大赛人网站

注册

 

返回列表 12
发新话题 回复该主题
查看: 2136|回复: 10

神州数码交换机路由器学生总结 [复制链接]

admin
头像

admin

  • 管理员
  • 2010-11-10
  • 73
  • 1139
  • 2003-12-30
1#
t T
发表于 2009-06-11 23:46 |只看楼主

交换机


1.声明vlan and给vlan分配IP
       vlan [编号]                                                                    //vlan 10


       Sw I e 0/0/[编号-编号]                                                  //sw I e 0/0/1-10s
       in vlan [编号]                                                                //in vlan 10
       ip add [IP地址] [子网掩码]                                           //ip add 192.168.1.1 255.255.255.0


2.静态路由


       Ip route 0.0.0.0 0.0.0.0 [下一跳IP]                          //ip route 0.0.0.0 0.0.0.0 192.168.1.2


3.RIP协议路由


       以Vlan方法


              Router rip                                                


              Network [自己的vlan ]                                           //network vlan 10


       以IP方法


              Router rip


              Network [ip 段]


4.ospf协议路由


       以Vlan方法


              Router ospf


              Int vlan [编号]                                                        //int vlan 10


              Ip ospf enable area [编号]                                 //ip ospf enable area 0


       以IP方法


              Router ospf


              Network [自己的IP]/[网关] area 0                           //network 192.168.1.1/24 area 0


5.telnet开启


       telnet-server enable


       telnet-user [用户] password 0 [密码]


6.stp生成树协议


       spanning-tree mode stp


7.链路聚合(手工)


       spanning-tree mode mstp                                                //开启mstp生成树协议


       port-group [编号]                                                          // port-group 1


       int e 0/0/[做链路的那几个端口号]                                  //int 0/0/1-2


       port-group [编号] mode on                                             // port-group 1 mode on


8. 链路聚合(LACP动态生成)


       spanning-tree mode mstp


       port-group [编号]


       (交换机A的配置)port-group [编号] mode active


       (交换机B的配置)port-group [编号] mode passive


9.trunk


       Int e 0/0/[端口]


       Sw mode trunk                                                              //设置为trunk


       Sw trunk allowed vlan all                                                //划分到所有vlan


 


 


 


10.Mac地址和端口绑定(单个)


Int e  0/0/[端口]


Sw port-security


sw port-security mac-address [mac地址]


11. Mac地址和端口绑定(多个)


       Int e 0/0/[端口]


       Sw port-security maximum [安全mac地址个数如:3]


sw port-security mac-address [mac地址]


sw port-security mac-address [mac地址]


sw port-security mac-address [mac地址]


12. Mac地址和端口绑定(动态学习)


       Int e 0/0/[端口]


       Sw port-security maximum


       Sw port-security maximum lock


       Sw port-security maximum convert


13.mac地址表绑定


       mac-address-table static address [mac地址] vlan [编号] int e 0/0/[编号]


       //解释: 让mac地址只能在指定vlan中的指定端口中使用,其他的都不能使用(未测试)


14.mac地址过滤


       mac-address-table blackhole address [mac地址] vlan [编号]


       //解释: 让mac地址在指定vlan中不能使用(未测试)


15.用am来绑定ip和mac


       Am enable


       Int e 0/0/[端口]


       Am mac-ip-pool [mac地址] [IP地址]


       //验证方法: show am


       //解锁:no am port


16.dhcp配置


       Service dhcp


       Ip dhcp pool [地址池名]


       Network-address [IP段如:192.168.1.0] [掩码数如:24]


       Lease [租用天数]


       Default-router [网关IP]


       Dns-server [DNS 的IP]


              



⊙该文章转自[大赛人网站(技能大赛技术资源网)-DasaiRen.com] 原文链接:http://www.dasairen.com/Article/wlsb/dcnetworks/569.html
分享 转发
全国技能大赛技术资源网(www.dasairen.com)-大赛人网站
TOP
admin
头像

admin

  • 管理员
  • 2010-11-10
  • 73
  • 1139
  • 2003-12-30
2#
t T
发表于 2009-06-11 23:48 |只看楼主

 接上面的内容 


 17.ACL IP访问控制


       Ip access-list standard test


       Deny 192.168.1.100.0 0.0.0.0.255                                                 //禁止IP段访问


       Deny 192.168.200.11 0.0.0.0                                                  //禁止单个IP访问


       Deny tcp 192.168.200.0 0.0.0.255 any-destination d-port 23           //拒绝IP段telnet数据


       Permit 192.168.1.100.0 0.0.0.0.255                                        //允许IP段访问


       Deny 192.168.200.11 0.0.0.0                                                  //允许IP访问


       //下面2条是开启ACL


       Firewall enable


Firewall default permit


       //绑定ACL到各个端口


       Int e 0/0/[端口]


       Ip access-group test in


       //验证方法


       Show access-group      


18. web管理


       Ip http sever                                                                         //开启web服务


       Web-user [用户名] password 0 [密码]                                         //添加管理用户


路由器


1.                                                 进入端口给端口分配IP


a)                                                                 Int [段口]


b)                                                                Ip add [ip] [子网掩码]


c)                                                                No shu


2.静态路由


       Ip route 0.0.0.0 0.0.0.0 [下一跳IP]                          //ip route 0.0.0.0 0.0.0.0 192.168.1.2


