开启超级终端
enble
config terminal
开启端口/接口
no shutdown
设置IP地址
ip address (ip) (mask)
设置Vlan
- vlan (set_id_number)
- name (set_vlan_name)
- ..............
- exit
分配Vlan地址
- interface vlan (id_number)
- ip address (ip) (mask)
- exit
- replay
设置/分配Vlan相应的端口
- interface fastethernet 0/(port_number)
- switchport access vlan(id_number)
分配“范围段”端口给vlaninterface range fastenthernet 0/0-15
二层交换机和三层交换机是连接_trunk端口汇聚
- interface fastenthernet 0/?
- switchport mode trunk
限制某个端口通过trunkswitchport trunk allowed vlan remove 20(vlan_id?)
ACL控制
格式
access-list (set_list_nubmber) permit/deny (扩展可选协议) host (ip) (unmask)
eg:
Cisco-3750(config)#access-list 1 permit 192.168.30.0 0.0.0.255
ACl的连接
- (默认拒绝所有)
- interface vlan(id)
- ip access-group (list_number) out
单臂路由设置
- interface fastenthernet 0/1
- interface fastenthernet 0/1.1(1.1为逻辑接口序号)
- encapsulation dot1q (vlan_id)
- ip address (ip)(mask)
静态路由设置(三层交换机应用)
- 选择端口
- 打开端口
- 赋值地址
配置三层交换机
- 选择端口
- no switchport //属于任何一个Vlan端口
- 设置地址
配置三层交换机路由功能
- ip routing
- ip route (destination) (mask) (next_hoop)
ip route 101.100.155.0 255.255.0.0 next hoop配置路由器路由链路
同上
``ip route 101.100.155.0 255.255.0.0 next hoop`
- 设置路由两边的静态路由(左边到右边,右边到左边)
DHCP的设置实现
- 选择端口
- 设置ip地址
- ip dhcp pool (set_name)
- network (ip) (mask)
- default -route (gateway_ip)
- dns-server (dns_ip)
- exit
- 不分配的ip地址范围
- ip dhcp excluded-address (ip) (ip)
NAT设置
- ip nat outside/inside
- 选择地址
- exit
- 选择接口
- 打开/不关闭
nat地址池
ip nat pool (Set_name) (ip_range) netmask (mask)
- access-list (set_list_id) permit(ip)(反码)
- ip nat inside source list (list_id) pool (name) overload
other、
- ACL Standard range (1-99)ip-only
- extend range(100-199) 各种协议
- ACL默认拒绝所有(默认还有一条该规则)
- 自上而下匹配规则(顺序重要)
