrpkey
(config-if)#standby 1 timers 3 10
(config)#interface vlan 199
(config-if)#standby 1 ip 192.168.104.1
(config-if)#standby 1 priority 200 preempt
(config-if)#standby 1 authentication myhsrpkey
(config-if)#standby 1 timers 3 10
#show standby brief
#show standby vlan vlan-number [hsrp-group] [brief]
#copy source_device:source_filename {disk0 | disk1 | sup-bootflash}:
target_name
or
#copy source_device:source_filename {slave-disk0 | slave-disk1 |
slavesup-bootflash}:target_filename
(config)#boot system flash device:file_name
(config)#configuration-register 0x2102
#copy running-config startup-config
#hw-module {module-num} reset
#redundancy force-switchover
---------------------------------
9. 多播
---------------------------------
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping vlan vlan-id
(config-if)#ip igmp snooping mrouter learn {cgmp | pim-dvmrp}
(config-if)#ip igmp snooping fast-leave
(config-if)#ip igmp snooping mrouter {interface{interface interface-number
} | {port-channel number}}
(config-if)#ip igmp snooping static {mac-address} {interface {interface
interface-number} | {port-channel number}}
(config-if)#ip igmp snooping querier
(config)#ip igmp query-interval seconds
(config)#ip igmp query-timeout seconds
(config)#interface fastethernet 2/1
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping fast-leave
(config-if)#switchport access vlan 199
(config)#interface fastethernet 2/3
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping fast-leave
(config-if)#switchport access vlan 199
(config)#interface vlan 199
(config-if)#ip igmp snooping static 0100.5e64.0123 interface fastethernet
2/1
(config-if)#ip igmp snooping static 0100.5e64.0123 interface fastethernet
2/3
#show ip igmp interface interface interface-number
#show ip igmp snooping mrouter interface vlan vlan-id
#show mac-address-table multicast vlan-id count
#show mac-address-table multicast [mac-group-address] [vlan-id]
#show ip igmp interface vlan-id
--------------------------------------
10. 服务器负载均衡(SLB)
----------------------------------
(config)#ip slb serverfarm serverfarm-name
(config-slb-sfarm)#predictor {roundrobin | leastconns}
(config-slb-sfarm)#nat server
(config)#ip slb natpool pool-name start-ip end-ip {netmask netmask |
prefix-length leading-1-bits} [entries init-addr [max-addr]]
(config-slb-sfarm)#nat client pool-name
(config-slb-sfarm)#bindid [bind-id]
(config-slb-sfram)#probe name
(config-slb-sfarm)#real ip-address
(config-slb-real)#maxconns number
(config-slb-real)#weight weighting-value
(config-slb-real)#reassign threshold
(config-slb-real)#faildetect numconns number-conns [numclients
number-clients]
(config-slb-real)#retry retry-value
(config-slb-real)#inservice
(config)#ip slb vserver virtual-server-name
(config-slb-vserver)#serverfarm serverfarm-name
(config-slb-vserver)#virtual ip-address [network-mask] {tcp | udp} [port |
wap | wap-wtp | wsp-wtls | wsp-wtp-wtls] [service
service-name]
(config-slb-vserver)#client ip-address network-mask
(config-slb-vserver)#sticky duration [group group-id] [netmask netmask]
(config-slb-vserver)#delay duration
(config-slb-vserver)#idle duration
(config-slb-vserver)#synguard syn-connt [interval]
(config-slb-vserver)#advertise [active]
(config-slb-vserver)#inservice [standby group-name]
(config-slb-vserver)#replicate casa listening-ip remote-ip port-number
[interval] [password [0|7] password [timeout]]
(config)#ip slb dfp [password [0|7] password [timeout]]
(config-slb-dfp)#agent ip-address port-number [timeout [retry-count [
retry-interval]]]
(config)#ip dfp agent subsystem-name
(config-dfp)#password [0|7] password [timeout]
(config-dfp)#port port-number
(config-dfp)#interval seconds
(config-dfp)#inservice
(config)#ip slb serverfarm RARM1
(config-slb-sfarm)#predictor leastconns
(config-slb-sfarm)#nat server
(config-slb-sfarm)#probe HTTP1
(config-slb-sfarm)#real 192.168.250.10
(config-slb-real)#weight 32
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 192.168.250.11
(config-slb-real)#weight 16
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 192.168.250.12
(config-slb-real)#weight 8
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config)#ip slb vserver VSERVER1
(config-slb-vserver)#serverfarm FARM1
(config-slb-vserver)#virtual 10.10.10.101 tcp www
(config-slb-vserver)#sticky 60 group 1
(config-slb-vserver)#advertise active
(config-slb-vserver)#inservice
(config-slb-vserver)#exit
(config)#ip slb dfp password 0 test123
(config-slb-dfp)#agent 192.168.250.10 2000
(config-slb-dfp)#agent 192.168.250.11 2000
(config-slb-dfp)#agent 192.168.250.12 2000
(config-slb-dfp)#exit
(config)#probe HTTP1 http
(config-slb-probe)#interval 120
(config-slb-probe)#port 80
(config-slb-probe)#request method get
(config-slb-probe)#exit
#show ip slb serverfarms [name serverfarm-name] [detail]
#show ip slb reals [vserver virtual-server-name] [detail]
#show ip slb vserver [name virtual-server-name] [detail]
#show ip slb conns [vserver virtual-server-name | client ipaddress][detail]
#show ip slb dfp [agent agent-ip-address port-number | manager
manager-ip-address | detail | weights]
#show ip slb replicate
#show ip slb probe [name probe_name] [detail]
#show ip slb stats
-----------------------------
(config)#ip slb firewallfarm firewallfarm-name
(config-slb-fw)#real ip-address
(config-slb-fw-real)#weight weighting-value
(config-slb-fw-real)#probe probe-name
(config-slb-fw-real)#inservice
(config-slb-fw)#access [source source-ip-address network-mask][destination
destination-ip-address network-mask]
(config-slb-fw)#predictor hash address [port]
(config-slb-fw)#replicate casa listening-ip remote-ip port-number [
interval] [password [0|7] password [timeout]]
(config-slb-fw)#{tcp | udp}
(config-slb-fw-tcp)#delay duration
(config-slb-fw-tcp)#idle duration
(config-slb-fw-tcp)#maxconns number
(config-slb-fw-tcp)#sticky duration [netmask netmask]
(config-slb-fw)#inservice
--------------------------------------
(config)#ip slb firewallfarm Outside
(config-slb-fw)#real 192.168.1.2
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping1
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#real 192.168.1.3
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping2
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#inservice
(config-slb-fw)#exit
(config)#ip slb probe Ping1 ping
(config-slb-probe)#address 192.168.100.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config)#ip slb probe Ping2 ping
(config-slb-probe)#address 192.168.100.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb firewallfarm Inside
(config-slb-fw)#real 192.168.100.2
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping1
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#real 192.168.100.3
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping2
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#inservice
(config-slb-fw)#exit
(config)#ip slb serverfarm Servers
(config-slb-sfarm)#nat server
(config-slb-sfarm)#probe HTTP1
(config-slb-sfarm)#real 10.70.1.10
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 10.70.1.20
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#exit
(config)#ip slb vserver Vservers
(config-slb-vserver)#serverfarm Servers
(config-slb-vserver)#virtual 10.5.1.80 tcp 0
(config-slb-vserver)#inservice
(config-slb-vserver)#exit
(config)#ip slb probe Ping1 ping
(config-slb-probe)#address 192.168.1.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb probe Ping2 ping
(config-slb-probe)#address 192.168.1.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb probe HTTP1 http
(config-slb-probe)#port 80
(config-slb-probe)#interval 240
(config-slb-probe)#request
(config-slb-probe)#exit
#show ip slb reals
#show ip slb reals detail
#show ip slb firewallfarm
#show ip slb conns [firewall firewallfarmname] [detail]
#show ip slb probe [name probe_name] [detail]
#show ip slb sticky
(config)#ip slb probe name {ping | http | wsp | dns | tcp | custom udp}
(config-slb-probe)#address [ip-address]
(config-slb-probe)#interval seconds
(config-slb-probe)#faildetect retry-count
(config-slb-probe)#port port-number
(config-slb-probe)#request [method {get | post | head | name name}]
[url path]
(config-slb-probe)#header field-name [field-value]
(config-slb-probe)#credentials username [password]
(config-slb-probe)#expect [status status-code] [ regex regular-expression]
(config-slb-probe)#url [path]
(config-slb-probe)#exit
#show ip slb probe [name probe-name] [detail]
-----------------------------------------------------
11. 流控与交换机访问控制
-----------------------------------
(config-if)#broadcast suppression threshold% //old command
(config-if)#storm-control {broadcast level high level [lower level] |
action {shutdown | trap}} //new command
(config-if)#storm-control unicast | multicast level level [.level]
#show interfaces switchport
#show interfaces counters storm-control
#show interfaces counters [interface] [broadcast]
6500#configure terminal
6500(config)#interface fastethernet 3/1
6500(config-if)#broadcast suppression 0.25 //old command
6500(config-if)#storm-control broadcast level 50 20 action trap //new
6500(config-if)#end
6500#show running-config interface fastethernet 3/1 | include suppression
6500#copy running-config startup-config
-----------------------------------
(config)#protocol-filter
(config-if)#switchport protocol {ip | ipx | group} {on | off | auto}
#show protocol-filtering
#show portocol-filtering interface {type slot/port}
(config)#protocol-filter
(config)#interface fastethernet 5/1
(config-if)#switchport protocol ip on
(config-if)#switchport protocol ipx off
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/2
(config-if)#switchport protocol ip on
(config-if)#switchport protocol ipx off
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/7
(config-if)#switchport protocol ip off
(config-if)#switchport protocol ipx on
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/9
(config-if)#switchport protocol ip auto
(config-if)#switchport protocol ipx auto
(config-if)#switchport protocol group off
(config-if)#end
#copy running-config startup-config
------------------------------------------------
(config-if)#switchport port-security
(config-if)#switchport port-security maximum number_of_address vlan {
valn_id | vlan_range}
(config-if)#switchport port-security mac-address mac_address
(config-if)#switchport port-security violation {protect|restrict|shutdown}
#show port security [interface interface_id] [address]
(config)#interface fastethernet 2/1
(config-if)#switchport port-security
(config-if)#switchport port-security mac-address 00-01-03-87-09-43
(config-if)#switchport port-security violation shutdown
(config)#interface fastethernet 2/2
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 10
(config)#interface fastethernet 2/3
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 3
(config-if)#end
#copy running-config startup-config
--------------------------------------------
(config)#access-list access-list-number {deny | permit | remark} {source
source-wildcard | host source | any}
(config)#access-list access-list-number {deny | permit | remark} protocol
{source source-wildcard | host source | any} [operator port]
{destination destination-wildcard | host destination | any}
{operator port}
(config)#ip access-list standard {name}
(config-std-nacl)#{deny | permit} {source source-wildcard | host source |
any}
(config)#ip access-list extended {name}
(config-ext-nacl)#{deny | permit} protocol {source source-wildcard | host
source | any} [operator port] {destination destination-
wildcard | host destination | any} [operator port]
(config)#vlan access-map name [number]
(config-access-map)#match ip addres {aclname | aclnumber}
(config-access-map)#action {drop | forward}
(config)#vlan filter mapname vlan-list list
#show ip access-lists [number | name]
#show vlan access-map [mapname]
#show vlan filter [access-map name | vlan vlan-id]
#show ip interface type number
(config)#ip access-list extended ip_subnet2host
(config-ext-nacl)#permit ip 10.101.0.0 0.0.255.255 host 10.101.1.1
(config)#ip access-list extended ping
(config-ext-nacl)#permit icmp any any echo
(config-ext-nacl)#permit icmp any any echo-reply
(config-ext-nacl)#exit
(config)#ip access-list extended ip_icmp
(config-ext-nacl)#permit icmp any any
(config-ext-nacl)#exit
(config)#ip access-list extended ip_tcp
(config-ext-nacl)#permit tcp any any
(config-ext-nacl)#exit
(config)#ip access-list extended ip_udp
(config-ext-nacl)#permti udp any any
(config-ext-nacl)#exit
(config)#vlan access-map watchlist 5
(config-access-map)#match ip address ip_subnet2host
(config-access-map)#action forward
(config)#vlan access-map watchlist 10
(config-access-map)#match ip address ping
(config-access-map)#action forward
(config)#vlan access-map watchlist 20
(config-access-map)#match ip address ip_icmp
(config-access-map)#action drop
(config)#vlan access-map watchlist 30
(config-access-map)#match ip address ip_tcp
(config-access-map)#action forward
(config)#vlan access-map watchlist 40
(config-access-map)#match ip address ip_udp
(config-access-map)#action drop
(config)#vlan access-map watchlist 50
(config-access-map)#action forward
(config-access-map)#exit
(config)#vlan filter watchlist vlan-list 101
(config)#end
#copy running-config startup-config
---------------------------------------------
(config)#aaa new-model
(config)#aaa authentication login {default | list-name} method1 [method2..]
