配置acl
Router2(config)#access-list 1 deny host 24.17.2.18 标准acl
Router2(config)#interface ethernet0
Router2(config-if)#ip access-group 1 in
Router2(config-if)#no ip access-group 1 in
Router1(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15
any eq telnet log 可扩展acl
Router1(config)#access-list 102 permit ip 24.17.2.0 0.0.0.15 any log
Router1(config)#ip access-list extended deny_ping 可命名acl
Router1(config-ext-acl)#deny icmp host 192.168.1.18 192.168.1.1 0.0.0.0 log
Router1(config-ext-acl)#permit ip any any log
配置rip
Router1(config)#router rip
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.0.0.0
Router1(config-router)#network 172.16.0.0
配置OSPF
Router1#config terminal
Router1(config)# router ospf 100
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.1.1.0 0.0.0.255 area 0
Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0
配置VTP
Switch3(config)#interface vlan1
Switch3(config-if)#ip address 10.1.1.1 255.255.255.0
Switch3(config-if)#no shutdown
Switch4(config)#interface vlan1
Switch4(config-if)#ip address 10.1.1.2 255.255.255.0
Switch3#vlan database
Switch3(vlan)#vtp server
Switch3(vlan)#vtp domain Boson
Switch3(vlan)#vtp password rules
Switch4(config)#interface fast 0/12
Switch4(config-if)#switchport mode trunk
show version ;显示设备型号、Flash、DRAM、IOS版本
show ip interface brief ;显示接口简要信息(类型、状态、协议状态、IP地址)
show interface e0/0 ;显示某接口详细信息(MAC、IP、MASK、…)
show ip protocols ;显示IP路由协议信息
show stacks ;提供路由器进程和处理器利用率信息, 用stack decode
show tech-support ;显示几个show命令的输出
show access-lists ;查看访问列表配置
show memory ;用于测试内存问题
Show dhcp server
Show arp ;显示路由器的ARP表
Ip access-list extended Example-Named-ACL
Deny tcp any any eq echo
Deny tcp any any eq 37
Permit udp host 172.16.10.2 any eq snmp
show startup-config ;显示写入NVRAM中的配置内容
show running-config ;显示当前运行的配置内容
show access-lists ;查看访问列表配置
Show ip access-list ;显示IP访问列表(1-199)
Show ip arp ;显示路由器的ARP缓存(IP、MAC、封装类型、接口)
Show ip protocols ;显示运行在路由器上的IP路由协议的信息
Show ip route ;显示IP路由表中的信息
Show ip traffic ;显示IP流量统计信息
ip route 0.0.0.0 0.0.0.0 192.168.201.250
ip route 192.168.1.0 255.255.255.0 192.168.201.251
username xxxxxx privilege 15 password 7 xxxxxxxxxxxxxx
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
ip address 192.168.201.1 255.255.255.0
interface range fastethernet 0/1 – 5 端口号之间需要加入空格
configure terminal
acl
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range EVERYOTHERDAY
time-range EVERYOTHERDAY
periodic Monday Wednesday Friday 8:00 to 17:00
router(config-std-nacl)# 20 permit any
router(config-std-nacl)# no 10 permit 10.1.1.1
vlan
show vlan
vlan database
3524XL(vlan)#vlan 2 name cisco_vlan_2
3524XL(vlan)#no vlan 2
3524XL#configure terminal
3524XL(config)#interface fastethernet 0/3
3524XL(config-if)#switchport access vlan 2
3524XL(config-if)#no switchport access vlan 2
3524XL(config-if)#end
Switch#show running-config
3524XL#write memory
Switch(config)#interface range fastethernet [mod/slot - mod/slot]
Switch(config-if-range)#switchport access vlan vlan_number
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#no shut
Switch#vlan database 改vlan名
Switch(vlan)#vlan 3
Switch(vlan)#name CISCO
Switch(vlan)#apply
Switch#configure terminal
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Switch(config)#access-list 105 permit ip 192.168.1.0 0.0.0.255 any
Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip access-group 101 in
Switch(config-if)#exit
Switch>enable
Switch#
h3c
[h3c]vlan17
[Quidway-vlan17]port g1/0/17
[Quidway-vlan17]interface Vlan-interface17
[h3c-Vlan-interface17]ip address 192.0.17.1 255.255.255.0
[h3c-Vlan-interface17]dhcp-server 1
5. 在VLAN接口10上选择全局地址池方式分配IP地址
[SwitchA-Vlan-interface10]dhcp select global
6. 创建全局地址池,并命名为”vlan10”
[SwitchA]dhcp server ip-pool vlan10
7. 配置vlan10地址池给用户分配的地址范围以及用户的网关,dns地址
[SwitchA-dhcp-vlan10]network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-vlan10]gateway-list 10.1.1.1
[SwitchA-dhcp-vlan10]dns-list 202.96.209.5 202.96.209.133
8. 禁止分配给用户的ip
[SwitchA]dhcp server forbidden-ip 10.1.1.1 10.1.1.23
[SwitchA]dhcp server forbidden-ip 10.1.1.200 10.1.1.250
9.配置vlan接口通过dhcp方式获取ip(缺省情况下vlan接口不通过dhcp方式获取ip)
[h3c]int vlan 3
[h3c-vlan-intterface]ip address dhcp-alloc
11,路由配置
[h3c]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
telnet配置:
[h3c]user-intface vty 0 3
[h3c-vty0 3]authentication-mode password
[h3c-vty0 3]set authentication password simple 123456
[h3c-vty0 3]user privilege level 3 设置vty可以执行的命令级别
[h3c]management-vlan 2 设置管理vlan
[h3c]local-user zhh
[h3c-zhh]service-tye telnet level 3
[h3c]telnet-server source-interface vlan-interface 2(为telnet服务端指定接口)
[h3c]telnet-server source-ip 192.168.1.1 (为telnet服务端指定ip)
[h3c]telnet source-interface vlan-interface 2 (为telnet客户端指定端口)
[h3c]telent source-ip 192.168.1.1
#定义8:00至18:00的周期时间段。
<H3C> system-view
[H3C] time-range test 8:00 to 18:00 daily
(2) 定义源IP为10.1.1.1的ACL
#创建并进入ACL 2000视图。
[H3C] acl number 2000
#定义源IP为10.1.1.1的访问规则。
[H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
[H3C-acl-basic-2000] quit
(3) 在端口上应用ACL
#在端口上应用ACL 2000。
[H3C] interface Ethernet1/0/1
[H3C-Ethernet1/0/1] qos
[H3C-qoss-Ethernet1/0/1] packet-filter inbound ip-group 2000