三层交换机综合配置.doc

cisco交换机端口聚合、VTP、ACL配置实例 2010-07-23 16:32:56标签：ACL cisco VTP 实例 端口推送到技术圈 网络拓扑： * 基本配置 *SW1 en ；进入特权模式SW1# conf t ；进入全局配置模式SW1(config)# hostname SW1 ；设置交换机的主机名SW1(config)# enable secret cisco ；设置特权加密口令SW1(config)# enable password cisco ；设置特权非密口令SW1(config)# line console 0 ；进入控制台口SW1(config-line)# login ；允许登录SW1(config-line)# password cisco1 ；设置登录口令xxSW1(config)# line vty 0 4 ；进入虚拟终端SW1(config-line)# login ；允许登录SW1(config-line)# password cisco2 ；设置登录口令xxSW1# exit ；返回命令* 链路聚合 *SW1：2960interface Port-channel 1description Channel group member f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/1 - 2description Connect to SW5 on port f0/1-2switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 1 mode desirableswitchport trunk allowed vlan allSW2：2960interface Port-channel 2description Channel group member f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/1 - 2description Connect to SW5 on port f0/3-4switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 2 mode desirableswitchport trunk allowed vlan allSW3：2960interface Port-channel 3description Channel group member f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/1 - 2description Connect to SW5 on port f0/5-6switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 3 mode desirableswitchport trunk allowed vlan allSW4：2960interface Port-channel 4description Channel group member f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/1 - 2description Connect to SW5 on port f0/7-8switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 4 mode desirableswitchport trunk allowed vlan allSW5: 3560interface Port-channel 1description Channel group member SW1 f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/1 - 2description Connect to SW1 on port f0/1-2switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 1 mode autoswitchport trunk allowed vlan allinterface Port-channel 2description Channel group member SW2 f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/3 - 4description Connect to SW2 on port f0/1-2switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 2 mode autoswitchport trunk allowed vlan allinterface Port-channel 3description Channel group member SW3 f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/5 - 6description Connect to SW3 on port f0/1-2switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 3 mode autoswitchport trunk allowed vlan allinterface Port-channel 4description Channel group member SW4 f0/1-2switchportswitchport trunk encapsulation dot1qswitchport mode trunkint ran f0/7 - 8description Connect to SW4 on port f0/1-2switchport trunk encapsulation dot1qswitchport mode trunkchannel-group 4 mode autoswitchport trunk allowed vlan allsh ip int bri* 配置VTP * SW5: 3560SW5#vlan database SW5(vlan)#vtp serverDevice mode already VTP SERVER.SW5(vlan)#vtp domain tianyuChanging VTP domain name from NULL to tianyuSW5(vlan)#vtp password ciscoSetting device VLAN database password to ciscoSW5(vlan)#exitAPPLY completed.Exiting.SW1：2960SW1#vlan database SW1(vlan)#vtp client Setting device to VTP CLIENT mode.SW1(vlan)#vtp domain tianyuDomain name already set to tianyu .SW1(vlan)#vtp password ciscoSetting device VLAN database password to cisco.SW1(vlan)#vlan 3 name dbSW1(vlan)#vlan 4 name platformSW1(vlan)#vlan 5 name webSW1(vlan)#endSW1(config)#int range f0/3 - 8SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 3SW1(config-if-range)#no sh SW1(config-if-range)#exitSW1(config)#int ran f0/9 - 14SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 4SW1(config-if-range)#no sh SW1(config-if-range)#exitSW1(config)#int ran f0/15 - 24SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 5SW1(config-if-range)#no shSW1(config-if-range)#exitSW2：2960SW2#vlan database SW2(vlan)#vtp client Setting device to VTP CLIENT mode.SW2(vlan)#vtp domain tianyuDomain name already set to tianyu .SW2(vlan)#vtp password ciscoSetting device VLAN database password to cisco.SW2(config)#int range f0/3 - 8SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 3SW2(config-if-range)#no sh SW2(config-if-range)#exitSW2(config)#int ran f0/9 - 14SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 4SW2(config-if-range)#no sh SW2(config-if-range)#exitSW2(config)#int ran f0/15 - 24SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 5SW2(config-if-range)#no shSW2(config-if-range)#exit/*SW3、SW4也类似的配置*/SW5: 3560SW5(config)#ip routing SW5(config)#int vlan 3SW5(config-if)#ip add 192.168.3.1 255.255.255.0SW5(config-if)#no shSW5(config-if)#exitSW5(config)#int vlan 4SW5(config-if)#ip add 192.168.4.1 255.255.255.0SW5(config-if)#no shSW5(config-if)#exitSW5(config)#int vlan 5SW5(config-if)#ip add 192.168.5.1 255.255.255.0SW5(config-if)#no shSW5(config-if)#exitsh ip routesh vtp statsh vlan brish int tr* 配置ACL */*vlan3与vlan5之间互访，vlan4与vlan5之间互访，禁止vlan3与vlan4之间互访*/SW5(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255SW5(config)# access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255SW5(config)# access-list 103 permit ip 192.168.5.0 0.0.0.255 0.0.0.0 255.255.255.255* 应用ACL至VLAN端口 *SW5(config)# int vlan 3SW5(config-if)# ip access-group 101 in SW5(config