//method {enalbe,krb5,krb5-telnet,line,local,local-case,none,group radius,
group tacacs+,group group-name.
(config)#line [aux | console | tty | vty] line-number [ending-line-number]
(config-line)#login authentication {default | list-name}
(config)#tacacs-server host hostname [single-connection] [port integer] [
timeout integer] [key string]
(config)#aaa authentication login {default | list-name} method1 [method2..]
(config)#tacacs-server key key
(config)#radius-server host {hostname | ip-address} [auth-port port-number]
[acct-port port-number] [key string]
(config)#aaa authentication login {default | list-name} method1 [method2..]
(config)#radius-server key string
#show radius statistics
#show tacacs
(config)#aaa new-model
(config)#ip radius source-interface loopback 0
(config)#radius-server host 192.168.1.10
(config)#aaa authentication login CONSOLE group radius
(config)#radius-server key 789xyz
(config)#line console 0
(config-line)#login authentication CONSOLE
(config-line)#exit
(config)#ip tacacs source-interface loopback 0
(config)#tacacs-server host 192.168.1.8
(config)#aaa authentication login TELNET group tacacs+
(config)#tacacs-server key abc123
(config)#line vty 0 4
(config-line)#login authentication TELNET
(config-line)#exit
-------------------------------------------
(config)#access-list access-list-number permit {source [source-wildcard] |
any} [log]
(config)#line vty line-number [ending-line-number]
(config-line)#access-class access-list-number in
(config-line)#exit
(config)#ip http access-class {access-list-number | name}
#show line [line-number | summary]
#configure terminal
(config)#access-list 1 permit 172.168.5.0 0.0.0.255
(config)#line vty 5 10
(config-line)#access-class 1 in
(config-line)#exit
---------------------------------------------
(config)#hostname hostname
(config)#ip domain-name domainname
(config)#crypto key generate rsa
(config)#ip ssh [version {1 | 2}]
#show ip ssh
#show ip permit
switch(config)#crypto key generate rsa
Enter modulus:1024
switch(config)#ip ssh
switch(config)#end
switch#copy running-config startup-config
------------------------------------------
(config)#radius-server host address key string
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config-if)#dot1x port-control {auto |force-authorized |force-unauthorized}
(config)#radius-server host 10.1.1.1 key funhouse
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config)#interface fastethernet 3/6
(config-if)#dot1x port-control auto
(config-if)#end
#copy running-config startup-config
--------------------------------------------------
(config)#interface fastethernet 1/0/2
(config-if)#switchport mode access
(config-if)#switchport port-security
(config-if)#switchport port-security mac-address 0011.856D.9AF9
(config-if)#switchport port-security violation shutdown
(config-if)#end
#show error-disable
(config)#errdisable recovery cause psecure-violation
#show port-security interface fastethernet 1/0/2
-----------------------------------------------------
(config)#ip dhcp snooping vlan 1
(config)#interface fastethernet 1/0/3
(config-if)#ip dhcp snooping trust
(config-if)#end
#show ip dhcp snooping
#show ip dhcp snooping binding
------------------------------------------
(config)#ip arp inspection vlan 1
(config)#interface fastethernet 1/0/3
(config-if)#ip arp inspection trust
(config-if)#end
#show ip arp inspection vlan 1
-------------------------------------------
12. 交换机的管理
---------------------------------------
(config)#[no] logging on
(config)#logging syslog-host //old command
(config)#logging host {ip-address | hostname} //new command
(config)#logging facility facility-type
(config)#logging trap level
//level {emergencies=0 | alerts=1 | critical=2 | errors=3 | warnings=4 |
notifications=5 | informational=6 | debugging=7}
(config)#logging source-interface type number
(config)#logging history level
(config)#logging history size number
(config)#logging buffered [size]
#clear logging
(config)#logging file [flash:]filename [max-file-size][min-file-size] level
(config)#logging console level
(config)#logging monitor level
(config-line)#logging synchronous [level level | all] [limit buffers]
(config)#service timestamps log {uptime | datetime}
(config)#logging rate-limit number [all | console] [except level]
(config)#logging 192.168.254.91
(config)#logging buffered 65536
(config)#service timestamps log datetime
#show logging
#show logging
--------------------------------
(config)#snmp-server contact contact-string
(config)#snmp-server location location-string
(config)#snmp-server chassis-id id-string
(config)#snmp-server view view-name oid-tree {included | excluded}
(config)#snmp-server community string [view view] [ro | rw] [acc-list]
(config)#snmp-server engineID [local id-string] [remote ip-address
udp-port port id-string]
(config)#snmp-server engineID remote ip-address [udp-port port] id-string
(config)#snmp-server group [groupname {v1 | v2c | v3 {auth | noauth}}] [
read readview] [write writeview] [notify notifyview] [access
acc-list]
(config)#snmp-server user username groupname [remote ip-address] {v1 | v2c}
[access acc-list]
(config)#snmp-server user username groupname [remote ip-address] v3 [
encrypted] [auth {md5 | sha} auth-password] [access acc-list]
(config)#snmp-server system-shutdown
(config)#snmp-server tftp-server-list acc-list
(config)#snmp-server enable {traps [type] [option] | informs}
(config)#snmp-server host host [traps | informs] [version {1 | 2c | 3 [
auth | noauth]}] community-string [udp-port port] [type]
(config)#snmp-server trap-timeout seconds
(config)#snmp-server queue-length length
(config)#snmp-server trap-source interface
(config-if)#[no] snmp trap link-status
(config-if)#rmon collection stats index [owner name]
(config-if)#rmon collection history index [owner name] [buckets nbuckets]
[interval seconds]
(config)#rmon alarm number object interval {delta | absolute}
rising-threshold rise [event] falling-threshold fall [event]
[owner string]
(config)#rmon event number [description string] [owner name] [trap
community] [log]
------------------------------------------
(config)#snmp-server contact John Doe, Network Operations
(config)#snmp-server location Building A, closet 123
(config)#snmp-server community public ro 5
(config)#snmp-server community noc-team rw 6
(config)#snmp-server host 172.30.5.93 traps nms
(config)#snmp-server enable traps
(config)#no snmp-server enable config
(config)#access-list 5 permit 172.30.0.0 0.0.255.255
(config)#access-list 6 permit host 172.30.5.91
(config)#access-list 6 permit host 172.30.5.95
(config)#interface gig 3/1
(config-if)#no snmp trap link-status
#show snmp
#show rmon [alarms | events | history | statistics]
------------------------------------------
(config)#interface dest-interface
(config-if)#port monitor [src-interface | vlan src-vlan] //old command
(config)#monitor session session source {{interface interface} | {vlan
vlan-range}} [rx | tx | both]
(config)#monitor session session destination {{interface interface-range}|
{vlan vlan-range}} [rx | tx | both]
(config)#monitor session session filter vlan vlan-range
(config)#no monitor session session
----------------------------------------
(config)#vlan vlan_id{[-vlan_id] | [,vlan_id]
(config-vlan)#remote-span
(config)#monitor session session_number source {{single_interface |
interface_list | interface_range | mixed_interface_list |
single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx
| both]} | {remote vlan rspan_vlan_id}
(config)#monitor session session_number destination {single_interface |
interface_list | interface_range | mixed_interface_list} | {
remote vlan rspan_vlan_id}}
(config)#no monitor session {session_number | all | local | range
session_range[[,session_range],...] | remote}
(config)#monitor session 1 source vlan 58 both
(config)#monitor session 1 destination interface fast 5/1
(config)#monitor session 2 source interface fast 2/4 both
(config)#monitor session 2 destination interface fast 5/48
B(config)#vlan 901
B(config-vlan)#remote-span
B(config)#interface fast 3/1
B(config-if)#switchport access vlan 901
B(config)#monitor session 1 source interface fast 3/1 both
C(config)#vlan 901
C(config-vlan)#remote-span
C(config)#interface fast 5/48
C(config-if)#switchport access vlan 901
C(config)#monitor session 1 destination interface fast 5/48
A(config)#vlan 901
A(config-vlan)#remote-span
#show monitor session [session_number]
#show monitor capture
#show monitor session 1
#show monitor session 1 detail
---------------------------
6500(config)#power redundancy-mode {combined | redundant}
6500(config)#[no] power enable power-supply number
6500(config)#[no] power enable module mod
6500#show power
6500#show power status all
-------------------------------
#show environment temperature
-----------------------------
#ping [host]
#traceroute [protocol] [host]
#traceroute mac [interface type interface-number] source-mac-address
[interface type interface-number] destination-mac-address [vlan vlan-id]
[detail]
#traceroute mac 00b0.d040.01d1 0010.a4c6.b4b7 detail
-------------------------------------------------------------
13. 服务质量
---------------------------------------
(config-if)#switchport priority default cos
(config-if)#switchport priority override
(config-if)#switchport priority extend {cos cos | none | trust}
(config)#mls qos
(config-if)#mls qos vlan-based
(config-if)#mls qos cos cos-value
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp dscp1 ... dscp8
(config)#no mls qos map cos-dscp
(config-if)#mls qos trust cos
(config)#mls qos map ip-prec-dscp dscp1 ... dscp8
(config-if)#mls qos trust ip-precedence
(config-if)#mls qos trust dscp
(config)#mls qos map dscp-mutation desc-mutation-name in-dscp to out-dscp
(config-if)#mls qos dscp-mutation dscp-mutation-name
(config-if)#rcv-queue queue-limit queue1 queue2
(config-if)#rcv-queue threshold queue-id threshold-percent-1 ...
threshold-percent-n
or
(config-if)#wrr-queue threshold queue-id threshold-percent-1 ...
threshold-percent-n
(config-if)#rcv-queue random-detect min-threshold queue-id thr1-min
thr2-min ...
