CCNA-lab-v1
LAB 1 –基本配置
1. 用户模式
Router>
2. Router> enable //在用户模式输入enable进入到特权模式
Router#
3. Router# ? //输入问号看帮助
4. Router# disable //特权模式输入disable或exit退到用户模式
Router# configure terminal //特权模式输入configure terminal进入全局配置模式
Router(config)# //全局配置模式,Ctrl+z退出
5.Router#show privilege
Current privilege level is 15
Router(config)#enabel password cisco
Router(config)#privilege exec level 5 configure terminal//把Configure terminal命令指派给level 5的用户使用
Router(config)#privilege exec level 5 show running-config//把show run命令指派给level 5的用户使用
比较路由器在不同模式下的提示符。
1. 用户模式(User EXEC Mode)Router>
2. 特权模式(Privileged EXEC Mode)Router#
3. 全局配置模式(Global configuration mode)Router(config)#
4. 路由配置模式(Router configuration mode)Router(config-router)#
5. 端口配置模式(Interface configuration mode)Router(config-if)#
6. 为路由器设置主机名:
Router# config t //”config terminal”的简写,进入全局配置模式
Router(config)# hostname Router1 // 把该路由器命名为Router1
注意:如果名字含有空格的话,要用双引号括起来。
7.接口描述
Router((config-if)#interface FastEthernet0/0
Router(config-if)#description connet_to_Building1
8. 配置路由器的密码:
配置console接口密码:
RACK08R1 (config)#line console 0 //全局模式下输入line console 0,进入console 口配置。
RACK08R1 (config-line)#password cisco //把cisco设置成为console口的密码
配置enable 密码//从用户模式到特权模式的密码
问题A: when both encrypted and unencrypted enable passwords are configured, which one is used?
RACK08R1(config)# enable password cisco//密码显示为明文
R1(config)# enable secret ccna//密码是加密的,显示为乱码,用命令show running-config 可以看到enable password密码cisco为明文, enable secret密码为enable secret 5
$1$OEVl$KO40QFSZAtwd/9FeEAfAp0显示为乱码,可见,enable password设置的密码是不安全的,
当同时配了enable secret和enable password的时候,后者就失效了,进入特权模式的时候,只需输入enable secret 的密码即可,但两个密码的字符不可以配置成一样。
配置vty密码//远程登陆路由器或交换机的telnet 的密码
RACK08R1(config)#line vty 0 4 //全局模式下输入line vty 0 4,进入vty线路配置。
RACK08R1(config-line)#login //要求用户登陆认证
// RACK08R1(config-line)#no login //不要求用户登陆认证
RACK08R1(config-line)#password cisco ////把cisco设置成为VTY0到4号线路的密码9. 配置路由器接口FastEthernet0/0的IP address:
RACK08R1>enable
RACK08R1#configure terminal
RACK08R1(config)#interface FastEthernet0/0 //进入接口配置模式
RACK08R1(config-if)#ip address 8.8.12.1 255.255.255.0 //为接口配置IP地址
RACK08R1(config-if)#ip address 8.8.13.1 255.255.255.0 second//为接口配置辅助IP地址RACK08R1(config-if)#no shutdown //用SHUTDOWN命令NO 的形式,打开端口
10. 配置路由器接口Serial0/0/0的IP address:
RACK08R1(config-if)# int serial 0
RACK08R1(config-if)# ip address 8.8.21.1 255.255.255.0
RACK08R1(config-if)# no shutdown
Router#sh controllers serial 1/1 //验证接口电缆类型DTE或DCE
cable type : V.11 (X.21) DCE cable
RACK08R1(config-if)# clock rate 64000 //为DCE接口指定时钟同步速率。
如果RACK08R1的S0/0/0 //用clock rate接口配置命令配置网络接口模块(NIM)和接口处理器等串行接口上硬件连接的时钟速率,设置为可接受的位速率,记住,如果电缆太长,则最高速度可能达不到,另外,超过每秒148000位的速度对EIA/TIA-232信号太快。建议同步串行EIA/TIA-232信号只用64000位/秒以内的速度。要使用更高速度,用EIA/TIA-449或V.35。
