配置三层交换的综合事例
配置三层交换的综合事例(一)
网络基本情况
网络拓扑结构为 : 中心交换机采用 Cisco Catalyst 4006-S3 ,
Supervisor Engine III G 引擎位于第 1 插槽,用于实现三层交换 ;1 块 24 口
1000Base-T 模块位于第 2 插槽,用于连接网络服务器 ;1 块 6 端口 1000Base-X 模块位
于第 3 插槽,用于连接 6 台骨干交换机。一台交换机采用 Cisco Catalyst 3550-
24-EMI ,并安装 1 块 1000Base-X GBIC 千兆模块。一台交换机采用 Cisco
Catalyst 3550-24-SMI ,也安装 1 块 1000Base-X GBIC 千兆模块。另外四台交换机
采用 Cisco Catalyst 2950G -24-SMI ,安装 1 块 1000Base-T GBIC 千兆模块。
所有服务器划分为一个vlan ,即 VLAN 50 。四台 Catalyst 2950G -24-SMI 交换机也只划分为一个 VLAN ,分别为 VLAN 60 、 VLAN 70 、 VLAN 80 和 VLAN 90 。
Catalyst 3550-24-EMI 划分为 4 个 VLAN ,分别为 VLAN 10 、 VLAN 20 、 VLAN 30 和
VLAN 40 。 Catalyst 3550-24-SMI 划分 2 个 VLAN ,分别为 VLAN 60 和 VLAN 80 ,与另
外两台 Catalyst 2950G -24-SMI 交换机分别位于同一 VLAN 。
*************************** 实例分析 ****************************
由于所有 Catalyst 2950G 交换机都是一个独立的 VLAN ,因此,必须先在
这些交换机上创建 VLAN(VLAN 60~VLAN 90) ,并将所有端口都指定至该 VLAN 。然
后,再在 Catalyst 4006 交换机相应端口上分别创建 VLAN 。 Catalyst 4006 的
1000Base-X 端口分别与各 Catalyst 2950G 的 1000Base-X 端口连接。其中,
GigabitEthernet3/2 端口连接至 1 号 Catalyst 2950 交换机 (VLAN 60) , GigabitEthernet3/3 端口连接至 2 号 Catalyst 2950 交换机 (VLAN 70) , GigabitEthernet3/4 端口连接至 3 号 Catalyst 2950 交换机 (VLAN 80) , GigabitEthernet3/5 端口连接至 4 号 Catalyst 2950 交换机 (VLAN 90) , GigabitEthernet3/6 端口连接至 6 号楼交换机 (VLAN 80) 。
由于在 Catalyst 3550-24-EMI 上划分有 4 个 VLAN(VLAN 10 ~ VLAN 40) ,而 4 个 VLAN 都需借助于一条 1000Base-X 链路实现与 Catalyst 4006 的 GigabitEthernet3/1 端口连接,因此,必须在 Catalyst 4006 与 Catalyst 3550-24- EMI 之间创建一个 Trunk 。
同样,在 Catalyst 3550-24-SMI 上划分有 2 个 VLAN(VLAN 60 和 VLAN 80) ,而 4 个 VLAN 都需借助于一条 1000Base-X 链路实现与 Catalyst 4006 的 GigabitEthernet3/6 端口连接,因此,必须在 Catalyst 4006 与 Catalyst 3550-24- EMI 之间创建一个 Trunk 。
另外,所有服务器均连接至 Catalyst 4006 的 1000Base-T 模块,并单独成为一个 VLAN(VLAN 90) ,因此,也必须为这些交换机创建一个 VLAN ,并将所有端口指定至该 VLAN 。需要注意的是,考虑到网络管理的需要,也可以剩余几个 RJ-45 端口 ( 如 21 至 24 端口 ) 不指定至任何 VLAN ,从而便于连接网络管理设备。默认状态下,所有端口都属于 VLAN1 ,而且也只有在 VLAN1 中才能实现对网络中所有设备的管理。
*************************** 配置清单 ******************************
●Cisco Catalyst 4006 交换机配置清单
Current configuration : 5594 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname hsnc
!
boot system bootflash:cat4000-is-mz.121 -8a .EW1.bin
no logging console
enable secret level 1 5 $1$rkQW$1HKyKdN 5f .Ri5zxeoF8Yv/
!
ip subnet-zero
!
!
!
interface GigabitEthernet1/1
no snmp trap link-status
!-- 不为 Supervisor Engine III G 引擎中的 1000Base-X 插槽指定 VLAN
interface GigabitEthernet1/2
no snmp trap link-status
!