(config-if)#rcv-queue random-detect max-threshold queue-id thr1-max
thr2-max ...
(config-if)#rcv-queue cos-map queue-id threshold-id cos-list
or
(config-if)#wrr-queue cos-map queue-id threshold-id cos-list
#show queueing interface
(config)#mls qos aggregate-policer aggregate-name rate brust [max-brust]
[pir peak-rate] [conform-action] [exceed-action action]
[violate-action action]
(config-if)#mls qos bridged
(config)#mls qos map policed-dscp internal-dscp to policed-dscp
(config)#access-list acc-list-number {permit|deny} ip source-ip source-mask
or
(config)#ip access-list standard acl-name
(config-std-nacl)#{permit | deny} source-ip [source-mask]
(config)#access-list acc-list {permit|deny} protocol source-ip source-mask
[operator [source-port]] destination-ip destination-mask [operator
[dest-port]] [precedence precedence] [dscp dscp] [tos tos]
or
(config)#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} protocol source-ip source-mask [operator
[source-port]] destination-ip destination-mask [operator
[dest-port]] [precedence precedence] [dscp dscp][tos tos]
(config)#access-list acc-list {permit | deny} icmp source-ip source-mask
destiantion-ip destination-mask [icmp-type [icmp-code] |
icmp-message] [precedence precedence] [dscp dscp] [tos tos]
or
(config)#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} icmp source-ip source-mask destination-ip
destination-mask [imcp-type [icmp-code] | icmp-message]
[precedence precedence] [dscp dscp] [tos tos]
(config)#access-list acc-list {permit | deny} igmp source-ip source-mask
destination-ip destination-mask [igmp-type] [precedence
precedence] [dscp dscp] [tos tos]
or
(config#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} igmp source-ip source-mask destination-ip
destination-mask [igmp-type] [precedence precedence] [
dscp dscp] [tos tos]
(config)#mac access-list extended acl-name
(config-ext-nacl)#{permit | deny} {source-mac source-mask | any} {dest-mac
dest-mask | any} ether-type
(config)#class-map class-name [match-all | match-any]
(config-cmap)#match access-group name acc-list
(config-cmap)#match ip precedence ipprec1 [...ipprecN]
(config-cmap)#match ip dscp dscp1 [...dscpN]
(config)#policy-map policy-name
(config-pmap)#map class-name
(config-pmap)#class class-name {access-group acc-list | dscp dscp1 [...
dscpN] | precedence ipprec1 [...ipprecN]}
(config-pmap-c)#trust {cos | dscp | ip-precedence}
(config-pmap-c)#police aggregate policer-name
(config-pmap-c)#police [aggregate policer-name] [flow] rate brust [max-
brust] [pir peak-rate] [conform-action action] [exceed-
action action] [violate-action action]
(config-if)#service-policy input policy-name
(config-if)#wrr-queue queue-limit queue1 queue2 [queue3] queue-priority
(config-if)#wrr-queue bandwidth weight1 weight2 [weight3]
(config)#mls qos map dscp-cos dscp-list to cos-value
(config-if)#wrr-queue threshold queue-id threshold-percent-1
threshold-percent-2
(config-if)#wrr-queue random-detect min-threshold queue-id thr1-min
thr2-min ...
(config-if)#wrr-queue random-detect max-threshold queue-id thr1-max
thr2-max ...
(config-if)#wrr-queue random-detect queue-id
(config-if)#wrr-queue cos-map queue-id threshold-id cos-list
#show queueing interface
#show mls qos {type number | port-channel number | vlan vlan-id]
#show queueing interface {type number | null interface-number | vlan
vlan-id}
#show mls qos maps
#show mls qos aggregate policer [aggregate-name]
#show class-map [class-name]
#show policy-map policy-map-name
#show policy-map interface [type number | null interface-number | vlan
vlan-id] [input | output]
(config)#mls qos statistics-export destination {host-name | host-ip-address
} {{port port-number} | syslog} [facility facility-name] [severity
severity-value]
(config)#mls qos statistics-export interval interval
(config)#mls qos statistics-export delimiter character
(config)#mls qos statistics-export
(config-if)#mls qos statistics-export
(config)#mls qos statistics-export aggregate-policer policer-name
(config)#mls qos statistics-export class-map classmap-name
(config)#mls qos statistics-export destination 192.168.111.14 syslog
(config)#mls qos statistics-export interval 300
(config)#mls qos statistics-export
(config)#interface gig 3/1
(config-if)#mls qos statistics-export
(config)#interface gig 3/2
(config-if)#mls qos statistics-export
(config)#mls qos statistics-export aggregate-policer MyPolicer
#show mls qos statistics-export info
----------------------------------------------
14. 语音技术
---------------------------------------
(config-if)#power inline {auto | never}
(config-if)#switchport access vlan vlan-id
(config-if)#switchport trunk native vlan vlan-id
(config-if)#switchport voice vlan vlan-id
(config-if)#switchport voice vlan dot1q
(config-if)#switchport voice vlan untagged
(config-if)#switchport voice vlan none
(config-if)#no channel-group
(config-if)#spanning-tree portfast
(config)#interface fastethernet 0/1
(config-if)#power inline auto
(config-if)#switchport access vlan 55
(config-if)#switchport trunk native vlan 55
(config-if)#switchport voice vlan 200
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport mode trunk
(config-if)#no channel-group
(config-if)#spanning-tree portfast
#show power inline [interface-id] [actual | configured]
#show cdp neighbor [interface-id] detail
#show interface [interface-id] switchport
#show cdp neighbor [interface-id] [detail]
-----------------------------------------------
(config-if)#mls qos vlan-based
(config-if)#mls qos trust cos
(config-if)#mls qos trust cos
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp 0 8 16 26 32 46 48 56
(config)#mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
(config-if)#switchport priority extend {trust | none}
(config-if)#switchport priority extend cos cos-value
(config-if)#mls qos trust dscp
(config)#ip access-list extended acl-name
(config-ext-nacl)#permit tcp any any range 2000 2002 dscp 26
(config-ext-nacl)#exit
(config)#policy-map policy-name
(config-pmap)#class class-name access-group acl-name
(config-pmap-c)#trust cos
(config)#interface vlan voice-vlan
(config-if)#service-policy input policy-name
(config-if)#no mls qos vlan-based
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#mls qos vlan-based
(config-if)#mls qos trust cos
(config-if)#no mls qos vlan-based
(config-if)#mls qos trust dscp
(config-if)#no mls qos trust cos
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp 0 8 16 26 32 46 48 56
(config)#mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
(config)#ip access-list extended acl-name
(config-ext-nacl)#permit tcp any any range 2000 2002 dscp 26
(config-ext-nacl)#exit
(config)#policy-map policy-name
(config-pmap)#class class-name access-group acl-name
(config-pmap-c)#trust cos
(config)#interface vlan voice-vlan
(config-if)#service-policy input policy-name
(config-if)#no mls qos vlan-based
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#wrr-queue cos-map 2 1 3
-------------------------------------
15. 布线快速参考
----------------------------------------
RJ-45 crossover cable 接头针脚分配
A端RJ-45针脚 A端类型 B端类型 B端RJ-45针脚
1 TX+ RX+ 3
2 TX- RX- 6
3 RX+ TX+ 1
4 - - 4
5 - - 5
6 RX- TX- 2
7 - - 7
8 - - 8
-----------------------------------------
16. 知名协议号,端口号与其他编号
------------------------------------------
ip 协议号
ICMP 1
IGMP 2
GGP 3
IP 4
TCP 6
EGP 8
IGRP 9
UDP 17
RDP 27
GRE 47
ESP 50
AH 51
NHRP 54
EIGRP 88
OSPF 89
LARP 91
IPIP 94
PIM 103
VRRP 112
L2TP 115
ISIS 124
FC 133
--------------------------------
以太网类型代码
0800 Internet IP (IPv4)
0806 ARP
0808 frame relay ARP
8035 reverse ARP
86DD IPv6
880B PPP
8847 MPLS unicast
8848 MPLS multicast
----------------------------------------------
--------------------------
1. cli 使用方法
--------------------
enter
switch>
switch>?
switch>enable
switch#
switch#configure terminal
switch(config)#
switch(config)#command
switch(config)#no command
switch(config)#end
switch#
switch#show command |{ beign | include | exclude } reg-expression
switch#ctrl+c
swtich#terminal history [size lines]
switch#
switch#more file-url |{begin | include |exclude } reg-expression
switch#more nvram:startup-config
switch#more system:running-config
switch#telnet host
switch#show sessions
switch#disconnect connection-number
switch#
switch#terminal length lines
switch#terminal width characters
switch(config-line)#length lines
switch(config-line)#width characters
switch#
switch(config-line)#absolute-timeout minutes
switch(config-line)#session-timeout minutes [output]
switch(config-line)#exec-timeout minutes [seconds]
switch(config-line)#no exec-timeout
switch(config-line)#exec-timeout 0 0
switch(config-line)#logout-warning [seconds]
switch(config-line)#exit
switch(config)#
switch(config)#ip http server
switch(config)#ip http port number
switch(config)#ip http access-class access-list
switch(config)#ip http authentication {aaa | enable| local |tacacs}
------------------------
Ctrl+Break
rommon>
rommon>?
rommon>command
rommon>history
rommon>repeat value
rommon>set
rommon>PARAMETER=value
rommon>BOOT=
rommon>sync
rommon>reset
rommon>dir [divice:]
rommon>boot [divice:filename]
rommon>
rommon>xmodem
-------------------------
2. 交换机的功能性
---------------------------
catalyst 2000 series
catalyst 3000 series
catalyst 4500 series
catalyst 6500 series
----------------------------
3. 配置 supervisor 引擎
----------------------------
(config)#hostname string
(config)#prompt string
(config)#banner motd & string &
switch(config)#hostname core_switch1
core_switch1(config)#banner motd &
This is core_switch1 for the xyz corporation.
You have accessed a restricted device, unauthorized logins are prohibited.
&
core_switch1(config)#end
core_switch1#copy running-config startup-config
(config)#interface vlan vlannumber
(config-if)#ip address address mask
(config-if)#management
or
(config-subif)#ip address address mask
(config-subif)#management
(config)#service config
#reload
(config)#ip default-gateway gatewayaddress
#show ip route default
(config)#ip domain-lookup
(config)#ip name-server serveraddress1 ......