11. 测试ctrl-z和EXIT的作用
RACK08R1(config-if)# ctrl-z //任何模式下输入ctrl-z都会退回到特权模式
RACK08R1(config-if)# exit //返回上一级模式
12. 退出路由器
RACK08R1# logout //完全退出路由器
13.显示接口关于IP的摘要信息
RACK08R1# show ip interface brief
14. 显示详细信息:show interface +接口类型+接口偏号
RACK08R1# show interfaces FastEthernet0/0 或是show interface serial 0/0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Lance, address is 0001.642e.9301 (bia 0001.642e.9301)
Internet address is 8.8.12.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
(以下省去)
15.显示内存信息(也就是路由器正在运行的配置):
RACK08R1# show running-config //显示当前已经生效且正在使用的配置
16. 显示NVRAM
RACK08R1# show startup-config //显示已经保存在NVRAM内存中的配置,路由器关闭电源后,下一次正常启动将要加载这个配置文件到RAM中,成为running-config
17. 保存配置到NVRAM中:
RACK08R1# copy running-config startup-config
或是RACK08R1#write
保存配置:copy running-config startup-config等同于write
18. 使用Show version:
RACK08R1# show version
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(14)T7, RELEASE SOFTWARE (fc2) # IOS的版本
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.
3 interface(s)
2 Low-speed serial(sync/async) network interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102 #寄存器的值
0x2102 //加载startup-config配置文件
0x2142 //启动设备是不加载startup-config配置文件
19. 查看运行的协议
问题A:which protocols are currently running on the router?
RACK08R1# show ip protocols
20. 配置登陆信息Banner
banner 在特定的时间或场景中显示提示信息
LINE c banner-text c, where 'c' is a delimiting character //默认提示信息以第一个字符c开头引导,中间是提示信息,第二个字符c是结束字符,不管它是不是在文本的最后!
exec Set EXEC process creation banner //在登录成功后显示的提示信息
incoming Set incoming terminal line banner //与exec作用相同,用在反向telnet中
login Set login banner //连接以后显示,紧跟在motd以后
motd Set Message of the Day banner //连接后显示
prompt-timeout Set Message for login authentication timeout 远程连接后登录提示框(不输入任何东西)超时提示
slip-ppp Set Message for SLIP/PPP //在点对点协议连接时使用
例如
banner motd cwelcomec
显示为wel
默认情况下c提示符多有不便,但可以改变为自定义字符
banner motd #
Enter TEXT message. End with the character '#'.
#Unauthorized access will be held accountable by law
显示为Unauthorized access will be held accountable by law
变量引用
banner slip-ppp %
Enter TEXT message. End with the character '%'.
Starting $(encap) connection from $(gate-ip) to $(peer-ip) using a maximum packet size
of $(mtu) bytes... %
Starting SLIP connection from 192.168.69.96 to 172.16.80.8 using a maximum packet size
of 1500 bytes...
21. 退出路由器,重新登录.
RACK08R1# logout
enter
password: cisco
RACK08R1> enable
password: cisco
显示为Unauthorized access will be held accountable by law
22. 在RACK08R1上做名称解析,将RACK08R2和8.8.12.2关联起来(相当于Windows 里的Hosts文件的作用)。
RACK08R1(config)# ip host RACK08R2 12.1.1.2
23. 检查RACK08R1中主机名和IP地址的对应.
RACK08R1# show hosts
22. Ping …RACK08R2?看是否成功.
RACK08R1# ping RACK08R2
24.显示RACK08R2上的Flash.
问题A: what is the name of the IOS image in flash and how large is it?
