第六次课
配置速端口
进入接口模式
SwitchX(config-if)#
spanning-tree portfast 给一个端口配置速端口
或者
spanning-tree portfast default 只要不是中继端口,都会变成速端口
show running-config interface interface 查看接口配置
PVRST+配置
1、启用
2、指定配置一个交换机作为根桥
3、指定配置一个交换机作为次根桥
4、检验
SwitchX(config)#
spanning-tree mode rapid-pvst 配置
spanning-tree mode?
show spanning-tree vlan vlan# [detail] 检验
debug spanning-tree pvst+ 打开生成树调试信息debug
配置根桥和次根桥---------针对交换机A
SwitchA(config)#
spanning-tree vlan 1 root primary 把交换机A配成vlan1的主根桥
此命令更改交换机的优先级,强制交换机成为根桥
SwitchA(config)#
spanning-tree vlan 2 root secondary 把交换机A配成vlan2的次根桥spanning-tree vlan # priority priority 手动指定优先级,以4096的倍数增加或减少优先级为什么以4096的倍数增加或减少?
查看交换机A的邻居
A#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
B Fas 0/13 146 R S I 3640 Fas 0/13
C Fas 0/15 149 R S I 3640 Fas 0/15
D Fas 0/14 150 R S I 3640 Fas 0/15
no ip routing 禁止路由功能
r1
int e0/0
no shut
int e0/0.1
encapsulation dot1Q 2
ip add 1.1.1.1 255.255.255.0
int e0/0.2
encapsulation dot1Q 12
ip add 2.2.2.1 255.255.255.0
r3
int e0/3
ip add 1.1.1.3 255.255.255.0
no shut
r4
int e0/3
ip add 1.1.1.4 255.255.255.0
sw1
sw1#sh interfaces f0/0 switchport
Name: Fa0/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1-2,12
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
sw1#sh interfaces f0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Disabled
Access Mode VLAN: 2 (VLAN0002) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL
Trunking VLANs Active: 2
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
ACL Access Control Lists
访问控制列表相当于路由上的防火墙
软件控制方式
作用:过滤和分类
标识ACL
配置ACL
RouterX(config)#access-list access-list-number
{permit | deny | remark} source [mask]
使用remark加注释
source:源地址
mask:反码
RouterX(config-if)#
ip access-group access-list-number {in | out}
in:入站
out:出站
例子:
RouterX(config)# access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0 255.255.255.255)
RouterX(config)# interface ethernet 0
RouterX(config-if)# ip access-group 1 out
RouterX(config)# interface ethernet 1
RouterX(config-if)# ip access-group 1 out
NAT
RouterX(config-if)# ip nat inside
RouterX(config-if)# ip nat outside
RouterX(config)# ip nat inside source static local-ip global-ip RouterX# show ip nat translations
标准ACL控制vty访问
RouterX(config-line)#
access-class access-list-number {in | out} 例子:
access-list 12 permit 192.168.1.0 0.0.0.255 (implicit deny any)
!
line vty 0 4
access-class 12 in
扩展ACL
RouterX(config)#
access-list access-list-number {permit | deny} protocol source source-wildcard [operator port] destination destination-wildcard [operator port] [established] [log]
RouterX(config-if)#
ip access-group access-list-number {in | out}
access-list 10 permit 1.1.1.3 0.0.0.0 int e0/0.1
ip access-group 10 in