3.RIP协议路由


       Router rip


       Network [ip 段]


4.ospf协议路由


       Router ospf [进程号如:1]


       Network [自己的IP段] [子网掩码] area [区域号如:0]


5.telnet开启


       Username [用户名] password [密码]


       Aaa authentication login [用户名] local


       Line vty 0 4


       Login authentication [刚刚那个用户名]


 


 


6.ppp协议


       Enc ppp


7.时钟平率


       Ph sp 64000


8.web访问


       Username [用户] password 0 [密码]                                              //添加用户


       ip http webm-type [web配置方式]                                                //选择方式.高级,典型,向导


       ip http port [端口]                                                                        //配置web端口


 


9.hdlc


       //和PPP差不多,都在端口中配置


       Enc hdlc


 
全国技能大赛技术资源网(www.dasairen.com)-大赛人网站
TOP
admin
头像

admin

  • 管理员
  • 2010-11-10
  • 73
  • 1139
  • 2003-12-30
3#
t T
发表于 2009-06-11 23:48 |只看楼主

接上面的内容

10.dhcp


       Ip dhcp pool [地址池名如:1]


       Network 192.168.2.0 255.255.255.0                                             //定义网络段


       Range 192.168.2.10 192.168.2.20                                                  //定义地址范围


       Default-router [IP]                                                                       //配置网关


       Dns-sever [ip]                                                                              //配置NDS的IP


       Lease [天数]                                                                                //租用天数


       //退回配置模式(config)


       Ip dhcpd enable                                                                            //开启dhcp


      


11.nat


       Router-A_config#Ip access-list standard [访问控制名如:1]                     //定义访问控制列表


       Router-A_config_sta_nacl#Permit [IP 段] [子网掩码]                    //定义允许转换的源地址范围


              //如:permit 192.168.10.0 255.255.255.0


       Router-A_config#ip nat pool [转换地址池名如:xh]  [起始IP] [结束IP] [子网掩码]


       Router-A_config#ip nat inside soure list [刚刚定义的访问控制名] pool [刚刚转换地址池名] overload


              //配置将ACL允许的源地址转换成overld 中的地址,并且做pat复用地址


       Router-A_config#int f0/0


       Router-A_config_f0/0#ip nat inside                                                //定义内部接口


       Router-A_config# int s0/2


       Router-A_config_ s0/2#ip nat outside                                             //定义外部接口


  


12.vpn(L2TP/PPTP)的配置                             //A到B的数据传输实例


       ROUTER-A的配置


              Int virtual-tunnel 0


              Ip add 172.16.1.2 255.255.255.0


              Ppp chap host test@dcn.net


              Ppp chap password [密码]


              //退回配置模式(config)


              Vpdn enable


              Vpdn-group 0


              Request-dialin


              Initiate-to ip 192.168.1.2 priority 1


              Protocol 12tp


              Domain dcn.net


              //退回配置模式(config)


              Ip route 192.168.2.0 255.255.255.0 virtual-tunel 0


       ROUTER-B的配置
全国技能大赛技术资源网(www.dasairen.com)-大赛人网站
TOP
admin
头像

admin

  • 管理员
  • 2010-11-10
  • 73
  • 1139
  • 2003-12-30
4#
t T
发表于 2009-06-12 00:06 |只看楼主

可能有点乱,大家自己整理,这几天在监考高考和中考,没得时间.
全国技能大赛技术资源网(www.dasairen.com)-大赛人网站
TOP
zero
头像

zero

  • 新手上路
  • 2010-11-10
  • 45
  • 422
  • 2009-11-02
5#
t T
发表于 2009-11-17 08:40 |只看该用户

15.用am来绑定ip和mac


       Am enable


       Int e 0/0/[端口]


       Am mac-ip-pool [mac地址] [IP地址]


       //验证方法: show am


       //解锁:no am port



不行..没有AM
TOP
lixinhe
头像

lixinhe

  • 新手上路
  • 2010-11-10
  • 4
  • 137
  • 2009-11-30
6#
t T
发表于 2009-11-30 22:17 |只看该用户

am 功能在二层交换机才有 三层交换机没有
TOP
a746342002
头像

a746342002

  • 新手上路
  • 2010-11-10
  • 1
  • 65
  • 2009-12-22
7#
t T
发表于 2009-12-22 20:39 |只看该用户

我刚上来,希望各多多关照啊!!
TOP
administrator
头像

administrator

  • 新手上路
  • 2010-11-10
  • 2
  • 76
  • 2009-12-27
8#
t T
发表于 2009-12-27 10:51 |只看该用户

各位朋友:
      我是新手上路,以后请多多关照哦!
      NAT和OSPF,ACL具体怎么设置?
      求助?谢谢!
TOP
zmboy
头像

zmboy

  • 版主
  • 2010-11-10
  • 43
  • 281
  • 2010-03-07
9#
t T
发表于 2010-03-12 14:58 |只看该用户

一定!希望大家有资料多共享一下!谢谢!
TOP
上一主题| 下一主题
返回列表 12
发新话题 回复该主题
高级编辑器高级编辑器