RACK08R2# show flash
RACK08R2#show flash:
System flash directory:
File Length Name/status
1 1383203
2 c1841-ipbase-mz.123-14.T7.bin
[13832032 bytes used, 18682016 available, 32514048 total]
32768K bytes of processor board System flash (Read/Write)
RACK08R2#
25. 显示RACK08R1上曾经输入的命令,可以看到前10条,可以通过Ctrl+P或向上箭头重唤这些命令.
RACK08R1# show history
RACK08R1# ctrl-p (to see previously entered commands)
26. RACK08R1# show interfaces serial 0/0/0
RACK08R1# configure terminal
RACK08R1(config)# interface serial 0/0/0
Ctrl+A 移动光标到首字符
Ctrl+E移动光标到末尾字符
Ctrl+B向左移动光标一个字符
Ctrl+F向右移动光标一个字符
27验证两条常用命令的作用:
(1)设定console会话超时时间
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0 //表示永不超时
(2)同步发送到console口的日志消息,使其自动换行
Router(config)#line console 0
Router(config-line)#logging synchronous
LAB 2 – CDP(CISCO的发现协议)
RACK08R1#show cdp ?
entry Information for specific neighbor entry
interface CDP interface status and configuration
neighbors CDP neighbor entries
traffic CDP statistics
2. 在RACK08R1.显示CDP邻居
RACK08R1# show cdp neighbors
3. 显示邻居的详细信息.
RACK08R1# show cdp neighbors detail
RACK08R1# show cdp entry *
4. 查看那个接口运行CDP.
RACK08R1# show cdp interface
5.在RACK08R1,改变CDP的计时器.
RACK08R1(config)# cdp timer 50
RACK08R1(config)# cdp holdtime 170
RACK08R1(config)# exit
RACK08R1# sh cdp interface
6. 启用和禁用CDP
RACK08R1(config)#no cdp run //全局配置模式下,禁止路由器运行CDP协议RACK08R1#show cdp nei
RACK08R1#configure terminal
RACK08R1(config)#interface serial0/0/0
RACK08R1(config-if)#no cdp enable //接口配置模式下,禁止此接口运行CDP协议RACK08R1#show cdp interface //接口Serial0/0/0不能通过CDP协议发现直连的邻居
启用CDP
RACK08R1(config)#cdp run //全局配置模式下,启用路由器运行CDP协议
RACK08R1(config)#interface serial0/0/0
RACK08R1(config-if)#cdp enable //接口配置模式下,启用路由器运行CDP协议LAB 4 – TELNET
1. 基本配置
RACK08R1# config t
RACK08R1#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 64000
RACK08R1(config)# interface serial 0/0/0
RACK08R1(config-if)# no sh
RACK08R1(config-if)# clock rate 64000
RACK08R1(config-if)# ip add 8.8.12.1 255.255.255.0
RACK08R2# config t
RACK08R2(config)# interface serial 0/0/0
RACK08R2(config-if)# no show
RACK08R2(config-if)# ip add 8.8.12.2 255.255.255.0
RACK08R2(config-if)#end
2. 在RACK08R2上配置line vty的密码.
RACK08R2>
RACK08R2# config t
RACK08R2 (config)#line vty 0 4
RACK08R2 (config-line)#login
RACK08R2 (config-line)#password cisco
3. 在RACK08R1上使用telent登录到RACK08R2
RACK08R1# telnet 8.8.12.2
Trying 8.8.12.2 ...
User Access Verification
Password: //提示要输入line vty 的密码
RACK08R2> //显示为RACK08R2的用户配置模式,登录成功。
RACK08R2>show user
Line User Host(s) Idle Location
0 con 0 idle 00:01:47
* 66 vty 0 idle 00:00:00 8.8.12.1
//*表示当前使用的线路,它是vty 0,
4. 在RACK08R1>用户配置模式上输入CTRL-SHIFT-6 ,松开,接着输入X. 回到RACK08R1#提示符。
RACK08R1> ctrl-shift-6 x
RACK08R1#
RACK08R1# show sessions
Conn Host Address Byte Idle Conn Name
* 1 8.8.12.2 8.8.12.2 0 0 8.8.12.2
5. Telnet到RACK08R3.
RACK08R1# telnet 8.8.13.3
RACK08R3>
RACK08R3> ctrl-shift-6 x
RACK08R1#
RACK08R1# show sessions
6. 在RACK08R1上断开连接
RACK08R1# disconnect 2
RACK08R1# disconnect 1
RACK08R1# show sessions
Conn Host Address Byte Idle Conn Name
1 8.8.12.