!
interface GigabitEthernet2/1
switchport access vlan 50
no snmp trap link-status
!-- 将端口 GigabitEthernet2/1 指定至 VLAN 50
!
interface GigabitEthernet2/2
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/3
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/4
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/5
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/6
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/7
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/8
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/9
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/10
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/11
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/12
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/13
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/14
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/15
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/16
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/17
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/18
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/19
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/20
switchport access vlan 50
no snmp trap link-status
!-- 不将 GigabitEthernet2/20 ~ 24 指定至任何 VLAN
!
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议 ,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-90 在该中继线通讯
! -- 可以拒绝或允许某个 VLAN 访问该 Trunk
! -- 确保未被授权的 VLAN 通过该 Trunk ,实现 VLAN 的访问安全
switchport mode trunk
! -- 将该端口设置为 Trunk
description netcenter
no snmp trap link-status
!
interface GigabitEthernet3/2
switchport access vlan 60
no snmp trap link-status
!-- 将端口 GigabitEthernet3/2 指定至 VLAN 60
!
interface GigabitEthernet3/3
switchport access vlan 70
no snmp trap link-status
!-- 将端口 GigabitEthernet3/3 指定至 VLAN 70
!
interface GigabitEthernet3/4
switchport access vlan 80
no snmp trap link-status
!-- 将端口 GigabitEthernet3/4 指定至 VLAN 80
!
interface GigabitEthernet3/5
switchport access vlan 90
no snmp trap link-status
!-- 将端口 GigabitEthernet3/5 指定至 VLAN 90
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-90 在该中继线通讯
! -- 可以拒绝或允许某个 VLAN 访问该 Trunk
! -- 从而确保未被授权的 VLAN 通过该 Trunk ,实现 VLAN 访问安全
switchport mode trunk
! -- 将该端口设置为 Trunk
description netcenter
no snmp trap link-status
!
interface Vlan1
description netmanger
no ip address
!
!-- 对 VLAN1 进行描述
interface Vlan10
description network center
no ip address
!-- 对 VLAN2 进行描述
!
interface Vlan20
description computer center
no ip address
!
interface Vlan30
description network lab
no ip address
!
interface Vlan40
description huaxuelou
no ip address
!
interface Vlan50
description wulilou
no ip address
!
interface Vlan60
description shengwulou
no ip address
!
interface Vlan70
description zhongwenxi
no ip address
!
interface Vlan80
description tushuguan
no ip address
!
!
line con 0
stopbits 1
line vty 0 4
password aaa
login
!
end
网络拓扑结构为 : 中心交换机采用 Cisco Catalyst 4006-S3 ,
Supervisor Engine III G 引擎位于第 1 插槽,用于实现三层交换 ;1 块 24 口
1000Base-T 模块位于第 2 插槽,用于连接网络服务器 ;1 块 6 端口 1000Base-X 模块位
于第 3 插槽,用于连接 6 台骨干交换机。一台交换机采用 Cisco Catalyst 3550-
24-EMI ,并安装 1 块 1000Base-X GBIC 千兆模块。一台交换机采用 Cisco
Catalyst 3550-24-SMI ,也安装 1 块 1000Base-X GBIC 千兆模块。另外四台交换机
采用 Cisco Catalyst 2950G -24-SMI ,安装 1 块 1000Base-T GBIC 千兆模块。
所有服务器划分为一个vlan ,即 VLAN 50 。四台 Catalyst 2950G -24-SMI 交换机也只划分为一个 VLAN ,分别为 VLAN 60 、 VLAN 70 、 VLAN 80 和 VLAN 90 。
Catalyst 3550-24-EMI 划分为 4 个 VLAN ,分别为 VLAN 10 、 VLAN 20 、 VLAN 30 和
VLAN 40 。 Catalyst 3550-24-SMI 划分 2 个 VLAN ,分别为 VLAN 60 和 VLAN 80 ,与另
外两台 Catalyst 2950G -24-SMI 交换机分别位于同一 VLAN 。
*************************** 实例分析 ****************************
由于所有 Catalyst 2950G 交换机都是一个独立的 VLAN ,因此,必须先在
这些交换机上创建 VLAN(VLAN 60~VLAN 90) ,并将所有端口都指定至该 VLAN 。然
后,再在 Catalyst 4006 交换机相应端口上分别创建 VLAN 。 Catalyst 4006 的
