layer3 route

VACL 在核心交换机上抓取mac或者ip

基于ip

access-list 4 permit 100.1.1.4 （划入vlan 100）

vlan acces-map A 10
action drop
match ip address 4

vlan filter vlan-list 100

基于mac

mac access-list extended MAC
permit host 0001.969c.9c4e any (对应ip在vlan100)

vlan acces-map B 10
action drop
match mac address MAC

vlan filter vlan-list 100

clear arp-table

CAM table（content addressable memory table）
port mac vlan 经hash算法（定长不可逆）得到CAM Table

cisco5000有路由agent
ip与mac怎么转发

集中转发（centralized forwarding）
发布转发（distributed forwarding）

进程交换
ASIC交换

########
cef   ##
########

conf ter
ip cef

show ip cef
show adjacency
show adjacency detail

arp throtting

三层路由
1 svi
conf ter
ip routing
interface vlan 10
ip address 10.1.1.1 255.255.255.0
no shutdown

router eigrp 50
network 10.0.0.0

2 routed ports（L3接口）
conf ter
ip routing
interface fastethernet 0/6
no switchport
ip address 10.1.1.1 255.255.255.0
no shutdown
show ip route

3 单边路由

模拟pc 配置网关指向路由
conf ter
interface fastethernet 0/0
ip address 4.4.4.4 255.255.255.0
no shutdown
exit
default-gateway 4.4.4.1

sw1端口划入相应vlan
conf ter
interface fasrethernet 0/0
swichport mode access
swichport access vlan 4

sw1与sw2做trunking
conf ter
interface fasrethernet 0/0
sw tr enc dot
swichport mode trunk

确保sw2上有vlan
vlan 4
show vlan

sw2与R3做trunking
interface fasrethernet 0/1
sw tr enc dot
swichport mode trunk

R3上创建子接口
conf ter
int f 0/0
no sh
exit

int f 0/0.4
en dot  4
ip add 4.4.4.1 255.255.255.0
no sh

int f 0/0.6
en dot 6
ip add 6.6.6.1 255.255.255.0
no sh

####################
span port analyze ##
####################

把源端口映射的目的端口，在目的端口上接一台pc 在pc上安装wireshark抓包。

1. local span

conf ter
monitor session 1 source interface fastethernet 0/1
monitor session 1 destination interface fastethernet 0/2

show monitor session 1

2. remote span

conf ter
monitor session 1 source interface fastethernet 0/1

monitor session 1 destination remote vlan 100 reflector-port fastethernet 0/3（空端口）
vlan 100
remote-span

vlan 100
remote-span
monitor session 1 source remote vlan 100
monitor session 1 destination interface fastethernet 0/2

#######################
network time protocol##
#######################
udp port 123

show clock

clock set 19:01:30 25 JUL 2013

1 跟master同步

R1
conf ter
ntp master
show ntp status

R2
conf ter
ntp server 12.1.1.1

R3
conf ter
ntp server 12.1.1.1

2 跟peer同步

R3
conf ter
ntp peer 23.1.1.2