http://e-learning.51cto.com/video/108367
display vlan //show list
qu
undo vlan 11 to 13 //删除VLAN
创建VLAN 10 20 30
VLAN 10
VALN 20
VLAN 30
把接口加入vlan
dis cu int //显示接名称口
{
interface E0/4/0
int E0/4/0 //进入interface
加入到vlan10
dis this //E0/4/0看配置
》》》》》》》》port link-type access //接入链路 trunk //中继链路《》route
port access vlan10 //将接口加入vlan10
dis this
}
for(10,20,30)<<<<< E0/4/1, E0/4/2,
查看验证::
display valn 10
.............
untagged ports:
ETHERNET0/4/0
=====================
2.trunk
中继链路:port link-type trunk
eg:交换机的Gi 0/0/0改成中继链路,只允许中继vlan10和vlan20
交换机的Gi 0/0/1改成中继链路,只允许中继vlan30
display cu
int gi 0/0/0
dis this 查看是否为route//port link-mode bridge
port link-type trunk
port trunk permit vlan10 vlan20
dis this
interface GigabitEthernet0/0/0
==========================
int gi 0/0/1
port link-mode br
port link-type trunk
port trunk permit valn 30 //undo
dis this //可以从接口查看display cu int gi 0/0/1
//valn 查看 dis valn 30 看效果
tagged port:被某些vlan中继
untagged port
=================
==================
需求:交换机 2101。。 路由器2001。。
1.在三个交换机上配置10 20 30 40
sw1:vlan 10
vlan 20
vlan 30
vlan 40
dis vlan
=====
sw2:vlan 10
vlan 20
vlan 30
vlan 40
dis vlan
=======
sw3:vlan 10
vlan 20
vlan 30
vlan 40
dis vlan
将交换机互联接口改为trunk 允许10 20 30 40通过
sw1:qu
int e0/4/0
port link-type trunk
port trunk permit vlan 10 20 30 40
dis play
=======
int e0/4/1
port link-type trunk
port trunk permit vlan 10 20 30 40
dis play
============================
sw2:qu
int e0/4/0
port link-type trunk
port trunk permit vlan 10 20 30 40
dis play
=======
int e0/4/1
port link-type trunk
port trunk permit vlan 10 20 30 40
dis this
====================
sw3:qu
int e0/4/0
port link-type trunk
port trunk permit vlan 10 20 30 40
dis this
=======
int e0/4/1
port link-type trunk
(undo)port trunk permit vlan 10 20 30 40
dis this
==================
2.
要求配置生成树协议
sw1 作为10 20 的根桥
sw1 作为30 40 的根桥
三个交换机必须配置相同的实例,开启生成树协议 》》》局域网
sw1:stp enable
sw2:stp enable
sw3:stp enable
配置实例原则:
1.有几个根桥,配几个实例
2.做vlan的根桥。要把vlan到配到一个根桥中
========================================command
sw1: stp region-configuration
region-name wode001 //起相同的名字
instance1 vlan10 vlan20
instance2 vlan30 vlan40 //创建实例
active region-configuration //激活实例
dis this
==================
sw2: stp region-configuration
region-name wode001 //起相同的名字
instance1 vlan10 vlan20
instance2 vlan30 vlan40 //创建实例
active region-configuration //激活实例
dis this
==================
sw3: stp region-configuration
region-name wode001 //起相同的名字
instance1 vlan10 vlan20
instance2 vlan30 vlan40 //创建实例
active region-configuration //激活实例
dis this
==================
配置sw1成为vlan10 20的根桥
sw1: stp instance 1 priority 0 //根桥优先级最小
=================
配置sw3成为vlan30 40的根桥desi
sw2: stp instance 2 priority 0
查看 :display stp instance1 【brief 】 //bidgeid 相同
desi代表指定端口,而根桥上的端口全是指定端口》》》全是指定端口》》根桥
root 代表根端口 alte 替代端口(stop)
===============================================
查看所有VLAN的摘要信息
#show vlan brief
#查看指定vlan信息
show vlan ID vlan-id
生成树使用的是BPDU桥协议数据单元
收到桥协议数据单元 所有接口关闭(双线) tcn
交换机拓扑发生变化,重新计算生成树
解决方法:
int E0/4/1
stp edged-port enable
//把连接终端的接口改成边缘接口
使服务器的接口为边缘接口,
int E0/4/1
stp edged-port enable\
=========================
需求描述:
vlan与ipaddress 的规划
vlan10:10.10.1.0/24
vlan20:10.20.1.0/24
vlan30:10.30.1.0/24
vlan40:10.40.1.0/24
***
只给sw1和sw2的vlan配置IP地址,sw3作为纯粹的二层设备(无IP)
=======================
SW1:sys
int vlan 10
ip add 10.10.1.253 24
int vlan 20
ip add 10.20.1.253 24
int vlan 30
ip add 10.30.1.253 24
int vlan 40
ip add 10.40.1.253 24
dis cu int vlan10
...
