Part1.Smartports宏
Smartports宏是预先订制的配置脚本,可用于绝大多数的Cisco交换机上。通过使用这些脚本,不仅可以建立更稳定的端口配置,甚至可能防止未来出现问题。默认状态下,Cisco交换机提供的宏覆盖了下述这些种类的设备: Cisco-desktop,Cisco-phone,Cisco-switch,Cisco-router和Cisco-wireless。每个宏对应的命令如下:
1)针对终端PC的宏cisco-desktop
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro de.ion cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
2)针对SW的宏cisco-switch
switchport trunk encapsulation dot1q
switchport mode trunk
macro de.ion cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
3)针对Router的宏cisco-router
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
macro de.ion cisco-router
auto qos voip trust
spanning-tree portfast trunk
spanning-tree bpduguard enable
4)针对IP Phone的宏cisco-phone
switchport mode access
switchport voice vlan 1
switchport port-security
switchport port-security maximum 3
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro de.ion cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
5)针对无线AP的宏cisco-wireless
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mls qos trust cos
macro de.ion cisco-wireless
auto qos voip trust
spanning-tree bpduguard enable
启用Smartports的方式:
Switch(config)# int fa0/19
Switch(config-if)# macro apply cisco-desktop $access_vlan 1 //需要定义这个端口成为哪个VLAN的一部分
Switch(config-if)#show parser macro //这个命令会显示每个宏所作的工作
当然,我们也可以自己定义一个宏:
Switch(config)# macro name steven
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
switchport port-security maximum 1 //定义可以连接的设备的数量上限
switchport access vlan 1 //将该端口归入vlan1
@ //通过@符号结束宏
Switch(config)# interface gigabitethernet1/0/2 //接口下启用宏
Switch(config-if)# macro apply steven
Part2.Switch基本配置
Switch(config)#hostname HostName //配置主机名
Switch#show running-config //查看配置信息(RAM)
Switch(config)#enable password password //配置明文口令
Switch(config)#enable secret password //配置加密口令
Switch(config)#ip default-gateway ip-address //配置网关
Switch(config)#ip default-gateway ip-address //配置网关
Switch#show mac-address-table //查看CAM表
Switch(config)#interface vlan1 //定义一个三层虚接口
Switch(config)#ip address ip-address mask //配置IP地址
Switch(config-if)#no shutdown //开启端口
Switch#copy running-config startup-config //保存与删除交换机配置
Switch#write //同上
Switch#erase startup-config //恢复交换机出厂配置
switch(config-if)# de.ion de.ion-string //端口描述
switch(config-if)# speed {10|100|auto} //设置端口速率
switch(config-if)# duplex {auto|full|half} //设置双工模式
Switch#show logging //显示系统日志
Part3.Vlan配置
Switch(config)#vlan vlan-id & Switch(config)#name vlan-name //创建Vlan Method1
Switch#vlan database & Switch(vlan)#vlan vlan-id name vlan-name //创建Vlan Method2
Switch(config or vlan)#no vlan vlan-id //删除Vlan
Switch(config-if)#Switchport mode access //定义接入端口step1
Switch(config-if)#Switch access vlan vlan-id //定义接入端口step2
Switch(config-if-range)# switchport host //该组端口为Access & 启用PortFast & No Channel
Switch#show vlan brief //查看VLAN信息
Switch#show vlan id vlan-id //查看某个VLAN的信息
Switch#show running-config interface interface-id //验证端口的VLAN号
Switch#show interface interface-id Switch port //验证端口的管理模式和VLAN的情况
switch(config-if)# switchport mode trunk //定义中继链路
switch(config-if)# switchport mode trunk //定义中继链路
switch(config-if)# switchport trunk encapsulation {isl|dotlq} //选择中继封装类型
switch(config-if)# switchport trunk allowed vlan remove vlan-list //删除允许通过此中继链路的Vlan
switch(config-if)# switchport trunk allowed vlan add vlan-list //添加允许通过此中继链路的Vlan
switch(config-if)# switchport nonegotiate //关闭DTP协商
Part4.VTP配置
switch# vlan database
switch(vlan)# vtp domain domain-name //定义一个VTP域
switch(vlan)# vtp {sever|cilent|transparent} //定义SW在域中角色
switch(vlan)# vtp password password //设置VTP密码
switch(vlan)# vtp v2-mode //设置VTP版本
switch(vlan)# vtp pruning //启用VTP剪裁
switch#show vtp domain /statistics //显示管理域的VTP参数.
Part5.STP配置
switch(config-if)# spanning-tree vlan vlan-id root primary //指定根网桥
switch(config-if)# spanning-tree vlan vlan-id cost num //定义Vlan生成树端口开销
switch(config-if)# spanning-tree vlan vlan-id priority num //定义Vlan的网桥优先级(推荐)
switch(config)# spanning-tree uplinkfast //配置UplinkFast
switch(config)# spanning-tree backbonefast //配置BackboneFast
switch(config-if)# spanning-tree guard root //配置根防御
switch(config-if)# spanning-tree guard root //配置根防御
switch(config-if)# spanning-tree guard loop //配置环防御
switch(config)# interface range fa2/1 - 2/28 //配置快速端口
switch(config-if or -range)# spanning-tree portfast //全局配置or端口配置or局部端口
Switch(config)# spanning-tree portfast default //设置所有access port为PortFast
switch# show spanning-tree vlan vlan-id //显示STP信息
switch# show spanning-tree vlan vlan-id detail //显示STP详细信息
switch# debug spanning-tree events //调试STP
switch(config)# spanning-tree [vlan vlan-list] hello-time seconds
switch(config)# spanning-tree [vlan vlan-list] hello-time seconds
switch(config)# spanning-tree [vlan vlan-list] forward-time seconds
switch(config)# spanning-tree [vlan vlan-list] max-age seconds
Part6.Feature配置
switch(config)# cdp run //全局下启用CDP
switch(config-if)# cdp enable //接口下启用CDP
Switch#show cdp //查看CDP全局配置信息
Switch#show cdp interface f0/19 //显示f0/19接口的CDP配置信息
Switch#show cdp traffic //显示有关CDP包的统计信息
Switch#show cdp neighbors //以简洁的形式列出与本设备相邻的Cisco设备
Switch#show cdp neighbors detail //显示相邻Cisco设备的详细信息
switch(config-if)# udld port aggressive //启用UDLD积极模式
switch# show udld GigabitEthernet 0/1 //查看UDLD积极模式
switch(config-if)# channel-group port-channel-number mode desirable //将EtherChannel分配到EtherChannel组中(PAgP)
switch(config-if)# channel-protocol lacp //指定采用LACP协议
switch(config-if)# channel-group group-number mode active //将端口分配给LACP EtherChannel
转载于:https://blog.51cto.com/steven24/70018
7242
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