2 8.8.12.2 0 0 8.8.12.2
* 2 8.8.13.3 8.8.13.3 0 0 8.8.13.3
7.在RACK08R2 和R3 上清除连接
Show session和show user的区别
Disconnect 和Clear line的区别
Ctrl+shift+6 x 和resume
Show session 查看打开了多少个telnet的会话
Show user 查看有谁通过telnet来连接我
Disconnect 清除由自己主动建立的连接
Clear line 清除由远端建立的连接
(Ctrl+shift+6)x telnet介面的切换
Resume 再次连接
LAB 5 – TFTP
在RACK08R1上配置:
RACK08R1#conf t
RACK08R1(config)#intface FastEthernet0/0
RACK08R1(config-if)#ip address 192.168.12.1 25.255.255.0
RACK08R1#ping 192.168.1.100 //tftp server的地址是192.168.1.100,tftp server在widndows 平台上安装cisco tftp软件可以实现。
RACK08R1# copy running-config tftp //把running-config里的配置备份到TFTP Server上RACK08R1# copy tftp startup-config //把TFTP Server里的配置文件下载到NVRAM
RACK08R1# copy tftp flash //把TFTP Server上的IOS文件,拷贝到flash中,升级路由器的IOS文件
RACK08R1#dir //查看flash中的IOS文件
Router#dir flash
Directory of flash:/
3 -rw- 33591768
c1841-advipservicesk9-mz.124-15.T1.bin (IOS的映像文件)
16777216 bytes total (11122776 bytes free)
LAB 6 – RIP V2
1路由器基本配置:
RACK08R1# config t
RACK08R1(config)# interface serial 0/0
RACK08R1(config-if)# no sh
RACK08R1(config-if)# clock rate 64000
RACK08R1(config-if)# ip add 12.1.1.1 255.255.255.0
RACK08R2# config t
RACK08R2(config)# interface serial 0/0
RACK08R1(config-if)# clock rate 64000
RACK08R2(config-if)# no sh
RACK08R2(config-if)# ip add 12.1.1.2 255.255.255.0
RACK08R2(config-if)#exit
RACK08R2(config)#interface fa0/0
RACK08R2(config-if)#ip add 23.1.1.2 255.255.255.0
RACK08R2(config-if)#no shut
RACK08R2(config-if)#end
R3# config t
R3(config)#interface fa0/0
R3(config-if)#ip add 23.1.1.3 255.255.255.0
R3(config-if)#no shut
R3(config-if)#end
RACK08R1(config)# router rip
RACK08R1(config-router)# version 2
RACK08R1(config-router)# no auto-summary
RACK08R1(config-router)# network 11.0.0.0
RACK08R2(config)# router rip
RACK08R2(config-router)# version 2
RACK08R2(config-router)# no auto-summary
RACK08R2(config-router)# network 12.0.0.0
RACK08R2(config-router)# network 23.0.0.0
R3(config)# router rip
R3(config-router)# version 2
R3(config-router)# no auto-summary
R3(config-router)# network 23.1.0.0
2. 在RACK08R1上使用sh ip protocols查看动态路由的信息
RACK08R1# show ip protocols
3.RACK08R1上有多少条路由?有几条是从RIP得到的?其他两台呢?a. RIP的管理距离是多少?
RACK08R1# show ip route
4.在RACK08R1, ping R3.
RACK08R2# ping 23.1.1.3
ping命令
如果ping的结果是!!!!!则表明网络正常.
..则表明网络不通.
