如下為一臺灣企業的CISCO2950J交換機標準配置
 
1.清空vlan  ,清空配置文件,然後重新啟動!
Switch#delete flash:vlan.dat   ---刪除vlan
Switch#erase startup-config   ---清除配置文件
Switch#reload              ---重新啟動交換機
2.重新配置交換機
配置交換機名稱、密碼(enablesecret
Switch(config)#hostname A-F5-2-01-A  ---把交換機命名成A-F5-2-01-A
A-F5-2-01-A(config)#enable password switch   ---設置enable密碼為switch
A-F5-2-01-A(config)#enable secret cisco   ---設置secret密碼為cisco
3.配置vlan(有兩種方法配置vlan)
a.進配置模式配置
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#vlan 455   ---新增vlan455
A-F5-2-01-A(config-vlan)#vlan 456   ---新增vlan456
A-F5-2-01-A(config-vlan)#vlan 457   ---新增vlan457
A-F5-2-01-A(config-vlan)#vlan 458   ---新增vlan458
b.vlan database 配置(此模式下不可以用end 退出,只能用exit退出)
A-F5-2-01-A#vlan database   ---進入vlan database模式
A-F5-2-01-A(vlan)#vlan 465
VLAN 465 added:
    Name: VLAN0465  默認名稱為vlan+0+vlan名稱
A-F5-2-01-A(vlan)#vlan 466   ---新增vlan465
VLAN 466 added:
    Name: VLAN0466   ---vlan系統默認名稱為VLAN0466
A-F5-2-01-A(vlan)#vlan 467 name 467  ---vlan取名為467
VLAN 467 added:
    Name: 467
A-F5-2-01-A(vlan)#
A-F5-2-01-A(vlan)#end  ---end退出報錯誤,此模式下只能用exit退出
                   ^
% Invalid input detected at '^' marker.
A-F5-2-01-A(vlan)#exit  ---exit退出正常
APPLY completed.
Exiting....
A-F5-2-01-A#
4.配置管理IP、缺省網關、配置vtyconsole連接、添加登入賬號
A-F5-2-01-A(config)#interface vlan 455
A-F5-2-01-A(config-if)#ip address 192.168.1.1. 255.255.255.0   ---配置管理IP
A-F5-2-01-A(config)#ip default-gateway 192.168. 1.250---配置缺省網關
A-F5-2-01-A(config)#line ?
  <0-16>   First Line number
  console  Primary terminal line
  vty      Virtual terminal
 
A-F5-2-01-A(config)#line vty 0 4   ---配置VTY ,總共可以同時通過5個連接
A-F5-2-01-A(config-line)#password switch   ---配置連接密碼switch
A-F5-2-01-A(config-line)#login   ---一定得配login否則前面配vty無效
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#line console 0   ---console連接,此處勿配密碼
A-F5-2-01-A(config-line)#logging synchronous
A-F5-2-01-A(config-line)# end
A-F5-2-01-A#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
A-F5-2-01-A(config)#usern
A-F5-2-01-A(config)#username echo pr
A-F5-2-01-A(config)#username echo privilege 15 pass
A-F5-2-01-A(config)#username echo privilege 15 password echo                      ---配置登錄賬號,權限15級,最高
(service password encryption 賬號加密命令可配可不配配了密碼show看不到)
A-F5-2-01-A#
 
5.配置主端口、配置主端口允許通過的vlan、配置端口描述
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface gi0/1   ---進入千兆1端口
A-F5-2-01-A(config-if)#switchport mode trunk  ---配置trunk模式,此模式可連交換機
A-F5-2-01-A(config-if)#no shutdown  ---開啟端口
A-F5-2-01-A(config-if)#exit
A-F5-2-01-A(config)#interface gi0/2   ---進入千兆2端口
A-F5-2-01-A(config-if)#switchport mode trunk
A-F5-2-01-A(config-if)#no shutdown
A-F5-2-01-A(config)#interface range gi0/1 -2  ---同時進入2個千兆口
A-F5-2-01-A(config-if-range)#switchport trunk allowed vlan 455,456
------允許vlan 455,456通過
A-F5-2-01-A(config-if-range)#switchport trunk allow vlan add 465,466
------增加vlan 465,466 通過,一定要加add,否則是替代不是增加
A-F5-2-01-A(config-if-range)#end
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface gi0/1
A-F5-2-01-A(config-if)#description connect to 4506   ---配置端口描述
A-F5-2-01-A(config-if)#exit
A-F5-2-01-A(config)#interface gi0/2
A-F5-2-01-A(config-if)#description connect to 4506   ---配置端口描述
 
