Switch(config)# enable password level level password
Switch(config)# no enable password level level password
hostname
1900/2900(config)#hostname hostname
IP Address
1900(config)#ip address {ip address} {mask}
1900(config)#ip address 10.5.5.11 255.255.255.0
2950(config#interface vlan 1
2950(config-if)#ip address {ip_address} {mask}
2950(config)#interface vlan 1
2950(config-if)#ip address 10.5.5.11 255.255.255.0
default gateway
1900/2950(config)#ip default-gateway {ip address}
1900/2950(config)#ip default-gateway 172.20.137.1
查看交换机的IP地址
1900#show ip
IP address: 10.5.5.11
Subnet mask: 255.255.255.0
Default gateway: 10.5.5.3
Management VLAN: 1
2950#show interface vlan 1
Vlan1 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0010.f
Internet address is 172.16.80.79/24
Broadcast address is 255.255.255.255
设置双工选项
1900(config)#interface e0/1
1900(config-if)#duplex {auto | full |full-flow-control | half}
2950(config)#interface fe0/1
2950(config-if)#duplex {auto | full | half}
设置端口速度 switch(config-if)# speed {10|100|auto}
查看MAC地址表
1900/2950#show mac-address-table
配置永久MAC地址
1900(config)#mac-address-table permanent {mac-address type module/port}
1900(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3
1900#show mac-address-table
2950(config)#mac-address-table static mac_addr {vlan vlan_id} [interface int1 [int2 ... int15]]
配置受限静态MAC地址
1900(config)#mac-address-table restricted static {mac-address type module/port src-if-list}
1900(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1
1900#show mac-address-table
2950(config)#mac-address-table secure mac-addr interface [vlan vlan-id]
2950(config)#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1
2950#show mac-address-table
配置端口安全性 1900(config-if)#port secure max-mac-count count
1900(config)#interface e0/4
1900(config-if)#port secure
1900(config-if)#port secure max-mac-count 1
1900(config)#address-violation {suspend | disable | ignore
1900# show mac-address-table security
2950(config-if)#port security max-mac-count count
2950(config)#interface fa0/1
2950(config-if)#port security
2950(config-if)#port security max-mac-count 10
2950(config-if)#port security action {shutdown | trap}
2950#show mac-address-table secure
2950#show port-security
管理配置文件
1900#copy nvram tftp://host/dst_file
1900#copy tftp://host/src_file nvram
1950#copy nvram tftp://10.1.1.1/wgswd.cfg
2950#copy startup-config tftp://host/dst_file
清除 NVRAM
1900#delete nvram
2950#erase startup-config
vlan配置
2900 VLAN建立
在2950下创建VLAN,在特权模式下使用vlan database命令
2950#vlan database
2950(vlan)#vlan 2 name Marketing
VLAN 2 modified:
Name: Marketing
2950(vlan)#vlan 3 name Accounting
VLAN 3 added:
Name: Accounting
2950(vlan)#apply
APPLY complete
2950(vlan)#Ctrl+C
2950#
端口分配
2950下的端口配置,使用switchport access vlan [vlan#]命令,
2950(config-if)#int f0/2
2950(config-if)#switchport access vlan 2
2950(config-if)#int f0/3
2950(config-if)#switchport access vlan 3
2950(config-if)#int f0/4
2950(config-if)#switchport access vlan 4
2950(config-if)#exit
2950(config)#exit
验证配置信息,如下:
2950#sh vlan
或
2950#sh vlan brief
trunk配置
1900 trunk配置
1900(config)#int f0/26
1900(config-if)#trunk on
2950下在接口配置模式,使用switchport命令,如下:
2950(config)#int f0/12
2950(config-if)#switchport mode trunk
2950(config-if)# switchport trunk encapsulation {isl|dot1q}
2950(config-if)#^Z
将某VLAN从中继中删除
2950(config-if)# switchport trunk allowed vlan remove vlan-list
添加某个VLAN到中继线路
2950(config-if)# switchport trunk allowed vlan add vlan-list
Configuring Inter-VLAN Routing
给连接1900的trunk端口配置,使用encapsulation isl [vlan#]命令,如下:
2600Router(config)#int f0/0.1
2600Router(config-subif)#encapsulation isl [vlan#]
2600Router(config-subif)#ip add ip add submask
给连接2950的这样配置,如下:
2600Router(config)#int f0/0.1
2600Router(config-subif)#encapsulation dot1q [vlan#]
2600Router(config-subif)#ip add ip add submask
VTP配置
1900(config)#vtp server
1900(config)#vtp domain noco
1900(config)#vtp password noko
在特权模式下使用show vtp命令验证,如下:
1900#sh vtp
VTP version: 1
Configuration revision: 0
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name: noco
VTP password: noko
VTP operating mode: Server
2950如下:
2950(config)#vtp mode server
2950(config)#vtp domain noco
验证信息,如下:
2950#sh vtp ?
counters VTP statistics
status VTP domain status
2950#sh vtp status
NAT配置
配置静态转换
Router(config)#ip nat inside source static local-ip global-ip
Router(config-if)#ip nat inside
Router(config-if)#ip nat outside
配置动态地址转换
Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Router(config)#access-list access-list-number permit source [source-wildcard]
Router(config)#ip nat inside source list access-list-number pool name
配置Overloading
Router(config)#access-list access-list-number permit source source-wildcard
Router(config)#ip nat inside source list access-list-number interface interface overload
清除NAT Translation Table
Router#clear ip nat translation * 清除所有的动态地址转换条目
Router#clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] 清除一个简单的动态地址转换条目( 内、外)
Router#clear ip nat translation outside local-ip global-ip清除一个简单的动态地址转换( 外)
Router#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] 清除一个扩展动态地址 转换条目
Show命令输出信息
Router#show ip nat translations