如果ping的结果是…
如果ping的结果是U.U.U则表明下一跳不可达.
5. 使用cle ip route *清除路由表.
RACK08R1# clear ip route *
6. 在RACK08R1使用Debug命令,将可以看到路由器每30秒更新一次路由. RACK08R1# debug ip rip
7. 使用undebug all命令
RACK08R1#show debuging !检查目前打开了那些Debug命令
RACK08R1# undebug all !关掉所有打开的Debug命令
LAB 7 – EIGRP
1.基本接口配置
2.配置EIGRP
RACK08R1(config)# router eigrp 1
RACK08R1(config-router)# no auto-summary
RACK08R1(config-router)# network 1.1.1.0
RACK08R1(config-router)# network 12.0.0.0
RACK08R2(config)# router eigrp 1
RACK08R2(config-router)# no auto-summary
RACK08R2(config-router)# network 12.0.0.0
RACK08R2(config-router)# network 23.0.0.0
R3(config)# router eigrp 1
R3(config-router)# no auto-summary
R3(config-router)# network 23.0.0.0
R3(config-router)# network 3.3.3.0
3. 查看路由协议.
问题A: what is the maximum router hop count with EIGRP? router4# show ip protocols
EIGRP maximum hopcount 100
4.在RACK08R1上显示EIGRP 邻居.
RACK08R1# show ip eigrp neighbors
5.在RACK08R1是能够显示EIGRP包的发送和接受数量. RACK08R1# show ip eigrp traffic
6.在RACK08R1上显示EIGRP topology database.
问题A: what does the EIGRP topology database contain? RACK08R1# show ip eigrp topology
7. 在RACK08R2上显示路由
问题A: EIGRP的管理距离多少?
router4# show ip route
Distance: internal 90 external 170
8. 在ping R3.
RACK08R2# ping 33.1.1.3
RACK08R2# ping 13.1.1.3
9. RACK08R1# debug ip eigrp
(10^7/BW + Σdelay/10)*256=(6476+2500)*256= LAB 8 - OSPF
1.基本接口配置
2.配置RACK08R1的LOOPBACK地址作为ROUTER-ID interface loopback 0
ip adderss 1.1.1.1 255.255.255.0
配置RACK08R2的LOOPBACK地址作为ROUTER-ID interface loopback 0
ip adderss 2.2.2.2 255.255.255.0
配置R3的LOOPBACK地址作为ROUTER-ID
interface loopback 0
ip adderss 3.3.3.3 255.255.255.0
RACK08R1(config)# router ospf 1
RACK08R1(config-router)# router-id 1.1.1.1
RACK08R1(config-router)# network 1.1.1.0 0.0.0.255 area 0 RACK08R1(config-router)# network 12.1.1.0 0.0.0.255 area 0 RACK08R2(config)# router ospf 1
RACK08R2(config-router)# router-id 2.2.2.2
RACK08R2(config-router)# network 2.2.2.0 0.0.0.255 area 0 RACK08R2(config-router)# network 23.1.1.0 0.0.0.255 area 0 RACK08R2(config-router)# network 12.1.1.0 0.0.0.255 area 0 R3(config)# router ospf 1
R3(config-router)# router-id 3.3..3.3
R3(config-router)# network 23.1.1.0 0.0.0.255 area 0
R3(config-router)# network 3.3.3.0 0.0.0.255 area 0
3. 显示路由协议信息.
问题A: How frequently does OSPF send routing updates? RACK08R1# sh ip protocols
4.在RACK08R1上检查邻居.
RACK08R1# sh ip ospf neighbor
5.在RACK08R1检查运行OSPF的接口.
问题A: 10Mbps以太网接口中的COST是多少?
RACK08R1# sh ip ospf interface
6.在RACK08R1上检查ospf的拓扑(数据库).
RACK08R1# sh ip ospf database
5.在RACK08R1检查运行OSPF的接口.
7. 检查路由表.
问题A: OSPF的管理距离多少?
router4# show ip route
8. 在RACK08R2, ping R3.