1000Base-X 端口分别与各 Catalyst 2950G 的 1000Base-X 端口连接。其中,
GigabitEthernet3/2 端口连接至 1 号 Catalyst 2950 交换机 (VLAN 60) , GigabitEthernet3/3 端口连接至 2 号 Catalyst 2950 交换机 (VLAN 70) , GigabitEthernet3/4 端口连接至 3 号 Catalyst 2950 交换机 (VLAN 80) , GigabitEthernet3/5 端口连接至 4 号 Catalyst 2950 交换机 (VLAN 90) , GigabitEthernet3/6 端口连接至 6 号楼交换机 (VLAN 80) 。
由于在 Catalyst 3550-24-EMI 上划分有 4 个 VLAN(VLAN 10 ~ VLAN 40) ,而 4 个 VLAN 都需借助于一条 1000Base-X 链路实现与 Catalyst 4006 的 GigabitEthernet3/1 端口连接,因此,必须在 Catalyst 4006 与 Catalyst 3550-24- EMI 之间创建一个 Trunk 。
同样,在 Catalyst 3550-24-SMI 上划分有 2 个 VLAN(VLAN 60 和 VLAN 80) ,而 4 个 VLAN 都需借助于一条 1000Base-X 链路实现与 Catalyst 4006 的 GigabitEthernet3/6 端口连接,因此,必须在 Catalyst 4006 与 Catalyst 3550-24- EMI 之间创建一个 Trunk 。
另外,所有服务器均连接至 Catalyst 4006 的 1000Base-T 模块,并单独成为一个 VLAN(VLAN 90) ,因此,也必须为这些交换机创建一个 VLAN ,并将所有端口指定至该 VLAN 。需要注意的是,考虑到网络管理的需要,也可以剩余几个 RJ-45 端口 ( 如 21 至 24 端口 ) 不指定至任何 VLAN ,从而便于连接网络管理设备。默认状态下,所有端口都属于 VLAN1 ,而且也只有在 VLAN1 中才能实现对网络中所有设备的管理。
*************************** 配置清单 ******************************
●Cisco Catalyst 4006 交换机配置清单
Current configuration : 5594 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname hsnc
!
boot system bootflash:cat4000-is-mz.121 -8a .EW1.bin
no logging console
enable secret level 1 5 $1$rkQW$1HKyKdN 5f .Ri5zxeoF8Yv/
!
ip subnet-zero
!
!
!
interface GigabitEthernet1/1
no snmp trap link-status
!-- 不为 Supervisor Engine III G 引擎中的 1000Base-X 插槽指定 VLAN
interface GigabitEthernet1/2
no snmp trap link-status
!
!
interface GigabitEthernet2/1
switchport access vlan 50
no snmp trap link-status
!-- 将端口 GigabitEthernet2/1 指定至 VLAN 50
!
interface GigabitEthernet2/2
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/3
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/4
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/5
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/6
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/7
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/8
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/9
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/10
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/11
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/12
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/13
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/14
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/15
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/16
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/17
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/18
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/19
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/20
switchport access vlan 50
no snmp trap link-status
!-- 不将 GigabitEthernet2/20 ~ 24 指定至任何 VLAN
!
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议 ,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-90 在该中继线通讯
! -- 可以拒绝或允许某个 VLAN 访问该 Trunk
! -- 确保未被授权的 VLAN 通过该 Trunk ,实现 VLAN 的访问安全
switchport mode trunk
! -- 将该端口设置为 Trunk
description netcenter
no snmp trap link-status
!
interface GigabitEthernet3/2
switchport access vlan 60
no snmp trap link-status
!-- 将端口 GigabitEthernet3/2 指定至 VLAN 60
!
interface GigabitEthernet3/3
switchport access vlan 70
no snmp trap link-status
!-- 将端口 GigabitEthernet3/3 指定至 VLAN 70
!
interface GigabitEthernet3/4
switchport access vlan 80
no snmp trap link-status
!-- 将端口 GigabitEthernet3/4 指定至 VLAN 80
!
interface GigabitEthernet3/5
switchport access vlan 90
no snmp trap link-status
!-- 将端口 GigabitEthernet3/5 指定至 VLAN 90
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-90 在该中继线通讯
! -- 可以拒绝或允许某个 VLAN 访问该 Trunk
! -- 从而确保未被授权的 VLAN 通过该 Trunk ,实现 VLAN 访问安全
switchport mode trunk
! -- 将该端口设置为 Trunk
description netcenter
no snmp trap link-status
!
interface Vlan1
description netmanger
no ip address
!
