天天看點
傳回

Cisco 2950 一公司标準配置

如下為一臺灣企業的CISCO2950J交換機標準配置 1. 清空vlan  , 清空配置檔案,然後重新啟動!

Switch#delete flash:vlan.dat   ---刪除vlan

Switch#erase startup-config   ---清除配置檔案

Switch#reload              ---重新啟動交換機

2. 重新配置交換機

配置交換機名稱、密碼(enable、secret)

Switch(config)#hostname A-F5-2-01-A  ---把交換機命名成A-F5-2-01-A

A-F5-2-01-A(config)#enable password switch   ---設置enable密碼為switch

A-F5-2-01-A(config)#enable secret cisco   ---設置secret密碼為cisco

3. 配置vlan( 有兩種方法配置vlan)

a.進配置模式配置

A-F5-2-01-A#conf t

A-F5-2-01-A(config)#vlan 455   ---新增vlan455

A-F5-2-01-A(config-vlan)#vlan 456   ---新增vlan456

A-F5-2-01-A(config-vlan)#vlan 457   ---新增vlan457

A-F5-2-01-A(config-vlan)#vlan 458   ---新增vlan458

b.進vlan database 配置(此模式下不可以用end 退出,隻能用exit退出)

A-F5-2-01-A#vlan database   ---進入vlan database模式

A-F5-2-01-A(vlan)#vlan 465

VLAN 465 added:

    Name: VLAN0465  默認名稱為vlan+0+vlan名稱

A-F5-2-01-A(vlan)#vlan 466   ---新增vlan465

VLAN 466 added:

    Name: VLAN0466   ---vlan系統默認名稱為VLAN0466

A-F5-2-01-A(vlan)#vlan 467 name 467  ---vlan取名為467

VLAN 467 added:

    Name: 467

A-F5-2-01-A(vlan)#

A-F5-2-01-A(vlan)#end  ---end退出報錯誤,此模式下隻能用exit退出

                   ^

% Invalid input detected at '^' marker.

A-F5-2-01-A(vlan)#exit  ---exit退出正常

APPLY completed.

Exiting....

A-F5-2-01-A#

4. 配置管理IP 、預設網關、配置vty 、console 連接、添加登入賬號

A-F5-2-01-A(config)#interface vlan 455

A-F5-2-01-A(config-if)#ip address 192.168.1.1. 255.255.255.0   ---配置管理IP

A-F5-2-01-A(config)#ip default-gateway 192.168. 1.250---配置預設網關

A-F5-2-01-A(config)#line ?

  <0-16>   First Line number

  console  Primary terminal line

  vty      Virtual terminal

A-F5-2-01-A(config)#line vty 0 4   ---配置VTY ,總共可以同時通過5個連接

A-F5-2-01-A(config-line)#password switch   ---配置連接密碼switch

A-F5-2-01-A(config-line)#login   ---一定得配login否則前面配vty無效

A-F5-2-01-A(config)#line console 0   ---配console連接,此處勿配密碼

A-F5-2-01-A(config-line)#logging synchronous

A-F5-2-01-A(config-line)# end

Enter configuration commands, one per line.  End with CNTL/Z.

A-F5-2-01-A(config)#usern

A-F5-2-01-A(config)#username echo pr

A-F5-2-01-A(config)#username echo privilege 15 pass

A-F5-2-01-A(config)#username echo privilege 15 password echo                      ---配置登錄賬號,權限15級,最高

(service password encryption 賬號加密指令,可配可不配,配了密碼show看不到)