RACK08R2# ping 33.1.1.3
RACK08R2# ping 13.1.1.3
LAB 9 - 2950交换机配置
1
Switch> enable
Switch# ?
Switch# disable
Switch>
3.
Switch> enable
Switch# configure terminal
Switchconfig)# hostname sw2950
sw2050(config)# exit
sw2950#
4. 检查运行配置
sw2950# show running-config
5. 保存配置
sw2950# copy running-config startup-config
sw2950# show startup-config
6. 删除配置,重起
sw2950# erase startup-config //删除NVRAM配置,命令和路由器是一样的sw2950# reload 重起路由器或是交换机
7.配置交换机的IP地址和默认网关
8.二层交换机的IP地址和网关只是为了方便来管理交换机而设置. Switch> enable
Switch # configure terminal
Switch (config)# hostname sw2950
sw2950(config)# enable password cisco
sw2950(config)# interface vlan1
sw2950(config-if)# ip address 192.168.10.19 255.255.255.0
sw2950(config-if)# no shutdown
sw2950(config-if)# exit
sw2950(config)# ip default-gateway 192.168.10.1 //配置交换机的网关
9. 检查交换机的管理地址
sw2950# show interface vlan1
设置交换机接口的双工模式:
SW2950(config)#interface fastEthernet 0/1
SW2950(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
SW2950(config-if)#duplex full 设置fastEthernet 0/1接口的双工模式为100M全双工
SW2950(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
auto Enable AUTO speed configuration
10.On switch3, issue the show interfaces command.
问题A: interface fa0/1的生成树状态是什么?
SW1#sh spanning-tree interface f1/1
Port 42 (FastEthernet1/1) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.42.
Designated root has priority 32768, address c202.0498.0000
Designated bridge has priority 32768, address c202.0498.0000
Designated port id is 128.42, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 204, received 1
问题B: fa0/2的双工模式是什么?
sw2950# show interfaces
sw2950# show version
11. 使用Show spanning-tree
问题A: 根网桥的网桥ID是多少?
问题B: fa0/1的COST是多少?
问题C: maxage 是多少?
问题D: hello间隔是多少?
sw2950# show spanning-tree //检查生成树状态的命令
SW1#sh spanning-tree brie
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address c202.0498.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address c202.0498.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
12.检查MAC地址表
sw2950# show mac-address-table
13. MAC地址的静态指定
sw2950(config)# mac-address-table static 4444-4444-4444 vlan 1 int fa0/5
sw2950(config)# exit
sw2950# show mac-address-table
LAB10 - 交换机端口安全配置
sw2950(config)# interface fa0/9
sw2950(config-if)# switchport port-security
sw2950(config-if)# switchport port-security maximum 1
sw2950(config-if)# switchport port-security mac-address-table 1111.1111.1111
SW2950(config-if)#switchport port-security violation protect/ restrict/ shutdown
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
LAB 13 -1 – VLANs and TRUNKING
1. 检查交换机上的VLAN,并创建VLAN
sw01# show vlan
Switch(config)#vlan 10 //全局配置模式下创建VLAN
Switch(config-vlan)#name sales
Switch(config-vlan)#exi
Switch(config)#vlan 20
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#name ENG
Switch(config-vlan)#end
Switch#sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24 10 sales active
20 HR active
30 ENG active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch(config)#int f0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/20
Switch(config-if)#switchport mo ac
Switch(config-if)#sw access vlan 20
Switch(config-if)#end