(config)#ip host name address
(config)#[no] ip http server
switch(config)#interface vlan 986
switch(config-subif)#ip address 10.1.1.5 255.255.255.0
switch(config-subif)#management
switch(config-subif)#ip default-gateway 10.1.1.1
switch(config)#ip name-server 10.1.1.254
switch(config)#no ip http server
switch(config)#end
switch#copy running-config startup-config
(config-line)#login
(config-line)#password password
(config)#enable secret password
(config)#serive password-encryption
switch(config)#enable secret san-fran
switch(config)#line vty 0 4
switch(config-line)#password cisco
switch(config)#line console 0
switch(config-line)#login
switch(config-line)#password cisco
switch(config-line)#end
switch#copy running-config startup-config
switch:
switch:flash_init
switch:load_helper
switch:dir flash:
switch:rename flash:config.text flash:config.old
switch:boot
continue with the configuration dialog?[yes/no]:N
switch>
switch>enable
switch#rename flash:config.old flash:config.text
switch#copy flash:config.text system:running-config
switch#configure terminal
switch(config)#enable secret newpassword
switch(config)#line vty 0 4
switch(config-line)#password newpassword
switch(config)#line console 0
switch(config-line)#password newpassword
switch(config-line)#end
switch#copy running-config startup-config
%OIR-6-CONSOLE:changing console ownership to route processor
Ctrl+Break [issue break]
rommon>
rommon>confreg 0x2142
rommon>reset
! switch output omitted
continue with the configuration dialog?[yes/no]:N
router>enable
router#copy startup-config running-config
router#configure terminal
router(config)#enable secret newpassword
router(config)#line vty 0 4
router(config-line)#password newpassword
router(config)#line console 0
router(config-line)#password newpassword
router(config-line)#end
router#config-register 0x2102
router#copy running-config startup-config
#show module all
#show hardware
#show version
#session slot#
#power cycle module slot
(config)#no power enable module slot
(config)#power enable module slot
#show file systems
#cd [filesystem:] //default filesystem directory is flash:
#pwd
#dir [/all] [filesystem:][path/filename]
#show filesystem:
#show file information filesystem:path
#more [/ascii |/binary |/ebcdic] filesystem:path
#more /ascii flash:myconfig.txt
#delete [filesystem:]filename
#undelete index [filesystem:]
#squeeze filesystem
#delete [flash:/filename | bootflash:/filename | nvram:/filename]
#format filesystem:
#copy system:running-config nvram:startup-config
#copy source system:running-config
#copy source tftp://address/filename
#copy source flash-filesystem://path/filename
(config)#boot system flash flash-filesystem:/directory/filename
(config)#boot config device:directory/filename
alias command
cisco ios software version 10.3 to 11.3 command
show running-config
show startup-config
copy running-config startup-config
erase startup-config
copy running-config tftp:
copy startup-config running-config
copy tftp running-config
copy tftp startup-config
cisco ios software version 12.0 to 15.0 (IFS) command
show system:running-config or more system:running-config
show system:startup-config or more system:startup-config
copy ststem:running-config nvram:startup-config
erase nvram:
copy system:running-config tftp://address/filename
copy nvram:startup-config system:running-config
copy tftp://address/filename system:running-config
copy tftp://address/filename nvram:startup-config
#reload
#redundancy force-switchover
#copy source_device:source_filename destination_device:target_filename
(config)#redundancy
(redundancy)#main-cpu
(redundancy-maincpu)#auto-sync bootvar
(redundancy-maincpu)#end
#copy running-config startup-config
#show module all
(config)#cdp run
(config)#cdp timer interval
(config)#cdp holdtime interval
(config)#cdp {advertise-v2 | advertise-v1}
(config-if)#no cdp enable
#show cdp
#show cdp neighbors
#show cdp interface type mod/port
#show cdp port mod/port
(config)#cdp timer 60
(config)#cdp holdtime 180
(config)#interface fastethernet 0/1
(config-if)#no cdp enable
(config-if)#end
#copy running-config startup-config
(config)#clock timezone zone hrs-offset min-offset
(config)#clock summer-time zone recurring [week day month hh:mm week day
month hh:mm [offset]]
(config)#clock summer-time zone date [date month | month date] year hh:mm
[date month |month date] year hh:mm [offset]
#clock set hh:mm:ss [day month | month day] year
#calendar set hh:mm:ss [day month | month day] year
#clock update-calendar
(config)#ntp peer ip-address [version number][key keyid][source interface]
[prefer]
(config)#ntp broadcast
(config)#ntp broadcast client
(config)#ntp broadcastdelay microseconds
(config)#ntp authenticate
(config)#ntp authentication-key key-number md5 value
(config)#ntp trusted-key key-number
(config)#clock timezone EST -5
(config)#clock summer-time EST recurring 1 sunday april 2:00 last sunday
october 2:00
(config)#end
#clock set 15:30:00 August 11 1990
#copy running-config startup-config
(config)#ntp authenticate
(config)#ntp authentication-key 1 md5 sourceA
(config)#ntp authentication-key 2 md5 sourceB
(config)#ntp trusted-key 1
(config)#ntp trusted-key 2
(config)#ntp peer 172.17.76.247 key 1
(config)#ntp peer 172.31.31.1 key 2
#copy running-config startup-config
----------------------------------------
4. 配置2层接口
----------------------------------------
(config)#mac-address-table {dynamic | static | secure} mac-addr {vlan
vlan-id}{interface int1 ....}[protocol{ip | ipx | assigned}]
(config)#mac-address-table aging-time seconds [valn vlan-id]
(config)#no mac-address-table static mac-addr {vlan vlan-id}[interface
int1 ... ] [protocol {ip | ipx | assigned}]
#show mac-address-table dynamic
#show mac-address-table static [address mac-addr | detail |interface
interface-number | protocol protocol |vlan vlan-id]
#show mac-address-table address mac-addr [detail |{interface interface
interface-number}| {protocol protocol}|{vlan vlan-id} | all]
#show mac-address-table aging-time [vlan vlan-id]
#show mac-address-table count [vlan vlan-id] [slot slot-num]
#show mac-address-table address 00b0.d0f5.450e
#show mac-address-table dynamic interface gigabit 0/1
(config)#interface type mod/num
(config)#interface range prot-range
or
(config)#define interface-range macro-name port-range
(config)#interface range macro macro-name
(config)#interface range gig 1/1 - 2,gig 6/1
(config-if)#speed auto
(config)#interface gig 6/2 - 4
(config-if)#speed auto
(config-if)#description prot-name
(config-if)#speed {10 | 100 | 1000 | auto | nonegotiate}
(config-if)#duplex {full | half | auto}
(config-if)#flowcontrol {send | receive}{desired | off | on}
(config-if)#[no] negotiation auto
(config-if)#link debounce [time debounce_time]
(config-if)#switchport host
(config-if)#power inline {auto | never}
(config-if)#mtu bytes
(config)#errdisable recovery {interval interval}
(config)#[no] errdisable recovery cause reason
(config-if)#shutdown
(config-if)#no shutdown
(config-if)#description mail server
(config-if)#speed 100
(config-if)#duplex full
(config-if)#spanning-tree portfast
(config-if)#switchport mode access
(config-if)#no channel-group
(config-if)#no shutdown
#show interfaces [type num]
#show interfaces counters [broadcast|errors {module mod-num}|{trunk [
module mod-num]}]
#show interfaces [type num]
or
#show catalyst6500 chassis-mac-address
#show interfaces [interface [mod]] flowcontrol
#show port negotiation [mode[/port]]
#show port debounce [mode[/port]]
#show power inline [interface-id] [actual |configured]
#show interfaces [type num]
#show errdisable recovery
#collect top [number_of_ports] counters interface [type | all |layer-2 |
layer-3} [sort-by statistic_type] [interval seconds]
#show top counters interface report [report_num]
#clear top [all | report_num]
(config-if)#channel-protocol {pagp | lacp}
(config)#interface [mod[/port]]
(config-if)#spanning-tree cost cost
#show channel group //pagp
#show lacp-channel group //lacp
(config)#interface [mod[/port]]
(config-if)#spanning-tree vlan vlan-id cost cost
(config)#interface [mod[/port]]
(config-if)#channel-group {channel-group-number} mode {active | auto |
desirable | passive}
(config-if)#channel-group number mode {on | auto [non-silent] | desirable
[non-silent]}
(config-if)#channel-protocol pagp
(config)#port-channel load-balance method
(config)#lacp system-priority {value}
(config-if)#lacp port-priority {value}
(config)#interface [mod[/port]
(config-if)#channel-group number mode {active | on | {auto [non-silent]} |
{desitable [non-silent]} | passive}
(config-if)#channel-protocol lacp
(config)#interface fastethernet 4/1
(config-if)#channel-group 100 mode desirable non-silent
(config)#interface fastethernet 4/2
(config-if)#channel-group 100 mode desitable non-silent
(config)#port-channel load-balance src-des-ip
(config)#lacp system-priority 8192
(config)#interface fastethernet 6/1
(config-if)#channel-group 101 mode active
(config-if)#lacp port-priority 100
(config)#interface fastethernet 6/2
(config-if)#channel-group 101 mode active
(config-if)#lacp prot-priority 100
(config)#interface range fastethernet 6/7 - 8
(config-if-range)#channel-group 101 mode active
(config-if-range)#channel-protocol lacp
(config-if-range)#no shutdown
#show lacp [channel-group-number] | {counters | internal [detail] |
neighbor [detail]} | [sys-id]
#show interfaces capabilities
#show etherchannel summary
#show etherchannel [channel-group] load-balance
#show pagp [group-number] counters
#show etherchannel [channel-group] {port-channel | brief | detail |
summary/port | load-balance | protocol}
----------------------------------------------
5. 配置3层接口
------------------------------------------
(config)#interface type mod/port
(config-if)#no switchport
(config-if)#ip address address netmask
(config-if)#no shutdown
#show ip interface type mod/port
(config)#interface gigabitethernet 1/1
(config-if)#no switchport
(config-if)#ip address 192.168.10.1 255.255.255.0
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface port-channel number
(config-if)#ip address address netmask
(config)#interface tpye mod/port
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-gourp number mode {auto | desirable | on}
(config-if)#no shutdown
#show etherchannel number port-channel
#show interfaces port-channel channel-id
#show etherchannel 1 port-channel
#show interfaces port-channel 1
(config)#interface port-channel 1
(config-if)#ip address 192.168.10.1 255.255.255.0
(config)#interface gigabitethernet 1/1
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-group 1 mode on
(config-if)#no shutdown
(config)#interface gigabitethernet 2/1
(config-if)#no switchport
(config-if)#no ip address
(config-if)#channel-group 1 mode on
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 0/1
(config-if)#channel-group 1 mode on
(config)#interface gigabitethernet 0/2
(config-if)#channel-group 1 mode on
(config-if)#end
#copy running-config startup-config
(config)#interface type slot/bay/number
(config-if)#ip address address netmask
(config-if)#no shutdown
(config)#interface type slot/subslot/port
(config)#ip address address netmask
(config-if)#no shutdown
(config)#interface pos slot/port
(config-if)#encapsulation {hdlc | ppp}
(config-if)#clock source {line | internal}
(config-if)#ip address address netmask
(config-if)#no shutdown
#show interface type number
#configure terminal
(config)#interface serial 0/0
(config-if)#encapsulation frame-relay
(config)#interface serial 0/0.110
(config-if)#frame-relay interface-dlci 110
(config-if)#ip address 192.168.255.5 255.255.255.252
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
#quit
>enable
#configure terminal
(config)#interface serial 7/0/0
(config-if)#encapsulation frame-relay
(config)#interface serial 7/0/0.120
(config-if)#frame-relay interface-dlci 120
(config-if)#ip address 192.168.255.6 255.255.255.252
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
(config)#interface vlan number