!-- 对 VLAN1 进行描述
interface Vlan10
description network center
no ip address
!-- 对 VLAN2 进行描述
!
interface Vlan20
description computer center
no ip address
!
interface Vlan30
description network lab
no ip address
!
interface Vlan40
description huaxuelou
no ip address
!
interface Vlan50
description wulilou
no ip address
!
interface Vlan60
description shengwulou
no ip address
!
interface Vlan70
description zhongwenxi
no ip address
!
interface Vlan80
description tushuguan
no ip address
!
!
line con 0
stopbits 1
line vty 0 4
password aaa
login
!
end
配置三层交换的综合事例(二)
●Cisco Catalyst 3550-EMI
配置清单
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!-- 将端口 FastEthernet0/1 指定至 VLAN 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 30
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 30
!
interface FastEthernet0/12
switchport access vlan 30
no ip address
!
interface FastEthernet0/13
switchport access vlan 30
no ip address
!
interface FastEthernet0/14
switchport access vlan 30
no ip address
!
interface FastEthernet0/15
switchport access vlan 30
no ip address
!
interface FastEthernet0/16
switchport access vlan 30
no ip address
!
interface FastEthernet0/17
switchport access vlan 30
no ip address
!
interface FastEthernet0/18
switchport access vlan 30
no ip address
!
interface FastEthernet0/19
switchport access vlan 40
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 40
!
interface FastEthernet0/20
switchport access vlan 40
no ip address
!
interface FastEthernet0/21
switchport access vlan 40
no ip address
!
interface FastEthernet0/22
switchport access vlan 30
no ip address
!
interface FastEthernet0/23
switchport access vlan 40
no ip address
!
interface FastEthernet0/24
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议 ,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-80 在该中继线通讯
switchport mode trunk
! -- 将该端口设置为 Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.12 255.255.255.0
!--LAN1 指定 IP 地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
●Cisco Catalyst 3550-SMI 配置清单
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 60
!-- 将端口 FastEthernet0/1 指定至 VLAN 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 80
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 80
!
interface FastEthernet0/12
switchport access vlan 80
no ip address
!
interface FastEthernet0/13
switchport access vlan 80
no ip address
!
interface FastEthernet0/14
switchport access vlan 80
no ip address
!
interface FastEthernet0/15
switchport access vlan 80
no ip address
!
interface FastEthernet0/16
switchport access vlan 80
no ip address
!
interface FastEthernet0/17
switchport access vlan 80
no ip address
!
interface FastEthernet0/18
switchport access vlan 80
no ip address
!
interface FastEthernet0/19
switchport access vlan 80
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 80
!
interface FastEthernet0/20
switchport access vlan 80
no ip address
!
interface FastEthernet0/21
switchport access vlan 80
no ip address
!
interface FastEthernet0/22
switchport access vlan 80
no ip address
!
interface FastEthernet0/23
switchport access vlan 80
no ip address
!
interface FastEthernet0/24
switchport access vlan 80
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-80 在该中继线通讯
switchport mode trunk
! -- 从将该端口设置为 Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.13 255.255.255.0
!-- 为 LAN1 指定 IP 地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!-- 将端口 FastEthernet0/1 指定至 VLAN 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 30
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 30
!
interface FastEthernet0/12
switchport access vlan 30
no ip address
!
interface FastEthernet0/13
switchport access vlan 30
no ip address
!
interface FastEthernet0/14
switchport access vlan 30
no ip address
!
interface FastEthernet0/15
switchport access vlan 30
no ip address
!
interface FastEthernet0/16
switchport access vlan 30
no ip address
!
interface FastEthernet0/17
switchport access vlan 30
no ip address
!
interface FastEthernet0/18
switchport access vlan 30
no ip address
!
interface FastEthernet0/19
switchport access vlan 40
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 40
!
interface FastEthernet0/20
switchport access vlan 40
no ip address
!
interface FastEthernet0/21
switchport access vlan 40
no ip address
!
interface FastEthernet0/22
switchport access vlan 30
no ip address
!
interface FastEthernet0/23
switchport access vlan 40
no ip address
!
interface FastEthernet0/24
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议 ,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-80 在该中继线通讯
switchport mode trunk
! -- 将该端口设置为 Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.12 255.255.255.0
!--LAN1 指定 IP 地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
●Cisco Catalyst 3550-SMI 配置清单
Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 60
!-- 将端口 FastEthernet0/1 指定至 VLAN 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 20
!
interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 80
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 80
!