Vlan datebase模式下创建VLAN
Switch#vla database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 200 name MAN
VLAN 200 added:
Name: MAN
Switch(vlan)#vlan 100 name MER
VLAN 100 modified:
Name: MER
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#sh vlan brie
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 sales active Fa0/10
20 HR active Fa0/20
30 ENG active
100 MER active
200 MAN active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#
-------------------------------------------------------------------------------------------------------------------- 2. 配置Trunk
ISL封装方式:
Sw01(config)# interface fa0/1
sw01(config-if)# switchport mode trunk
Sw01(conifg-if)#swtichport trunk encapsulation isl !2950 交换机不能输入此命令缺省为dot1Q
sw01(config-if)# ctrl-z
sw01# show interface fa0/1 switchport
Sw01(config)# interface fa0/1
sw01(config-if)# switchport mode trunk
Sw01(conifg-if)#swtichport trunk encapsulation isl !2950 交换机不能输入此命令
sw01(config-if)# ctrl-z
sw01# show interface fa0/1 switchport
DOT1Q封装方式:
Sw01(config)# interface fa0/1
sw01(config-if)# switchport mode trunk
Sw01(conifg-if)#swtichport trunk encapsulation dot1q !2950 交换机不用输入此命令sw01(config-if)# ctrl-z
sw01# show interface fa0/1 switchport
Sw01(config)# interface fa0/1
sw01(config-if)# switchport mode trunk
Sw01(conifg-if)#swtichport trunk encapsulation isl !2950 交换机不用输入此命令
sw01(config-if)# ctrl-z
sw01# show interface fa0/1 switchport
3. 配置VTP(两种方法)
第一种:
sw01# vlan database
sw01(vlan)# vtp domain togogo
sw01(vlan)#vtp server
sw01(vlan)# ctrl-z
sw01# show vtp status
第二种:
sw01(config)#vtp domain togogo
sw01(vlan)#vtp mode server
sw01(config)#end
sw01#show vtp status
sw02# vlan database
sw02(vlan)# vtp domain togogo
sw02(vlan)#vtp client
sw02(vlan)# ctrl-z
sw02# show vtp status
4.创建Vlan
sw01# vlan database
sw01(vlan)# vlan 2 name vlan2
sw01(vlan)# vlan 3 name vlan3
sw01(vlan)# exit
sw01# show vlan
在sw02上检查Vlan,应该可以看到Vlan 2,3
Sw02#show vlan
5. 在sw01上将f0/4加入Vlan2,在Sw02上将f0/6加入Vlan2,将f0/10加入Vlan3 Sw01(config)# interface fa0/4
Sw01 (config-if)# switchport mode access
Sw01 (config-if)# switchport access vlan 2
Sw02(config)# interface fa0/6
Sw02(config-if)# switchport mode access
Sw02(config-if)# switchport access vlan 2
Sw02(config)# interface fa0/10
Sw02(config-if)# switchport mode access
Sw02(config-if)# switchport access vlan 3
Sw02(config-if)# ctrl-z
2950swx# show vlan
6.配置RACK08R1、RACK08R2和R3的IP
RACK08R1(config)#interface e0
RACK08R1(config-if)#ip add 1.1.1.1
RACK08R2(config)#interface e0
RACK08R2(config-if)#ip add 1.1.1.2
R3(config)#interface e0
R3(config-if)#ip add 1.1.1.3
7. 测试
在RACK08R1上能ping通1.1.1.2,不能ping 通1.1.1.3
RACK08R1#ping 1.1.1.2
RACK08R1#ping 1.1.1.3
LAB 13 –2 VLAN间路由
配置单臂路由[路由器配置]
Router>enable
Router#conf
Router#configure t
Router#configure terminal
Router(config)#hostname RACK08R2610
RACK08R2610(config)#interface e0/0
RACK08R2610(config-if)#no shutdown
RACK08R2610(config-if)#no ip address
RACK08R2610(config-if)#exit
RACK08R2610(config)#interface e0/0.2
RACK08R2610(config-subif)#encapsulation dot1Q 2
RACK08R2610(config-subif)#ip add 2.1.1.1 255.255.255.0 RACK08R2610(config)#int e0/0.3