(config-if)#ip address address netmask
(config-if)#no shutdown
(config)#interface type number.subnumber
(config-subif)#encapsulation {dot1q | isl} vlannumber [native]
(config-subif)#ip address address netmask
(config-subif)#no shutdown
#show interface type number.subnumber
#show vlan [number]
3750(config)#interface gigabitethernet 49.10
3750(config-subif)#encapsulation dot1q 10
3750(config-subif)#no shutdown
3750(config)#interface vlan 10
3750(config-if)#ip address 192.168.10.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#end
#copy running-config startup-config
3560#configure terminal
3560(config)#vlan 10
3560(config-vlan)#exit
3560(config)#interface gigabitethernet 0/1
3560(config-if)#switchport mode trunk
3560(config-if)#switchport mode on
3560(config-if)#switchport trunk encapsulation dot1q
3560(config)#interface vlan 10
3560(config-if)#ip address 192.168.10.2 255.255.255.0
3560(config-if)#no shutdown
3560(config-if)#end
3560#copy running-config startup-config
(config-if)#ip address address netmask
(config)#ip route network netmask {nexthop | interface} [admin-distance]
(config)#router protocol
(config-router)#network network
#show protocol route
#show ip route
--------------------------------------------
6. VLALN 与 Trunking
-----------------------------------------
(config)#vtp domain domain-name
(config)#vtp mode transparent
(config)#vlan vlan-id [name vlan-name] [state {suspend | active}] [mtu
mtu-size]
(config)#vlan internal allocation policy descending
(config)#vlan vlan-id [name vlan-name] [state {suspend | active}] [mtu
mtu-size]
(config)#vtp mode transparent
(config)#vlan 5
(config-vlan)#name Cameron
(config)#vlan 8
(config-vlan)#name Logan
(config)#vlan 2112
(config-vlan)#name Rush
(config-valn)#end
#copy running-config startup-config
(config)#vlan 5
(config-vlan)#name Cameron
(config)#vlan 8
(config-vlan)#name Logan
(config-vlan)#end
#copy running-config startup-config
(config)#interface type mod/port
(config-if)#switchport access vlan number
(config)#RADIUS configuration
(config)#radius-server host ip_address
(config)#radius-server key key
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#aaa authorization default group radius
(config)#aaa authorization config-commands
(config)#dot1x system-auth-control
(config)#dot1x max-req
(config)#dot1x timeout quiet-period
(config)#dot1x timeout tx-period
(config)#dot1x timeout re-authperiod
(config)#dot1x re-authentication
(config-if)#dot1x port-control auto
#show dot1x
(config)#interface type mod/port
(config-if)#switchport mode dynamic [auto | desirable]
(config-if)#switchport mode trunk
(config-if)#switchport nonegotiate
(config-if)#no switchport mode trunk
(config)#interface type mod/port
(config-if)#switchport trunk encapsulation [negotiate | isl | dot1q]
(config)#interface type mod/port
(config-if)#switchport trunk native vlan number
(config)#interface type mod/port
(config-if)#swithchport trunk allowed vlan remove vlanlist
(config-if)#swithchport trunk allowed vlan add vlanlist
#show interface trunk
(config)#interface gigabitethernet 2/1
(config-if)#switchport mode trunk
(config-if)#swtichport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan allowed 5,8,10
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 1/1
(config-if)#switchport encapsulation negotiate
(config-if)#switchport mode dynamic auto
(config-if)#switchport trunk allowed valn allowed 1,10
(config-if)#end
#copy running-config startup-config
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport trunk allowed vlan allowed 5,8,10
(config-if)#end
#copy running-config startup-config
#vlan database //old command
(vlan_database)#vtp domain name
or
(config)#vtp domain name // new command //now is using
(config)#interface type mod/port
(config-if)#switchport mode dynamic [auto | desirable]
(config-if)#switchport mode trunk
(config-if)#switchport nonegatiate
#vlan database //old command
(vlan_database)#vtp password password
(vlan_database)#vtp {server | client | transparent}
(valn_database)#vtp pruning
(vlan_database)#vtp v2-mode
or
(config)#vtp password password //new command //now is using
(config)#vtp mode {server | client | transparent}
(config)#vtp pruning
(config)#vtp version 2
(config)#interface type mod/port
(config-if)#switchport trunk pruning vlan remove vlanlist
(config-if)#switchport trunk pruning vlan addd vlanlist
#show vtp status
#configure terminal
(config)#vtp mode transparent
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#exit
(config)#interface gigabitethernet 1/2
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp domain GO-CATS
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation isl
(config-if)#exit
(config)#interface gigabitethernet 2/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp pruning
(config)#interface gigabitethernet 1/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsultion isl
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#vtp mode client
(config)#interface gigabitethernet 0/1
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchort trunk pruning vlan remove 10
(config-if)#end
#copy running-config startup-config
3560#vlan database //old command
3560(vlan_database)#vtp transparent
or
3560(config)#vtp mode transparent //new command //now is using
(config)#vlan primary_number
(config-vlan)#private-vlan primary
(config)#vlan secondary_number
(config-vlan)#private-vlan [isolated | community]
(config)#vlan primary_number
(config-vlan)#private-vlan association secondary_number_list [add
secondary_number_list]
(config)#interface type mod/port
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association primary_number
secondary_number
(config)#interface type mod/port
(config-if)#switchport
(config-if)#switchport mode private-vlan promiscuous
(config-if)#switchport mode private-vlan mapping primary_number
secondary_number
(config)#interface primary_unmber
(config-if)#ip address address mask
(config-if)#private-vlan mapping primary_number secondary_number
(config)#interface type mod/port
(config-if)#port protected
#show prot protected
#show vlan private-vlan [type]
#show interface private-vlan mapping
#show interface type mod/port switchport
#configure terminal
(config)#vtp mode transparent
(config)#vlan 90
(config-vlan)#private-vlan primary
(config)#vlan 900
(config-vlan)#private-vlan isolated
(config)#vlan 901
(config-vlan)#private-vlan community
(config)#vlan 90
(config-vlan)#private-vlan association 900,901
(config)#interface range fastethernet 3/1 - 2
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association 90 900
(config-if)#no shutdown
(config)#interface range fastethernet 3/46, 3/48
(config-if)#switchport
(config-if)#switchport mode private-vlan host
(config-if)#switchport mode private-vlan host-association 90 901
(config-if)#no shutdown
(config)#interface gigabitethernet 1/2
(config-if)#switchport
(config-if)#switchport mode private-vlan promiscuous
(config-if)#switchport mode private-vlan mapping 90 900,901
(config-if)#no shutdown
(config)#interface vlan 90
(config-if)#ip address 10.10.90.1 255.255.255.0
(config-if)#private-vlan mapping 90 900,901
(config-if)#no shutdown
(config-if)#end
#copy running-config startup-config
#configure terminal
(config)#interface fastethernet 0/1
(config-if)#switchport access vlan 10
(config-if)#port protected
(config)#interface fastethernet 0/2
(config-if)#switchport access vlan 10
(config-if)#port protected
(config)#interface gigabitethernet 0/3
(config-if)#switchport mode trunk
(config-if)#switchport trunk encapsulation dot1q
(config-if)#end
#copy running-config startup-config
-----------------------------------------------
7. 生成树协议(STP)
----------------------------------------------
(config)#[no] spanning-tree [vlan vlan]
(config)#spanning-tree mode {pvst | mst | rapid-pvst}
(config)#spanning-tree mst configuration
(config-mst)#name name
(config-mst)#revision revision-number
(config-mst)#instance instance-id vlan vlan-range
(config-mst)#end
(config)#spanning-tree vlan vlan root {primary | secondary} [diameter
net-diameter] [hello-time hello-time]
or
(config)#spanning-tree mst instance-id root {primary | secondary} [
diameter net-diameter] [hello-time hello-time]
(config)#spanning-tree vlan vlan priority priority [diameter net-diameter]
[hello-time hello-time]
or
(config)#spanning-tree mst instance-id priority [diameter net-diameter] [
hello-time hello-time]
(config-if)#spanning-tree rootguard //old command
(config-if)#spanning-tree guard {root | loop | none} //new command
(config)#spanning-tree pathcost defaultcost-method {long | short}
(config-if)#spanning-tree cost cost
(config-if)#spanning-tree vlan vlan-id cost cost
or
(config-if)#spanning-tree mst instance-id cost cost
(config-if)#spanning-tree port-priority port-priority
(config-if)#spanning-tree vlan vlan-list port-priority priority
or
(config-if)#spanning-tree mst instance-id port-priority priority
(config)#udld {enable | aggressive}
(config)#udld message time interval
(config-if)#udld {enable | disable} //old command
(config-if)#udld port [aggressive] //new command
(config-if)#udld port disable
(config-if)#udld aggressive //old command
(config-if)#udld port aggressive //new command
(config-if)#spanning-tree loopguard //old command
(config-if)#spanning-tree guard loop //new command
#show spanning-tree vlan vlan
#show spanning-tree interface mod/num
(config)#spanning-tree vlan 10 root primary
or
(config)#spanning-tree vlan 10 priority 8192
(config)#spanning-tree vlan 100 root primary
(config)#spanning-tree vlan 101 root primary
or
(config)#spanning-tree vlan 100 priority 8192
(config)#spanning-tree vlan 101 priority 8192
(config)#spanning-tree vlan 100 root secondary
(config)#spanning-tree vlan 101 root secondary
or
(config)#spanning-tree vlan 100 priority 8200
(config)#spanning-tree vlan 101 priority 8200
(config)#interface fastethernet 1/1
(config-if)#spanning-tree vlan 101 cost 1000
(config)#interface fastethernet 1/2
(config-if)#spanning-tree vlan 100 cost 1000
(config)#spanning-tree vlan [vlan] hello-time interval
(config)#spanning-tree mst [instance-id] hello-time interval
(config)#spanning-tree vlan [vlan] forward-time delay
(config)#spanning-tree mst [instance-id] forward-time delay
(config)#spanning-tree vlan [vlan] max-age agingtime
(config)#spanning-tree mst [instance-id] max-age agingtime
(config)#spanning-tree portfast [trunk]
(config)#spanning-tree portfast bpduguard //old command
(config)#spanning-tree portfast bpduguard default //new command
(config-if)#spanning-tree bpduguard {enable | disable}
(config-if)#spanning-tree bpdu-filter //old command
(config-if)#spanning-tree bpdufilter {enable | disable} //new command
(config)#spanning-tree portfast bpdufilter default
(config)#spanning-tree uplinkfast [max-update-rate packets-per-second]
(config)#spanning-tree backbonefast
#show spanning-tree vlan vlan detail
#show spanning-tree vlan vlan [brief]
#show spanning-tree brief | begin VLAN vlan
#show spanning-tree brief | begin VLAN534
#show cdp neighbor type mod/num detail
#show cdp neighbor gigabitethernet 0/1 detail
#show cdp neighbor detail
#show spanning-tree brief | begin VLANvlan
#show spanning-tree vlan vlan | include BLOCKING
-------------------------------------------------------
8. 配置高可用特性
-----------------------------------
(config)#redundancy
(config-red)#mode {rpr | rpr-plus}
#copy running-config startup-config
#show redundancy states
(config)#redundancy
(config-red)#mode sso
#copy running-config startup-config
(config)#mls ip multicast sso convergence-time time
(config)#mls ip multicast sso leak interval
(config)#mls ip multicast sso leak percentage
(config)#router bgp as-number number
(config-router)#bgp graceful-restart
(config)#router ospf process-id
(config-router)#nsf
(config)#router eigrp as-number
(config-router)#nsf
#show redundancy states
#show mls ip sip multicast sso
(config-if)#standby [group-number] ip [ip-address [secondary]]
(config-if)#standby [group-number] priority priority [preempt [delay