interface FastEthernet0/12
switchport access vlan 80
no ip address
!
interface FastEthernet0/13
switchport access vlan 80
no ip address
!
interface FastEthernet0/14
switchport access vlan 80
no ip address
!
interface FastEthernet0/15
switchport access vlan 80
no ip address
!
interface FastEthernet0/16
switchport access vlan 80
no ip address
!
interface FastEthernet0/17
switchport access vlan 80
no ip address
!
interface FastEthernet0/18
switchport access vlan 80
no ip address
!
interface FastEthernet0/19
switchport access vlan 80
no ip address
!-- 将端口 FastEthernet0/6 指定至 VLAN 80
!
interface FastEthernet0/20
switchport access vlan 80
no ip address
!
interface FastEthernet0/21
switchport access vlan 80
no ip address
!
interface FastEthernet0/22
switchport access vlan 80
no ip address
!
interface FastEthernet0/23
switchport access vlan 80
no ip address
!
interface FastEthernet0/24
switchport access vlan 80
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
! -- 启用 802.1Q Trunk 封装协议,即在该端口创建 Trunk
switchport trunk allowed vlan 1-80
! -- 允许 vlan 1-80 在该中继线通讯
switchport mode trunk
! -- 从将该端口设置为 Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.13 255.255.255.0
!-- 为 LAN1 指定 IP 地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
配置三层交换的综合事例(三)
●Cisco Catalyst 2950G
配置清单
四台 Cisco Catalyst 2950G 的配置基本相同,下面仅列出vlan6 0 的配置情况。
Building configuration...
Current configuration : 2143 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msl
!
enable password aaa
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 60
no ip address
!
interface FastEthernet0/7
switchport access vlan 60
no ip address
!
interface FastEthernet0/8
switchport access vlan 60
no ip address
!
interface FastEthernet0/9
switchport access vlan 60
no ip address
!
interface FastEthernet0/10
switchport access vlan 60
no ip address
!
interface FastEthernet0/11
switchport access vlan 60
no ip address
!
interface FastEthernet0/12
switchport access vlan 60
no ip address
!
interface FastEthernet0/13
switchport access vlan 60
no ip address
!
interface FastEthernet0/14
switchport access vlan 60
no ip address
!
interface FastEthernet0/15
switchport access vlan 60
no ip address
!
interface FastEthernet0/16
switchport access vlan 60
no ip address
!
interface FastEthernet0/17
switchport access vlan 60
no ip address
!
interface FastEthernet0/18
switchport access vlan 60
no ip address
!
interface FastEthernet0/19
switchport access vlan 60
no ip address
!
interface FastEthernet0/20
switchport access vlan 60
no ip address
!
interface FastEthernet0/21
switchport access vlan 60
no ip address
!
interface FastEthernet0/22
switchport access vlan 60
no ip address
!
interface FastEthernet0/23
switchport access vlan 60
no ip address
!
interface FastEthernet0/24
switchport access vlan 60
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.10 255.255.255.0
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end
四台 Cisco Catalyst 2950G 的配置基本相同,下面仅列出vlan6 0 的配置情况。
Building configuration...
Current configuration : 2143 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msl
!
enable password aaa
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 60
no ip address
!
interface FastEthernet0/7
switchport access vlan 60
no ip address
!
interface FastEthernet0/8
switchport access vlan 60
no ip address
!
interface FastEthernet0/9
switchport access vlan 60
no ip address
!
interface FastEthernet0/10
switchport access vlan 60
no ip address
!
interface FastEthernet0/11
switchport access vlan 60
no ip address
!
interface FastEthernet0/12
switchport access vlan 60
no ip address
!
interface FastEthernet0/13
switchport access vlan 60
no ip address
!
interface FastEthernet0/14
switchport access vlan 60
no ip address
!
interface FastEthernet0/15
switchport access vlan 60
no ip address
!
interface FastEthernet0/16
switchport access vlan 60
no ip address
!
interface FastEthernet0/17
switchport access vlan 60
no ip address
!
interface FastEthernet0/18
switchport access vlan 60
no ip address
!
interface FastEthernet0/19
switchport access vlan 60
no ip address
!
interface FastEthernet0/20
switchport access vlan 60
no ip address
!
interface FastEthernet0/21
switchport access vlan 60
no ip address
!
interface FastEthernet0/22
switchport access vlan 60
no ip address
!
interface FastEthernet0/23
switchport access vlan 60
no ip address
!
interface FastEthernet0/24
switchport access vlan 60
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.10 255.255.255.0
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end