测试:ping ip add 10.10.1.253
======================
SW2:
int vlan 10
ip add 10.10.1.254 24
int vlan 20
ip add 10.20.1.254 24
int vlan 30
ip add 10.30.1.254 24
int vlan 40
ip add 10.40.1.254 24
dis cu int vlan10
dis cu int vlan20 //dis cu 看配置
dis cu int vlan30
dis cu int vlan40
测试:ping ip add 10.10.1.254vrrp
=======================================
2.配置VRRP,SW1作为vlan10 20 的主用设备, anther type shrp(zookeeper)
sw2作为vlan30 40 的主用设备
vrrp:两个设备 中间连一条心跳线 一个为主一个为辅(闲置)
一般和生成树一起配置
vlan根桥一般与vrrp的主用设备在一起
配置VRRP需要制定的参数:
1.制定漂移地址 漂移地址作为当前vlan的默认网关
漂移地址必须和当前vlanif的ip 相同
但是 不能和 当前的地址相同
===========================
sw1
int vlan 10
vrrp vrip 10 vitual-ip 10.10.1.1 两台设备漂移地址必须相同
漂移地址等于网关 10.10.1.1
====================
sw2
int vlan 10
vrrp vrip 10 vitual-ip 10.10.1.1 两台设备漂移地址必须相同
漂移地址等于网关 10.10.1.1
================================
配置优先级和占先权
主用设备的优先级高于备用设备
。。。。。。。。。。。。。。。。。
优先级默认是100
sw1: vrrip vrip 10 priority 130
sw2: vrrip vrip 10 priority 110
。。。。。。。。。。。。。。。。
vrrp vrid 10 preempt-mode//默认
-----------------------------
在主用设备上配置跟踪对象
一旦对象失效,就降低一定的优先级 降到比备用设备优先级更低
模拟无反应:
sw1:vrrp vrid 10 track 接口 降低的值
==============================================vlan 20=====================
sw1:int vlan 20
vrrp vrip 20 vitual-ip 10.20.1.1
vrrip vrip 20 priority 120
vrrp vrid 20 preempt-mode
sw2:
int vlan 20
vrrp vrip 20 vitual-ip 10.20.1.1
vrrip vrip 20 priority 110
vrrp vrid 20 preempt-mode
dis vrrp
========================
=======sw1:80====vlan30=====sw2:90======= dis vrrp
=====sw1:80======vlan40====sw2:90========== dis vrrp
3.配置交换机的loopback接口配置地址
sw1:10.1.1.1
sw2:10.2.2.2
sw1 :
int lo 0
ip add 10.1.1.1 32
sw2:
int lo 0
ip add 10.2.2.2 32
================
4.配置ospf路由协议使得全网互通
h3:
sw1:ospf 123 router-id 10.1.1.1
area 0 //设置为区域0
dis ip routing-table protocol direct //发布直连网段
network 10.1.1.1 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.20.1.0 0.0.0.255
network 10.30.1.0 0.0.0.255
network 10.40.1.0 0.0.0.255
dis this
=================================
sw2:ospf 123 router-id 10.2.2.2
area 0 //设置为区域0
dis ip routing-table protocol direct //发布直连网段
network 10.2.2.2 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.20.1.0 0.0.0.255
network 10.30.1.0 0.0.0.255
network 10.40.1.0 0.0.0.255
dis this
============================================、
验证ospf:dis ip routing-table protocol ospf
============================================
5.sw1.sw2开启远程访问
sw1:ssh server enable //开启ssh服务
local-user song
authorization-attribute level 0 /设置安全属性级别
password cipher(simple) song
service-type ssh
dis this
exit
user interface vty 0 4
authorization-mode scheme //修改认证方式
protocol inbound ssh //接受什么协议