minimum delay]]
(config-if)#standby [group-number] authentication string
(config-if)#standby [group-number] timers [msec] hellotime [msec] holdtime
(config)#interface vlan 199
(config-if)#standby 1 ip 192.168.104.1
(config-if)#standby 1 priority 210 preempt delay 60
(config-if)#standby 1 authentication myhsrpkey
(config-if)#standby 1 timers 3 10
(config)#interface vlan 199
(config-if)#standby 1 ip 192.168.104.1
(config-if)#standby 1 priority 200 preempt
(config-if)#standby 1 authentication myhsrpkey
(config-if)#standby 1 timers 3 10
#show standby brief
#show standby vlan vlan-number [hsrp-group] [brief]
#copy source_device:source_filename {disk0 | disk1 | sup-bootflash}:
target_name
or
#copy source_device:source_filename {slave-disk0 | slave-disk1 |
slavesup-bootflash}:target_filename
(config)#boot system flash device:file_name
(config)#configuration-register 0x2102
#copy running-config startup-config
#hw-module {module-num} reset
#redundancy force-switchover
---------------------------------
9. 多播
---------------------------------
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping vlan vlan-id
(config-if)#ip igmp snooping mrouter learn {cgmp | pim-dvmrp}
(config-if)#ip igmp snooping fast-leave
(config-if)#ip igmp snooping mrouter {interface{interface interface-number
} | {port-channel number}}
(config-if)#ip igmp snooping static {mac-address} {interface {interface
interface-number} | {port-channel number}}
(config-if)#ip igmp snooping querier
(config)#ip igmp query-interval seconds
(config)#ip igmp query-timeout seconds
(config)#interface fastethernet 2/1
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping fast-leave
(config-if)#switchport access vlan 199
(config)#interface fastethernet 2/3
(config-if)#ip igmp snooping
(config-if)#ip igmp snooping fast-leave
(config-if)#switchport access vlan 199
(config)#interface vlan 199
(config-if)#ip igmp snooping static 0100.5e64.0123 interface fastethernet
2/1
(config-if)#ip igmp snooping static 0100.5e64.0123 interface fastethernet
2/3
#show ip igmp interface interface interface-number
#show ip igmp snooping mrouter interface vlan vlan-id
#show mac-address-table multicast vlan-id count
#show mac-address-table multicast [mac-group-address] [vlan-id]
#show ip igmp interface vlan-id
--------------------------------------
10. 服务器负载均衡(SLB)
----------------------------------
(config)#ip slb serverfarm serverfarm-name
(config-slb-sfarm)#predictor {roundrobin | leastconns}
(config-slb-sfarm)#nat server
(config)#ip slb natpool pool-name start-ip end-ip {netmask netmask |
prefix-length leading-1-bits} [entries init-addr [max-addr]]
(config-slb-sfarm)#nat client pool-name
(config-slb-sfarm)#bindid [bind-id]
(config-slb-sfram)#probe name
(config-slb-sfarm)#real ip-address
(config-slb-real)#maxconns number
(config-slb-real)#weight weighting-value
(config-slb-real)#reassign threshold
(config-slb-real)#faildetect numconns number-conns [numclients
number-clients]
(config-slb-real)#retry retry-value
(config-slb-real)#inservice
(config)#ip slb vserver virtual-server-name
(config-slb-vserver)#serverfarm serverfarm-name
(config-slb-vserver)#virtual ip-address [network-mask] {tcp | udp} [port |
wap | wap-wtp | wsp-wtls | wsp-wtp-wtls] [service
service-name]
(config-slb-vserver)#client ip-address network-mask
(config-slb-vserver)#sticky duration [group group-id] [netmask netmask]
(config-slb-vserver)#delay duration
(config-slb-vserver)#idle duration
(config-slb-vserver)#synguard syn-connt [interval]
(config-slb-vserver)#advertise [active]
(config-slb-vserver)#inservice [standby group-name]
(config-slb-vserver)#replicate casa listening-ip remote-ip port-number
[interval] [password [0|7] password [timeout]]
(config)#ip slb dfp [password [0|7] password [timeout]]
(config-slb-dfp)#agent ip-address port-number [timeout [retry-count [
retry-interval]]]
(config)#ip dfp agent subsystem-name
(config-dfp)#password [0|7] password [timeout]
(config-dfp)#port port-number
(config-dfp)#interval seconds
(config-dfp)#inservice
(config)#ip slb serverfarm RARM1
(config-slb-sfarm)#predictor leastconns
(config-slb-sfarm)#nat server
(config-slb-sfarm)#probe HTTP1
(config-slb-sfarm)#real 192.168.250.10
(config-slb-real)#weight 32
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 192.168.250.11
(config-slb-real)#weight 16
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 192.168.250.12
(config-slb-real)#weight 8
(config-slb-real)#faildetect numconns 4
(config-slb-real)#retry 30
(config-slb-real)#inservice
(config-slb-real)#exit
(config)#ip slb vserver VSERVER1
(config-slb-vserver)#serverfarm FARM1
(config-slb-vserver)#virtual 10.10.10.101 tcp www
(config-slb-vserver)#sticky 60 group 1
(config-slb-vserver)#advertise active
(config-slb-vserver)#inservice
(config-slb-vserver)#exit
(config)#ip slb dfp password 0 test123
(config-slb-dfp)#agent 192.168.250.10 2000
(config-slb-dfp)#agent 192.168.250.11 2000
(config-slb-dfp)#agent 192.168.250.12 2000
(config-slb-dfp)#exit
(config)#probe HTTP1 http
(config-slb-probe)#interval 120
(config-slb-probe)#port 80
(config-slb-probe)#request method get
(config-slb-probe)#exit
#show ip slb serverfarms [name serverfarm-name] [detail]
#show ip slb reals [vserver virtual-server-name] [detail]
#show ip slb vserver [name virtual-server-name] [detail]
#show ip slb conns [vserver virtual-server-name | client ipaddress][detail]
#show ip slb dfp [agent agent-ip-address port-number | manager
manager-ip-address | detail | weights]
#show ip slb replicate
#show ip slb probe [name probe_name] [detail]
#show ip slb stats
-----------------------------
(config)#ip slb firewallfarm firewallfarm-name
(config-slb-fw)#real ip-address
(config-slb-fw-real)#weight weighting-value
(config-slb-fw-real)#probe probe-name
(config-slb-fw-real)#inservice
(config-slb-fw)#access [source source-ip-address network-mask][destination
destination-ip-address network-mask]
(config-slb-fw)#predictor hash address [port]
(config-slb-fw)#replicate casa listening-ip remote-ip port-number [
interval] [password [0|7] password [timeout]]
(config-slb-fw)#{tcp | udp}
(config-slb-fw-tcp)#delay duration
(config-slb-fw-tcp)#idle duration
(config-slb-fw-tcp)#maxconns number
(config-slb-fw-tcp)#sticky duration [netmask netmask]
(config-slb-fw)#inservice
--------------------------------------
(config)#ip slb firewallfarm Outside
(config-slb-fw)#real 192.168.1.2
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping1
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#real 192.168.1.3
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping2
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#inservice
(config-slb-fw)#exit
(config)#ip slb probe Ping1 ping
(config-slb-probe)#address 192.168.100.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config)#ip slb probe Ping2 ping
(config-slb-probe)#address 192.168.100.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb firewallfarm Inside
(config-slb-fw)#real 192.168.100.2
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping1
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#real 192.168.100.3
(config-slb-fw-real)#weight 8
(config-slb-fw-real)#probe Ping2
(config-slb-fw-real)#inservice
(config-slb-fw-real)#exit
(config-slb-fw)#inservice
(config-slb-fw)#exit
(config)#ip slb serverfarm Servers
(config-slb-sfarm)#nat server
(config-slb-sfarm)#probe HTTP1
(config-slb-sfarm)#real 10.70.1.10
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#real 10.70.1.20
(config-slb-real)#inservice
(config-slb-real)#exit
(config-slb-sfarm)#exit
(config)#ip slb vserver Vservers
(config-slb-vserver)#serverfarm Servers
(config-slb-vserver)#virtual 10.5.1.80 tcp 0
(config-slb-vserver)#inservice
(config-slb-vserver)#exit
(config)#ip slb probe Ping1 ping
(config-slb-probe)#address 192.168.1.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb probe Ping2 ping
(config-slb-probe)#address 192.168.1.1
(config-slb-probe)#interval 10
(config-slb-probe)#faildetect 4
(config-slb-probe)#exit
(config)#ip slb probe HTTP1 http
(config-slb-probe)#port 80
(config-slb-probe)#interval 240
(config-slb-probe)#request
(config-slb-probe)#exit
#show ip slb reals
#show ip slb reals detail
#show ip slb firewallfarm
#show ip slb conns [firewall firewallfarmname] [detail]
#show ip slb probe [name probe_name] [detail]
#show ip slb sticky
(config)#ip slb probe name {ping | http | wsp | dns | tcp | custom udp}
(config-slb-probe)#address [ip-address]
(config-slb-probe)#interval seconds
(config-slb-probe)#faildetect retry-count
(config-slb-probe)#port port-number
(config-slb-probe)#request [method {get | post | head | name name}]
[url path]
(config-slb-probe)#header field-name [field-value]
(config-slb-probe)#credentials username [password]
(config-slb-probe)#expect [status status-code] [ regex regular-expression]
(config-slb-probe)#url [path]
(config-slb-probe)#exit
#show ip slb probe [name probe-name] [detail]
-----------------------------------------------------
11. 流控与交换机访问控制
-----------------------------------
(config-if)#broadcast suppression threshold% //old command
(config-if)#storm-control {broadcast level high level [lower level] |
action {shutdown | trap}} //new command
(config-if)#storm-control unicast | multicast level level [.level]
#show interfaces switchport
#show interfaces counters storm-control
#show interfaces counters [interface] [broadcast]
6500#configure terminal
6500(config)#interface fastethernet 3/1
6500(config-if)#broadcast suppression 0.25 //old command
6500(config-if)#storm-control broadcast level 50 20 action trap //new
6500(config-if)#end
6500#show running-config interface fastethernet 3/1 | include suppression
6500#copy running-config startup-config
-----------------------------------
(config)#protocol-filter
(config-if)#switchport protocol {ip | ipx | group} {on | off | auto}
#show protocol-filtering
#show portocol-filtering interface {type slot/port}
(config)#protocol-filter
(config)#interface fastethernet 5/1
(config-if)#switchport protocol ip on
(config-if)#switchport protocol ipx off
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/2
(config-if)#switchport protocol ip on
(config-if)#switchport protocol ipx off
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/7
(config-if)#switchport protocol ip off
(config-if)#switchport protocol ipx on
(config-if)#switchport protocol group off
(config)#interface fastethernet 5/9
(config-if)#switchport protocol ip auto
(config-if)#switchport protocol ipx auto
(config-if)#switchport protocol group off
(config-if)#end
#copy running-config startup-config
------------------------------------------------
(config-if)#switchport port-security
(config-if)#switchport port-security maximum number_of_address vlan {
valn_id | vlan_range}
(config-if)#switchport port-security mac-address mac_address
(config-if)#switchport port-security violation {protect|restrict|shutdown}
#show port security [interface interface_id] [address]
(config)#interface fastethernet 2/1
(config-if)#switchport port-security
(config-if)#switchport port-security mac-address 00-01-03-87-09-43
(config-if)#switchport port-security violation shutdown
(config)#interface fastethernet 2/2
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 10
(config)#interface fastethernet 2/3
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 3
(config-if)#end
#copy running-config startup-config
--------------------------------------------
(config)#access-list access-list-number {deny | permit | remark} {source
source-wildcard | host source | any}
(config)#access-list access-list-number {deny | permit | remark} protocol
{source source-wildcard | host source | any} [operator port]
{destination destination-wildcard | host destination | any}
{operator port}
(config)#ip access-list standard {name}
(config-std-nacl)#{deny | permit} {source source-wildcard | host source |
any}
(config)#ip access-list extended {name}