A-F5-2-01-A(config-if)#exit
A-F5-2-01-A(config)#interface range fa0/1 – 2   ---同時配置1-2號端口
A-F5-2-01-A(config-if-range)#switchport mode trunk
A-F5-2-01-A(config-if-range)#no shutdown
A-F5-2-01-A(config-if-range)exit
A-F5-2-01-A(config)#interface range fa0/3
A-F5-2-01-A(config-if)#switchport mode access
A-F5-2-01-A(config-if)#no shutdown
A-F5-2-01-A(config)#interface fa0/1
A-F5-2-01-A(config-if)#description connect to A-F5-2-01-B  ---端口描述
A-F5-2-01-A(config-if)#interface fa0/2  ----此模式下可直接從1端口跳到2端口進行配置
A-F5-2-01-A(config-if)#description connect to A-F5-2-01-C
A-F5-2-01-A(config-if)#interface fa0/3
A-F5-2-01-A(config-if)#description connect to A-F5-2-01-D
A-F5-2-01-A#
6.配置普通端口assess模式,把普通端口加入vlan
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface range fastEthernet0/4 – 24  ---同時配置4-24號端口
A-F5-2-01-A(config-if-range)#switchport mode access
A-F5-2-01-A(config-if-range)#end
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface range fa0/3
A-F5-2-01-A(config-if)#switchport access vlan 465   ---1-3端口加入vlan465
A-F5-2-01-A(config-if-range)#interface range fa0/4 -24
A-F5-2-01-A(config-if-range)#switchport access vlan 456   ---4-24端口加入vlan456
A-F5-2-01-A(config-if-range)#end
A-F5-2-01-A#
7.配置廣播風暴,多播風暴,配置
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface range fa0/2 – 24
A-F5-2-01-A(config-if-range)#storm-control bro
A-F5-2-01-A(config-if-range)#storm-control broadcast level 2  ---配置廣播風暴
A-F5-2-01-A(config-if-range)#storm-control multicast level 2   ---配置多播風暴
A-F5-2-01-A(config-if-range)#storm-control action shutdown  ---超過限制自動down
A-F5-2-01-A(config-if-range)#end
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface range fastEthernet0/4 – 24
A-F5-2-01-A(config-if-range)#spanning-tree portfast   ---配置spantree
A-F5-2-01-A(config-if-range)#spanning-tree bpduguard enable   ---配置spantree
A-F5-2-01-A (config-if-range)#end
8.配置允許兩個MAC地址通過端口
A-F5-2-01-A#conf t
A-F5-2-01-A(config)#interface range fa0/4 -24
A-F5-2-01-A(config-if-range)#switchport port-security  ---先啟用port-security
A-F5-2-01-A(config-if-range)#switchport port-security maximum 2
------配置允許2MAC地址通過,默認為一個
9.配置802.1X協議
A-F5-2-01-A#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
A-F5-2-01-A(config-if-range)#dot1x port-control auto  ---配置成自動
A-F5-2-01-A(config-if-range)#dot1x timeout tx-period 15  ---配置連接15s
A-F5-2-01-A(config-if-range)#dot1x timeout server-timeout 30
A-F5-2-01-A(config-if-range)#end
A-F5-2-01-A#wr
 
 
A-F5-2-01-A#show running-config
Building configuration...
 
Current configuration : 8524 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname A-F5-2-01-A
!
enable secret 5 $1$0A9M$TeUTsDGC2MeDZnH8S6l7C/   ---加密了的secret密碼
enable password switch   ---enable密碼
!
username XXX privilege 15 password 0 XXX  ---登入賬號及密碼
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1    ---連接cisco交換機(廣播、多播風暴在下層交換機端口上設置)
 description connect to A-F5-2-01-B
 switchport mode trunk
 storm-control action shutdown
!
interface FastEthernet0/2
 description connect to A-F5-2-01-C   ---連接asus 2024B交換機
 switchport mode trunk
 storm-control broadcast level 2.00
 storm-control multicast level 2.00
 storm-control action shutdown
!
interface FastEthernet0/3   ---連接hub ,此端口設置成access模式,
 description connect to A-F5-2-01-D
 switchport access vlan 465  ---假如465VIP,則下面hub下端口都是VIP
 switchport mode access
 storm-control broadcast level 2.00
 storm-control multicast level 2.00
 storm-control action shutdown
!
interface FastEthernet0/4
 switchport access vlan 456
 switchport mode access    ---端口所處模式,此模式不可接交換機,可接HUB
switchport port-security    ---啟用port-security,默認不啟用
 switchport port-security maximum 2   ---允許通過2MAC地址
 storm-control broadcast level 2.00   ---配置廣播風暴
 storm-control multicast level 2.00  ---配置多播風暴
 storm-control action shutdown   ---超過上面的限制自動down
 dot1x port-control auto    ---802.1X協議
 dot1x timeout tx-period 15
 spanning-tree portfast   ---配置spanning-tree協議
 spanning-tree bpduguard enable
!
……
!
interface FastEthernet0/24
 switchport access vlan 456
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 storm-control broadcast level 2.00
 storm-control multicast level 2.00
 storm-control action shutdown
 dot1x port-control auto
 dot1x timeout tx-period 15
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description connect to 4506
 switchport trunk allowed vlan 455,456,465,466
 switchport mode trunk
!
interface GigabitEthernet0/2
 description connect to 4506
 switchport trunk allowed vlan 455,456,465,466
 switchport mode trunk
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan455
 ip address 192.168.1.1 255.255.255.0   ---管理IP
 no ip route-cache
!
ip default-gateway192.168.1.250  ---網關
ip http server
!
line con 0  --- console連接
 logging synchronous
 login
line vty 0 4   ---vty連接
 password switch   ---vty連接密碼
 login
line vty 5 15
 login
!
!
end