RACK08R2610(config-subif)#encapsulation dot1Q 3
RACK08R2610(config-subif)#ip add 3.1.1.1 255.255.255.0 RACK08R2610(config-subif)#exit
RACK08R2610(config-subif)#encapsulation dot1Q 4
RACK08R2610(config-subif)#ip add 4.1.1.1 255.255.255.0 RACK08R2610(config-subif)#end
RACK08R2610#
交换机配置:
Switch>enable
Switch#configure terminal
Switch(config)#host sw2950
sw2950(config)#int f0/24
sw2950(config-if)#switchport mode trunk
sw2950(config-if)#exit
sw2950(config)#vlan 2
sw2950(config-vlan)#name VLAN2
sw2950(config-vlan)#exit
sw2950(config)#vlan 3
sw2950(config-vlan)#name VLAN3
sw2950(config-vlan)#exit
sw2950(config)#vlan 4
sw2950(config-vlan)#name VLAN4
sw2950(config-vlan)#exi
sw2950(config)#int range f0/1 - 6
sw2950(config-if-range)#switchport mode access
sw2950(config-if-range)#switchport access vlan 2
sw2950(config-if-range)#exit
sw2950(config)#int range f0/7 - 12
sw2950(config-if-range)#switchport mode access
sw2950(config-if-range)#switchport access vlan 3
sw2950(config-if-range)#exit
sw2950(config)#int range f0/13 - 18
sw2950(config-if-range)#switchport mode access
sw2950(config-if-range)#switchport access vlan 4 sw2950(config-if-range)#end
sw2950#
路由器R2、R3、R4配置
R2(config)#interface fa0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 2.1.1.2 255.255.255.0
R2(config)#ip route 0.0.0.0 0.0.0.0 2.1.1.1
R3(config)#interface fa0/0
R3(config-if)#no shutdown
R3(config-if)#ip address 3.1.1.2 255.255.255.0
R3(config)#ip route 0.0.0.0 0.0.0.0 3.1.1.1
R4(config)#interface fa0/0
R4(config-if)#no shutdown
R4(config-if)#ip address 4.1.1.2 255.255.255.0
R4(config)#ip route 0.0.0.0 0.0.0.0 4.1.1.1
实验验证
R2#ping 3.1.1.2
R2#ping 4.1.1.2
LAB 13 –3 VLAN间路由
Switch(config)#hostname SW3560
SW3560(config)#vlan 10
SW3560(config-vlan)#exit
SW3560(config)#vlan 20
SW3560(config-vlan)#exi
SW3560(config)#vlan 30
SW3560(config-vlan)#exit
SW3560(config)#int f0/1
SW3560(config-if)#sw mo ac
SW3560(config-if)#sw ac v 10
SW3560(config-if)#int f0/2
SW3560(config-if)#sw mo ac
SW3560(config-if)#sw ac vl 20
SW3560(config-if)#int f0/3
SW3560(config-if)#sw mo ac
SW3560(config-if)#sw ac vlan 30
SW3560(config-if)#exit
SW3560(config)#int vlan 10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
SW3560(config-if)#ip add 10.10.10.1 255.255.255.0
SW3560(config-if)#int vlan 20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
SW3560(config-if)#ip add 20.20.20.1 255.255.255.0
SW3560(config-if)#int vlan 30
%LINK-5-CHANGED: Interface Vlan30, changed state to up
SW3560(config-if)#ip add 30.30.30.1 255.255.255.0
SW3560(config-if)#exit
SW3560(config)#ip routing
R2
R2(config)#int f0/0
R2(config-if)#ip add 10.10.10.2 255.255.255.0
R2(config-if)#no sh
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
R3
Router(config)#ho R3
R3(config)#int f0/0
R3(config-if)#ip add 20.20.20.2 255.255.255.0
R3(config-if)#no sh
R3(config)#ip route 0.0.0.0 0.0.0.0 20.20.20..1
R4
Router(config)#ho R4
R4(config)#int f0/0
R4(config-if)#ip add 30.30.30.2 255.255.255.0
R4(config-if)#no sh
R2(config)#ip route 0.0.0.0 0.0.0.0 30.30.30.1
测试
R2
R2#p 20.20.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 m