(config-ext-nacl)#{deny | permit} protocol {source source-wildcard | host
source | any} [operator port] {destination destination-
wildcard | host destination | any} [operator port]
(config)#vlan access-map name [number]
(config-access-map)#match ip addres {aclname | aclnumber}
(config-access-map)#action {drop | forward}
(config)#vlan filter mapname vlan-list list
#show ip access-lists [number | name]
#show vlan access-map [mapname]
#show vlan filter [access-map name | vlan vlan-id]
#show ip interface type number
(config)#ip access-list extended ip_subnet2host
(config-ext-nacl)#permit ip 10.101.0.0 0.0.255.255 host 10.101.1.1
(config)#ip access-list extended ping
(config-ext-nacl)#permit icmp any any echo
(config-ext-nacl)#permit icmp any any echo-reply
(config-ext-nacl)#exit
(config)#ip access-list extended ip_icmp
(config-ext-nacl)#permit icmp any any
(config-ext-nacl)#exit
(config)#ip access-list extended ip_tcp
(config-ext-nacl)#permit tcp any any
(config-ext-nacl)#exit
(config)#ip access-list extended ip_udp
(config-ext-nacl)#permti udp any any
(config-ext-nacl)#exit
(config)#vlan access-map watchlist 5
(config-access-map)#match ip address ip_subnet2host
(config-access-map)#action forward
(config)#vlan access-map watchlist 10
(config-access-map)#match ip address ping
(config-access-map)#action forward
(config)#vlan access-map watchlist 20
(config-access-map)#match ip address ip_icmp
(config-access-map)#action drop
(config)#vlan access-map watchlist 30
(config-access-map)#match ip address ip_tcp
(config-access-map)#action forward
(config)#vlan access-map watchlist 40
(config-access-map)#match ip address ip_udp
(config-access-map)#action drop
(config)#vlan access-map watchlist 50
(config-access-map)#action forward
(config-access-map)#exit
(config)#vlan filter watchlist vlan-list 101
(config)#end
#copy running-config startup-config
---------------------------------------------
(config)#aaa new-model
(config)#aaa authentication login {default | list-name} method1 [method2..]
//method {enalbe,krb5,krb5-telnet,line,local,local-case,none,group radius,
group tacacs+,group group-name.
(config)#line [aux | console | tty | vty] line-number [ending-line-number]
(config-line)#login authentication {default | list-name}
(config)#tacacs-server host hostname [single-connection] [port integer] [
timeout integer] [key string]
(config)#aaa authentication login {default | list-name} method1 [method2..]
(config)#tacacs-server key key
(config)#radius-server host {hostname | ip-address} [auth-port port-number]
[acct-port port-number] [key string]
(config)#aaa authentication login {default | list-name} method1 [method2..]
(config)#radius-server key string
#show radius statistics
#show tacacs
(config)#aaa new-model
(config)#ip radius source-interface loopback 0
(config)#radius-server host 192.168.1.10
(config)#aaa authentication login CONSOLE group radius
(config)#radius-server key 789xyz
(config)#line console 0
(config-line)#login authentication CONSOLE
(config-line)#exit
(config)#ip tacacs source-interface loopback 0
(config)#tacacs-server host 192.168.1.8
(config)#aaa authentication login TELNET group tacacs+
(config)#tacacs-server key abc123
(config)#line vty 0 4
(config-line)#login authentication TELNET
(config-line)#exit
-------------------------------------------
(config)#access-list access-list-number permit {source [source-wildcard] |
any} [log]
(config)#line vty line-number [ending-line-number]
(config-line)#access-class access-list-number in
(config-line)#exit
(config)#ip http access-class {access-list-number | name}
#show line [line-number | summary]
#configure terminal
(config)#access-list 1 permit 172.168.5.0 0.0.0.255
(config)#line vty 5 10
(config-line)#access-class 1 in
(config-line)#exit
---------------------------------------------
(config)#hostname hostname
(config)#ip domain-name domainname
(config)#crypto key generate rsa
(config)#ip ssh [version {1 | 2}]
#show ip ssh
#show ip permit
switch(config)#crypto key generate rsa
Enter modulus:1024
switch(config)#ip ssh
switch(config)#end
switch#copy running-config startup-config
------------------------------------------
(config)#radius-server host address key string
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config-if)#dot1x port-control {auto |force-authorized |force-unauthorized}
(config)#radius-server host 10.1.1.1 key funhouse
(config)#aaa new-model
(config)#aaa authentication dot1x default group radius
(config)#dot1x system-auth-control
(config)#interface fastethernet 3/6
(config-if)#dot1x port-control auto
(config-if)#end
#copy running-config startup-config
--------------------------------------------------
(config)#interface fastethernet 1/0/2
(config-if)#switchport mode access
(config-if)#switchport port-security
(config-if)#switchport port-security mac-address 0011.856D.9AF9
(config-if)#switchport port-security violation shutdown
(config-if)#end
#show error-disable
(config)#errdisable recovery cause psecure-violation
#show port-security interface fastethernet 1/0/2
-----------------------------------------------------
(config)#ip dhcp snooping vlan 1
(config)#interface fastethernet 1/0/3
(config-if)#ip dhcp snooping trust
(config-if)#end
#show ip dhcp snooping
#show ip dhcp snooping binding
------------------------------------------
(config)#ip arp inspection vlan 1
(config)#interface fastethernet 1/0/3
(config-if)#ip arp inspection trust
(config-if)#end
#show ip arp inspection vlan 1
-------------------------------------------
12. 交换机的管理
---------------------------------------
(config)#[no] logging on
(config)#logging syslog-host //old command
(config)#logging host {ip-address | hostname} //new command
(config)#logging facility facility-type
(config)#logging trap level
//level {emergencies=0 | alerts=1 | critical=2 | errors=3 | warnings=4 |
notifications=5 | informational=6 | debugging=7}
(config)#logging source-interface type number
(config)#logging history level
(config)#logging history size number
(config)#logging buffered [size]
#clear logging
(config)#logging file [flash:]filename [max-file-size][min-file-size] level
(config)#logging console level
(config)#logging monitor level
(config-line)#logging synchronous [level level | all] [limit buffers]
(config)#service timestamps log {uptime | datetime}
(config)#logging rate-limit number [all | console] [except level]
(config)#logging 192.168.254.91
(config)#logging buffered 65536
(config)#service timestamps log datetime
#show logging
#show logging
--------------------------------
(config)#snmp-server contact contact-string
(config)#snmp-server location location-string
(config)#snmp-server chassis-id id-string
(config)#snmp-server view view-name oid-tree {included | excluded}
(config)#snmp-server community string [view view] [ro | rw] [acc-list]
(config)#snmp-server engineID [local id-string] [remote ip-address
udp-port port id-string]
(config)#snmp-server engineID remote ip-address [udp-port port] id-string
(config)#snmp-server group [groupname {v1 | v2c | v3 {auth | noauth}}] [
read readview] [write writeview] [notify notifyview] [access
acc-list]
(config)#snmp-server user username groupname [remote ip-address] {v1 | v2c}
[access acc-list]
(config)#snmp-server user username groupname [remote ip-address] v3 [
encrypted] [auth {md5 | sha} auth-password] [access acc-list]
(config)#snmp-server system-shutdown
(config)#snmp-server tftp-server-list acc-list
(config)#snmp-server enable {traps [type] [option] | informs}
(config)#snmp-server host host [traps | informs] [version {1 | 2c | 3 [
auth | noauth]}] community-string [udp-port port] [type]
(config)#snmp-server trap-timeout seconds
(config)#snmp-server queue-length length
(config)#snmp-server trap-source interface
(config-if)#[no] snmp trap link-status
(config-if)#rmon collection stats index [owner name]
(config-if)#rmon collection history index [owner name] [buckets nbuckets]
[interval seconds]
(config)#rmon alarm number object interval {delta | absolute}
rising-threshold rise [event] falling-threshold fall [event]
[owner string]
(config)#rmon event number [description string] [owner name] [trap
community] [log]
------------------------------------------
(config)#snmp-server contact John Doe, Network Operations
(config)#snmp-server location Building A, closet 123
(config)#snmp-server community public ro 5
(config)#snmp-server community noc-team rw 6
(config)#snmp-server host 172.30.5.93 traps nms
(config)#snmp-server enable traps
(config)#no snmp-server enable config
(config)#access-list 5 permit 172.30.0.0 0.0.255.255
(config)#access-list 6 permit host 172.30.5.91
(config)#access-list 6 permit host 172.30.5.95
(config)#interface gig 3/1
(config-if)#no snmp trap link-status
#show snmp
#show rmon [alarms | events | history | statistics]
------------------------------------------
(config)#interface dest-interface
(config-if)#port monitor [src-interface | vlan src-vlan] //old command
(config)#monitor session session source {{interface interface} | {vlan
vlan-range}} [rx | tx | both]
(config)#monitor session session destination {{interface interface-range}|
{vlan vlan-range}} [rx | tx | both]
(config)#monitor session session filter vlan vlan-range
(config)#no monitor session session
----------------------------------------
(config)#vlan vlan_id{[-vlan_id] | [,vlan_id]
(config-vlan)#remote-span
(config)#monitor session session_number source {{single_interface |
interface_list | interface_range | mixed_interface_list |
single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx
| both]} | {remote vlan rspan_vlan_id}
(config)#monitor session session_number destination {single_interface |
interface_list | interface_range | mixed_interface_list} | {
remote vlan rspan_vlan_id}}
(config)#no monitor session {session_number | all | local | range
session_range[[,session_range],...] | remote}
(config)#monitor session 1 source vlan 58 both
(config)#monitor session 1 destination interface fast 5/1
(config)#monitor session 2 source interface fast 2/4 both
(config)#monitor session 2 destination interface fast 5/48
B(config)#vlan 901
B(config-vlan)#remote-span
B(config)#interface fast 3/1
B(config-if)#switchport access vlan 901
B(config)#monitor session 1 source interface fast 3/1 both
C(config)#vlan 901
C(config-vlan)#remote-span
C(config)#interface fast 5/48
C(config-if)#switchport access vlan 901
C(config)#monitor session 1 destination interface fast 5/48
A(config)#vlan 901
A(config-vlan)#remote-span
#show monitor session [session_number]
#show monitor capture
#show monitor session 1
#show monitor session 1 detail
---------------------------
6500(config)#power redundancy-mode {combined | redundant}
6500(config)#[no] power enable power-supply number
6500(config)#[no] power enable module mod
6500#show power
6500#show power status all
-------------------------------
#show environment temperature
-----------------------------
#ping [host]
#traceroute [protocol] [host]
#traceroute mac [interface type interface-number] source-mac-address
[interface type interface-number] destination-mac-address [vlan vlan-id]
[detail]
#traceroute mac 00b0.d040.01d1 0010.a4c6.b4b7 detail
-------------------------------------------------------------
13. 服务质量
---------------------------------------
(config-if)#switchport priority default cos
(config-if)#switchport priority override
(config-if)#switchport priority extend {cos cos | none | trust}
(config)#mls qos
(config-if)#mls qos vlan-based
(config-if)#mls qos cos cos-value
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp dscp1 ... dscp8
(config)#no mls qos map cos-dscp
(config-if)#mls qos trust cos
(config)#mls qos map ip-prec-dscp dscp1 ... dscp8
(config-if)#mls qos trust ip-precedence
(config-if)#mls qos trust dscp
(config)#mls qos map dscp-mutation desc-mutation-name in-dscp to out-dscp
(config-if)#mls qos dscp-mutation dscp-mutation-name
(config-if)#rcv-queue queue-limit queue1 queue2
(config-if)#rcv-queue threshold queue-id threshold-percent-1 ...