user privilege 0 //用户级别调到最低
qu
public-key local create rsa //生成密钥对
测试:
sw3:ssh 10.1.1.1
username:song
password:song
===============
设置super 密码
super password cipher haha
super //进入super模式
==========================
5.配置dhcp中继
图2
dhcp:四个广播
server<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>client
<-------------------dhcp discover package
-------------------->dhcp offer package
<--------------------dhcp request //选择dhcp服务器
--------------------->dhcp ack
==================================================================
需求描述:
RT1作为DHCP服务器
创建两个全局地址池:
192.168.10.0/24
192.168.20.0/24
RT1和RT3属于vlan10
RT2属于vlan 20
在交换机上配置中继,确保RT2和RT3都能从RT1处获取ip地址
----------------------------------------------------------------
交换机上创建vlan
sw1:
int vlan 10
ip add 192.168.10.1 24
int vlan 20
ip add 192.168.20.1 24
qu
dis cu interface vlan
----------------------------
int e0/4/0
port link-type access //交换机的接口默认access
port access vlan 10
int e0/4/1
port access vlan 10
int e0/4/2
port access valn 20
-------------------------------------
配置RT1,配置ip地址和默认网关
sys
int gi 0/0/0
ip add 192.168.10.2 255.255.255.0
qu
---
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1 //等于 配置默认路由
ping 192.168.10.1
ping 192.168.20.1
===========================================================================
创建全局地址池
rt1:(1)
dhcp enable
dhcp server ip-pool valn-10 //name
network 192.168.10.0 //网段
gateway-list 192.168.10.1 //vlan 10 的网关
dns-lsit 202.106.0.20 8.8.8.8
--------------------------------------------------------
dhcp server ip-pool valn-20 //name
network 192.168.20.0 //网段
gateway-list 192.168.20.1 //vlan 20 的网关
dns-lsit 114.123.11.8 202.106.0.20
======================================
rt3:
int gi 0/0/0
ip address dhcp-alloc //接口由dhcp分配
qu
dis ip int brief
dis ip routing-table
-------------------------------------------
配置dhcp中继 基本不用 配置在client方向
如果客户端连接在路由器的Ge-0/0/1口上,则在Ge-0/0/1上做中继
如果客户端连接在 属于vlan20的接口上,则在vlan20
中继一般在网关上
-------------------------------------------
sw1:
dhcp enable
dhcp relay //做中继
dhcp relay server-group 1 ip 192.168.10.2 //指定服务器的地址
int vlan 20 //把中继调到接口vlan20上
dhcp select relay
dhcp relay server-select 1 //1 表示192.168.1.10.2 检测
dhcp relay client-detect enable 开启中继
--------------------------------------
rt2:dis ip int brief
dis ip route brief
==================================
需求分析:
1.创建两个VLAN,分别是VALN10.VLAN20
2.SW1作为vlan10的根桥,sw2作为vlan20的根桥
3.配置VRRP
VALN 10 10.10.1.0/24
VLAN 20 10.20.1.0/24
要求: sw1作为vlan10的主用设备,sw2作为vlan的主用设备
4.SW1和sw2.RT1的loopback接口地址
sw1:10.1.1.1
sw2:10.2.2.2
RT1:1.1.1.1
要求:配置ospf使得三台设备loopback接口地址互通
5.
