步骤一、交换机和PC机的基本配置
步骤二、关闭交换机的所有端口,然后启用接入端口
S1(config)#int range f0/1 - 24
S1(config-if-range)#shutdown
S1(config-if-range)#int range g1/1 - 2
S1(config-if-range)#shutdown
S1(config-if-range)#int f0/6
S1(config-if)#switchport mode access
S1(config-if)#no shut
S1(config-if)#int f0/11
S1(config-if)#switchport mode access
S1(config-if)#no shut
S1(config-if)#int f0/18
S1(config-if)#switchport mode access
S1(config-if)#no shut
(交换机S2、S3配置参考S1)
步骤三、配置中继链路和本征VLAN
S1(config)#int range f0/1 – 4
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#no shut
(交换机S2、S3配置参考S1)
步骤四、配置VTP
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain cisco
Changing VTP domain name from NULL to cisco
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S2(config)#vtp mode client
Device mode already VTP CLIENT.
S2(config)#vtp domain cisco
Changing VTP domain name from NULL to cisco
S2(config)#vtp password cisco
Setting device VLAN database password to cisco
S3(config)#vtp mode client
Device mode already VTP CLIENT.
S3(config)#vtp domain cisco
Changing VTP domain name from NULL to cisco
S3(config)#vtp password cisco
Setting device VLAN database password to cisco
步骤五、在S1(VTP Server)上配置VLAN
S1(config)#vlan 10
S1(config-vlan)#name staff
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name students
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name guest
S1(config-vlan)#exit
S1(config)#vlan 99
S1(config-vlan)#name management
S1(config-vlan)#exit
(配置至此,用#sh vlan brief命令查看S2、S3交换机的vlan配置,会看到VTP Server已经将VLAN信息传播至两个交换机)
步骤六、为各个VLAN分配接口
S1(config)#interface range fa0/6 - 10
S1(config-if-range)#switchport access vlan 10
S1(config-if-range)#interface range fa0/11-17
S1(config-if-range)#switchport access vlan 20
S1(config-if-range)#interface range fa0/18-24
S1(config-if-range)#switchport access vlan 30
S1(config-if-range)#exit
(交换机S2、S3配置参考S1)
步骤七、接入层交换机上配置端口安全功能
S1(config)#interface fa0/6
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#interface fa0/11
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#interface fa0/18
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#end
(交换机S2、S3配置参考S1)
注:
interface FastEthernet0/1
switchport mode access
switchport port-security maximum 1 //设置最多只允许一个MAC地址通过
switchport port-security //启用端口安全
switchport port-security violation protect //设定破坏规则的动作为端口保护
switchport port-security mac-address sticky //设定端口的行为是MAC地址粘贴
switchport port-security mac-address sticky 0012.3f12.cfd6 //指定具体的粘贴MAC地址
说明:其实端口安全的默认设置的maximum是1,如果需要限定几个MAC,设为几就OK了。
步骤八、为各交换机配置管理VLAN地址和默认网关
S1(config)#ip default-gateway 192.168.1.1
S1(config)#interface vlan99
S1(config-if)#ip address 192.168.99.11 255.255.255.0
S1(config-if)#no shutdown
S2(config)#ip default-gateway 192.168.1.1
S2(config)#interface vlan99
S2(config-if)#ip address 192.168.99.12 255.255.255.0
S2(config-if)#no shutdown
S3(config)#ip default-gateway 192.168.1.1
S3(config)#interface vlan99
S3(config-if)#ip address 192.168.99.13 255.255.255.0
S3(config-if)#no shutdown
步骤九、按下列要求配置并改良STP
S1 成为 VLAN 10 的根桥(优先级 4096)、VLAN 20 的备用根桥(优先级 16384)
S2 成为 VLAN 20 的根桥(优先级 4096)、VLAN 30 的备用根桥(优先级 16384)
S3 成为 VLAN 30 的根桥(优先级 4096)、VLAN 10 的备用根桥(优先级 16384)
S1(config)#spanning-tree vlan 10 priority 4096
S1(config)#spanning-tree vlan 20 priority 16384
S2(config)#spanning-tree vlan 20 priority 4096
S2(config)#spanning-tree vlan 30 priority 16384
S3(config)#spanning-tree vlan 30 priority 4096
S3(config)#spanning-tree vlan 10 priority 16384
注
1、查看MAC地址 Switch#show mac-address-table
2、查看配置命令 Switch#show running-config
3、查看CDP邻居信息命令
1)查看CDP全局配置信息 Swintch#show cdp
2)查看某借口配置信息 Swintch#show cdp interface f0/19
3)显示有关CDP包的统计信息 Swintch#show cdp traffic
4)列出与本设备相邻的设备 Swintch#show cdp neighbors
5)显示详细的邻居信息 Swintch#show cdp neighbors detail
6)显示所有入口项的细节 Swintch#show cdp entry *
4、查看VLAN信息命令 Swintch#show vlan brief
5、查看某个VLAN的信息 Swintch#show vlan 2
6、查看端口的VLAN号 Swintch#show running-config interface f0/2
7、查端口的管理模式和VLAN的情况Swintch#show interfaces f0/2 switchport
8、查看历史命令 Swintch#show history
9、查看闪存 Swintch#dir flash
10、查看VTP配置信息 Swithc#show vtp status
11、查看生成树配置 Swithc#show spanning-tree
12、查看VLAN的生成树详细信息Swithc#show spanning-tree vlan 2 detail
13、查看FIB表 Swithc#show ip cef
14、查看邻居关系表 Swithc#show adjacency detail
15、查看二层以太通道信息 Swithc#show etherchannel 1 summary
注:如果在其它模式查看前面加上 “do”就可以了