threshold-percent-n
or
(config-if)#wrr-queue threshold queue-id threshold-percent-1 ...
threshold-percent-n
(config-if)#rcv-queue random-detect min-threshold queue-id thr1-min
thr2-min ...
(config-if)#rcv-queue random-detect max-threshold queue-id thr1-max
thr2-max ...
(config-if)#rcv-queue cos-map queue-id threshold-id cos-list
or
(config-if)#wrr-queue cos-map queue-id threshold-id cos-list
#show queueing interface
(config)#mls qos aggregate-policer aggregate-name rate brust [max-brust]
[pir peak-rate] [conform-action] [exceed-action action]
[violate-action action]
(config-if)#mls qos bridged
(config)#mls qos map policed-dscp internal-dscp to policed-dscp
(config)#access-list acc-list-number {permit|deny} ip source-ip source-mask
or
(config)#ip access-list standard acl-name
(config-std-nacl)#{permit | deny} source-ip [source-mask]
(config)#access-list acc-list {permit|deny} protocol source-ip source-mask
[operator [source-port]] destination-ip destination-mask [operator
[dest-port]] [precedence precedence] [dscp dscp] [tos tos]
or
(config)#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} protocol source-ip source-mask [operator
[source-port]] destination-ip destination-mask [operator
[dest-port]] [precedence precedence] [dscp dscp][tos tos]
(config)#access-list acc-list {permit | deny} icmp source-ip source-mask
destiantion-ip destination-mask [icmp-type [icmp-code] |
icmp-message] [precedence precedence] [dscp dscp] [tos tos]
or
(config)#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} icmp source-ip source-mask destination-ip
destination-mask [imcp-type [icmp-code] | icmp-message]
[precedence precedence] [dscp dscp] [tos tos]
(config)#access-list acc-list {permit | deny} igmp source-ip source-mask
destination-ip destination-mask [igmp-type] [precedence
precedence] [dscp dscp] [tos tos]
or
(config#ip access-list extended acl-name
(config-ext-nacl)#{permit | deny} igmp source-ip source-mask destination-ip
destination-mask [igmp-type] [precedence precedence] [
dscp dscp] [tos tos]
(config)#mac access-list extended acl-name
(config-ext-nacl)#{permit | deny} {source-mac source-mask | any} {dest-mac
dest-mask | any} ether-type
(config)#class-map class-name [match-all | match-any]
(config-cmap)#match access-group name acc-list
(config-cmap)#match ip precedence ipprec1 [...ipprecN]
(config-cmap)#match ip dscp dscp1 [...dscpN]
(config)#policy-map policy-name
(config-pmap)#map class-name
(config-pmap)#class class-name {access-group acc-list | dscp dscp1 [...
dscpN] | precedence ipprec1 [...ipprecN]}
(config-pmap-c)#trust {cos | dscp | ip-precedence}
(config-pmap-c)#police aggregate policer-name
(config-pmap-c)#police [aggregate policer-name] [flow] rate brust [max-
brust] [pir peak-rate] [conform-action action] [exceed-
action action] [violate-action action]
(config-if)#service-policy input policy-name
(config-if)#wrr-queue queue-limit queue1 queue2 [queue3] queue-priority
(config-if)#wrr-queue bandwidth weight1 weight2 [weight3]
(config)#mls qos map dscp-cos dscp-list to cos-value
(config-if)#wrr-queue threshold queue-id threshold-percent-1
threshold-percent-2
(config-if)#wrr-queue random-detect min-threshold queue-id thr1-min
thr2-min ...
(config-if)#wrr-queue random-detect max-threshold queue-id thr1-max
thr2-max ...
(config-if)#wrr-queue random-detect queue-id
(config-if)#wrr-queue cos-map queue-id threshold-id cos-list
#show queueing interface
#show mls qos {type number | port-channel number | vlan vlan-id]
#show queueing interface {type number | null interface-number | vlan
vlan-id}
#show mls qos maps
#show mls qos aggregate policer [aggregate-name]
#show class-map [class-name]
#show policy-map policy-map-name
#show policy-map interface [type number | null interface-number | vlan
vlan-id] [input | output]
(config)#mls qos statistics-export destination {host-name | host-ip-address
} {{port port-number} | syslog} [facility facility-name] [severity
severity-value]
(config)#mls qos statistics-export interval interval
(config)#mls qos statistics-export delimiter character
(config)#mls qos statistics-export
(config-if)#mls qos statistics-export
(config)#mls qos statistics-export aggregate-policer policer-name
(config)#mls qos statistics-export class-map classmap-name
(config)#mls qos statistics-export destination 192.168.111.14 syslog
(config)#mls qos statistics-export interval 300
(config)#mls qos statistics-export
(config)#interface gig 3/1
(config-if)#mls qos statistics-export
(config)#interface gig 3/2
(config-if)#mls qos statistics-export
(config)#mls qos statistics-export aggregate-policer MyPolicer
#show mls qos statistics-export info
----------------------------------------------
14. 语音技术
---------------------------------------
(config-if)#power inline {auto | never}
(config-if)#switchport access vlan vlan-id
(config-if)#switchport trunk native vlan vlan-id
(config-if)#switchport voice vlan vlan-id
(config-if)#switchport voice vlan dot1q
(config-if)#switchport voice vlan untagged
(config-if)#switchport voice vlan none
(config-if)#no channel-group
(config-if)#spanning-tree portfast
(config)#interface fastethernet 0/1
(config-if)#power inline auto
(config-if)#switchport access vlan 55
(config-if)#switchport trunk native vlan 55
(config-if)#switchport voice vlan 200
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport mode trunk
(config-if)#no channel-group
(config-if)#spanning-tree portfast
#show power inline [interface-id] [actual | configured]
#show cdp neighbor [interface-id] detail
#show interface [interface-id] switchport
#show cdp neighbor [interface-id] [detail]
-----------------------------------------------
(config-if)#mls qos vlan-based
(config-if)#mls qos trust cos
(config-if)#mls qos trust cos
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp 0 8 16 26 32 46 48 56
(config)#mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
(config-if)#switchport priority extend {trust | none}
(config-if)#switchport priority extend cos cos-value
(config-if)#mls qos trust dscp
(config)#ip access-list extended acl-name
(config-ext-nacl)#permit tcp any any range 2000 2002 dscp 26
(config-ext-nacl)#exit
(config)#policy-map policy-name
(config-pmap)#class class-name access-group acl-name
(config-pmap-c)#trust cos
(config)#interface vlan voice-vlan
(config-if)#service-policy input policy-name
(config-if)#no mls qos vlan-based
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#mls qos vlan-based
(config-if)#mls qos trust cos
(config-if)#no mls qos vlan-based
(config-if)#mls qos trust dscp
(config-if)#no mls qos trust cos
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config-if)#mls qos cos 0
(config-if)#no mls qos trust
(config)#mls qos map cos-dscp 0 8 16 26 32 46 48 56
(config)#mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
(config)#ip access-list extended acl-name
(config-ext-nacl)#permit tcp any any range 2000 2002 dscp 26
(config-ext-nacl)#exit
(config)#policy-map policy-name
(config-pmap)#class class-name access-group acl-name
(config-pmap-c)#trust cos
(config)#interface vlan voice-vlan
(config-if)#service-policy input policy-name
(config-if)#no mls qos vlan-based
(config-if)#wrr-queue cos-map 2 1 3
(config-if)#wrr-queue cos-map 2 1 3
-------------------------------------
15. 布线快速参考
----------------------------------------
RJ-45 crossover cable 接头针脚分配
A端RJ-45针脚 A端类型 B端类型 B端RJ-45针脚
1 TX+ RX+ 3
2 TX- RX- 6
3 RX+ TX+ 1
4 - - 4
5 - - 5
6 RX- TX- 2
7 - - 7
8 - - 8
-----------------------------------------
16. 知名协议号,端口号与其他编号
------------------------------------------
ip 协议号
ICMP 1
IGMP 2
GGP 3
IP 4
TCP 6
EGP 8
IGRP 9
UDP 17
RDP 27
GRE 47
ESP 50
AH 51
NHRP 54
EIGRP 88
OSPF 89
LARP 91
IPIP 94
PIM 103
VRRP 112
L2TP 115
ISIS 124
FC 133
--------------------------------
以太网类型代码
0800 Internet IP (IPv4)
0806 ARP
0808 frame relay ARP
8035 reverse ARP
86DD IPv6
880B PPP
8847 MPLS unicast
8848 MPLS multicast
----------------------------------------------