在RT1上开启ssh远程访问功能
username:song
password:song
让Rt2通过ssh远程访问到RT1,RT2属于vlan10
6.RT2的接口地址通过dhcp获取。Rt1做dhcp服务器
注意:如果无要求;让所有交换机上的vlan保持一致
分析:
sw1:valn 10
VLAN 20
sw2:valn 10
VLAN 20
sw4:valn 10
VLAN 20 //同步vlan
-----------trunk------------------
sw1:
int e0/4/1
port link-type trunk
port trunk permit valn 10 20
dis this
-----------------------
int e0/4/2
port link-type trunk
port trunk permit valn 10 20
dis this
-------------------------
sw2:
int e0/4/1
port link-type trunk
port trunk permit valn 10 20
dis this
-------
int e0/4/2
port link-type trunk
port trunk permit valn 10 20
dis this
---------------------
sw4:
int e0/4/0
port link-type trunk
port trunk permit valn 10 20
dis this
---------
int e0/4/1
port link-type trunk
port trunk permit valn 10 20
dis this
----------------
int e0/4/2
port access vlan 10
stp edged-port enable //接中端 边缘化
================================================
配置生成树 stp
sw1:stp enable
sw2:stp enable
sw4:stp enable
-------------------
sw1: stp region-configuration
region-name song
instance 1 valn 10
instance 2 valn 20 //有几个根桥几个实例
active region-configuration
--------------------------------
sw2:
stp region-configuration
region-name song
instance 1 valn 10
instance 2 valn 20 //名称 实例 需要一致
active region-configuration
---------------------------
sw4:
stp region-configuration
region-name song
instance 1 valn 10
instance 2 valn 20 //名称 实例 需要一致
active region-configuration
------------------------------------------------------------------
/*stp instance 1 root primary 降优先级 /
sw1:stp instance 1 pri 0
stp instance 2 pri 4096
-----------
sw2: stp instance 2 pri 0
stp instance 1 pri 4096
dis stp instance 1 br //dest代表根桥
----------------------------------------------------------------------------------
配置vrrp
sw1:
int valn 10
ip add 10.10,1.253 255.255.255.0 //vlan ip
vrrp vrid 10 virtual-ip 10.10.1.1 //漂移地址
vrrp vrid 10 pri 90 //主用设备的优先级高于备用设备 为90
-------------------
sw2:int valn 10
ip add 10.10.1.【254】 255.255.255.0 //本身地址不能相同
vrrp vrid 10 virtual-ip 10.10.1.1 //漂移地址
vrrp vrid 10 pri 70 //backup
------------------------------------
sw1:int valn :20
ip add 10.20.1.253 255.255.255.0 //vlan ip
vrrp vrid 20 virtual-ip 10.20.1.1 //漂移地址
vrrp vrid 20 pri 70
---------------------------
sw2:int valn 20
ip add 10.20.1.【254】 255.255.255.0 //本身地址不能相同
vrrp vrid 20 virtual-ip 10.20.1.1 //漂移地址
vrrp vrid 20 pri 90
测试:dis vrrp
==========================================================
配置loopback sw1: int lo 0
ip add 10.1.1.1 32
-------------
sw2:
int lo 0
ip add 10.2.2.2 32
------------------------
rt1:
int lo 0
ip add 10.2.2.2 32
---------------------------------------------------------------------------------------------
sw1:
int e0/4/0
port acc valn 10
---------------------
rt1:int Gi 0/0/0
ip add 10.10.1.2 255.255.255.0
ping 10.10.1.253
----------------------
sw2: //路由器接口 要求接口ip不一致
int e0/4/0
port acc vlan 20
-------------------------
rt1:
int gi 0/0/1
ip add 10.20.1.2 255.255.255.0
ping 10.20.1.254
=========================
sw1: ospf 100
area 0
network 10.1.1.1 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.20.1.0 0.0.0.255
-----
sw2:ospf 100
area 0
network 10.2.2.2 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.20.1.0 0.0.0.255
--------------
rt1:
ospf 100
area 0
network 10.1.1.1 0.0.0.0
network 10.10.1.0 0.0.0.255
network 10.20.1.0 0.0.0.255 //反掩码
pimg 10.1.1.1
ping 10.2.2.2
----------------------
ssh 配置
rt1:
ssh-server enable
local-user song
password cipher song
authorization-attribute level 0
server-type ssh
qu
user-interface vty 0 4
authorization-mode scheme //mima
protocol inbound ssh //xieyi
public-key local create rsa
--------------------------
--------------------------
dhcp enable
dhcp server ip-pool valn10
network 10.10.1.0 255.255.255.0
dis this
gateway-list 10.10.1.1 //漂移地址
dis this
------------------------------
rt2:ip add dhcp-alloc
----------------------
rt1:ssh 1.1.1.1
*******************************
http://e-learning.51cto.com/video/8529
7251
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