5. 配置主端口、配置主端口允許通過的vlan 、配置端口描述

A-F5-2-01-A(config)#interface gi0/1   ---進入千兆1端口

A-F5-2-01-A(config-if)#switchport mode trunk  ---配置trunk模式,此模式可連交換機

A-F5-2-01-A(config-if)#no shutdown  ---開啟端口

A-F5-2-01-A(config-if)#exit

A-F5-2-01-A(config)#interface gi0/2   ---進入千兆2端口

A-F5-2-01-A(config-if)#switchport mode trunk

A-F5-2-01-A(config-if)#no shutdown

A-F5-2-01-A(config)#interface range gi0/1 -2  ---同時進入2個千兆口

A-F5-2-01-A(config-if-range)#switchport trunk allowed vlan 455,456

------允許vlan 455,456通過

A-F5-2-01-A(config-if-range)#switchport trunk allow vlan add 465,466

------增加vlan 465,466 通過,一定要加add,否則是替代不是增加

A-F5-2-01-A(config-if-range)#end

A-F5-2-01-A(config)#interface gi0/1

A-F5-2-01-A(config-if)#description connect to 4506   ---配置端口描述

A-F5-2-01-A(config)#interface gi0/2

A-F5-2-01-A(config)#interface range fa0/1 – 2   ---同時配置1-2號端口

A-F5-2-01-A(config-if-range)#switchport mode trunk

A-F5-2-01-A(config-if-range)#no shutdown

A-F5-2-01-A(config-if-range)exit

A-F5-2-01-A(config)#interface range fa0/3

A-F5-2-01-A(config-if)#switchport mode access

A-F5-2-01-A(config)#interface fa0/1

A-F5-2-01-A(config-if)#description connect to A-F5-2-01-B  ---端口描述

A-F5-2-01-A(config-if)#interface fa0/2  ----此模式下可直接從1端口跳到2端口進行配置

A-F5-2-01-A(config-if)#description connect to A-F5-2-01-C

A-F5-2-01-A(config-if)#interface fa0/3

A-F5-2-01-A(config-if)#description connect to A-F5-2-01-D

6. 配置普通端口assess 模式,把普通端口加入vlan

A-F5-2-01-A(config)#interface range fastEthernet0/4 – 24  ---同時配置4-24號端口

A-F5-2-01-A(config-if-range)#switchport mode access

A-F5-2-01-A(config-if)#switchport access vlan 465   ---把1-3端口加入vlan465

A-F5-2-01-A(config-if-range)#interface range fa0/4 -24

A-F5-2-01-A(config-if-range)#switchport access vlan 456   ---把4-24端口加入vlan456

7. 配置廣播風暴,多點傳播風暴,配置

A-F5-2-01-A(config)#interface range fa0/2 – 24

A-F5-2-01-A(config-if-range)#storm-control bro

A-F5-2-01-A(config-if-range)#storm-control broadcast level 2  ---配置廣播風暴

A-F5-2-01-A(config-if-range)#storm-control multicast level 2   ---配置多點傳播風暴

A-F5-2-01-A(config-if-range)#storm-control action shutdown  ---超過限制自動down掉

A-F5-2-01-A(config)#interface range fastEthernet0/4 – 24

A-F5-2-01-A(config-if-range)#spanning-tree portfast   ---配置spantree

A-F5-2-01-A(config-if-range)#spanning-tree bpduguard enable   ---配置spantree

A-F5-2-01-A (config-if-range)#end

8. 配置允許兩個MAC 位址通過端口

A-F5-2-01-A(config)#interface range fa0/4 -24

A-F5-2-01-A(config-if-range)#switchport port-security  ---先啟用port-security

A-F5-2-01-A(config-if-range)#switchport port-security maximum 2

------配置允許2個MAC位址通過,默認為一個

9. 配置802.1X 協議

A-F5-2-01-A(config-if-range)#dot1x port-control auto  ---配置成自動

A-F5-2-01-A(config-if-range)#dot1x timeout tx-period 15  ---配置連接15s

A-F5-2-01-A(config-if-range)#dot1x timeout server-timeout 30

A-F5-2-01-A#wr

A-F5-2-01-A#show running-config

Building configuration...

Current configuration : 8524 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

hostname A-F5-2-01-A

enable secret 5 $1$0A9M$TeUTsDGC2MeDZnH8S6l7C/   ---加密了的secret密碼

enable password switch   ---enable密碼

username XXX privilege 15 password 0 XXX  ---登入賬號及密碼

ip subnet-zero

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

interface FastEthernet0/1    ---連接cisco交換機(廣播、多點傳播風暴在下層交換機端口上設置)

 description connect to A-F5-2-01-B

 switchport mode trunk

 storm-control action shutdown

interface FastEthernet0/2

 description connect to A-F5-2-01-C   ---連接asus 2024B交換機

 storm-control broadcast level 2.00

 storm-control multicast level 2.00

interface FastEthernet0/3   ---連接hub ,此端口設置成access模式,

 description connect to A-F5-2-01-D

 switchport access vlan 465  ---假如465是VIP,則下面hub下端口都是VIP

 switchport mode access

interface FastEthernet0/4

 switchport access vlan 456

 switchport mode access    ---端口所處模式,此模式不可接交換機,可接HUB

switchport port-security    ---啟用port-security,默認不啟用

 switchport port-security maximum 2   ---允許通過2個MAC位址

 storm-control broadcast level 2.00   ---配置廣播風暴

 storm-control multicast level 2.00  ---配置多點傳播風暴

 storm-control action shutdown   ---超過上面的限制自動down掉

 dot1x port-control auto    ---802.1X協議

 dot1x timeout tx-period 15

 spanning-tree portfast   ---配置spanning-tree協議

 spanning-tree bpduguard enable

……

interface FastEthernet0/24

 switchport port-security

 switchport port-security maximum 2

 dot1x port-control auto

 spanning-tree portfast

interface GigabitEthernet0/1

 description connect to 4506

 switchport trunk allowed vlan 455,456,465,466

interface GigabitEthernet0/2

interface Vlan1

 no ip address

 no ip route-cache

 shutdown

interface Vlan455

 ip address 192.168.1.1 255.255.255.0   ---管理IP

ip default-gateway192.168.1.250  ---網關

ip http server

line con 0  --- console連接

 logging synchronous

 login

line vty 0 4   ---vty連接

 password switch   ---vty連接密碼

line vty 5 15

end

cisco 職場 Storm 休閑
上一篇: 在2950交換機上配置VTP
下一篇: cisco 2950 交換機 配置執行個體

繼續閱讀