1. Commands supported by the switch:
Set the switch name to Yzhswitch> access to the Super Terminal console switch>enable Access Switch Privileged mode Switch#switch#configure terminal into switch global configuration mode Switch (Configure) #hostname yzh change name to XXX
|
Switch Basic Status:
switch:. Rom status, router is rommon>
hostname>; user mode
hostname#. Privileged Mode
hostname (config) #; global configuration Mode
hostname (CONFIG-IF) #. Interface Status
Switch password settings:
switch>enable; Enter privileged mode Switch#config terminal; Go to global configuration mode Switch (config) #hostname. Set the host name of the switch Switch (config) #enable secret xxx; set privileged encryption password Switch (config) #enable password xxa; set privileged non-secret password Switch (config) #line console 0. Enter the console port Switch (config-line) #line vty 0 4; Enter virtual terminal Switch (config-line) #login. Consent to Login Switch (config-line) #password xx. Set Login password xx switch#exit; return command |
Switch VLAN settings:
Switch#vlan database; Enter VLAN settings Switch (VLAN) #vlan 2; Building VLAN 2 Switch (VLAN) #no VLAN 2; Delete VLAN 2 Switch (config) #int f0/1; Enter Port1 Switch (config-if) #switchport Access VLAN 2, when the front port adds VLAN 2 Switch (config-if) #switchport mode trunk. Set to Trunk Switch (config-if) #switchport trunk allowed VLAN 1. 2. Set the agreed VLAN ambiguous Switch (config-if) #switchport trunk encap dot1q; set VLAN trunking What is a trunk. function, two to three layers to set the relay mode Switch (config) #vtp domain; Set the VTP domain name what is VTP Switch (config) #vtp password; set the VTP password Switch (config) #vtp mode server, setting the VTP pattern Switch (config) #vtp mode client, setting the VTP pattern |
Switch set IP address:
Switch (config) #interface vlan 1. Go to VLAN 1 Switch (config-if) #ip address; Set IP addresses Switch (config) #ip Default-gateway. Set the default gateway Switch#dir flash:; View Flash |
The switch displays the command:
Switch#write; Saving configuration information Switch#show VTP; View VTP configuration information Switch#show run. View current configuration information Switch#show VLAN. Viewing VLAN configuration information Switch#show interface; View port information switch#show int f0/0; View specified port information |
2. Commands supported by the router:
Router Display command:
Router#show run; Display configuration information Router#show interface. displaying interface information Router#show IP route, displaying routing information Router#show CDP nei; show neighbor information Router#reload. Start again! |
Router Password settings:
router>enable; Enter privileged mode Router#config terminal; Go to global configuration mode Router (config) #hostname. Set the host name of the switch Router (config) #enable secret xxx; set privileged encryption password Router (config) #enable password xxb; set privileged non-secret password Router (config) #line console 0; Enter the console port Router (config-line) #line vty 0 4. Enter Virtual terminal Router (config-line) #login; Require password verification Router (config-line) #password xx; set Login password xx Router (config) # (ctrl + Z). Return to privileged mode router#exit; return command |
Router configuration:
Router (config) #int s0/0; Enter Serail interface Router (config-if) #no shutdown. Activating the current interface Router (config-if) #clock rate 64000; set Sync clock Router (config-if) #ip address; Set IP addresses Router (config-if) #ip address second. Set a second IP Router (config-if) #int f0/0.1. Enter sub-interface Router (CONFIG-SUBIF.1) #ip address. Set Subinterface IP Router (CONFIG-SUBIF.1) #encapsulation dot1q. Bind VLAN Trunking Protocol Router (config) #config-register 0x2142; skip config file Router (config) #config-register 0x2102; normal usage profile Router#reload. Another boot. |
Router file operations:
| router#copy running-config startup-config ; Save Configuration router#copy running-config tftp ; Save configuration to TFTP router#copy startup-config tftp ; boot configuration to TFTP router#copy tftp flash: ; The file is sent to Flash Router#copy tftp startup-config. Download configuration file ROM status: ctrl+break . Enter ROM monitoring status rommon>confreg 0x2142 ; Skip profile rommon>confreg 0x2102 . Restore Profile Rommon>reset ; another boot rommon>copy xmodem: flash: ; transferring files from the console rommon>ip_address=10.65.1.2 ; set the router IP rommon>ip_subnet_mask=255.255.0.0 . Set the router mask rommon>tftp_server=10.65.1.1 . Specify Tftpserverip rommon>tftp_file=c2600.bin ; specified downloaded file rommon>tftpdnld ; download from TFTP Rommon >dir flash: ; View Flash content rommon>boot ; boot iOS |
Static routes:
IP route; command format Router (config) #ip route 2.0.0.0 255.0.0.0 1.1.1.2; Static Route example Router (config) #ip Route 0.0.0.0 0.0.0.0 1.1.1.2. Default Route Example |
Dynamic routing:
Router (config) #ip routing. Initiate route forwarding Router (config) #router rip; start RIP routing protocol. Router (config-router) #network. Set up advertisement routes Router (config-router) #negihbor. Point-to-point frame relay. |
Frame Relay Command:
Router (config) #frame-relay switching; enable Frame Relay switching Router (config-s0) #encapsulation frame-relay; enable Frame Relay Router (config-s0) #fram-relay lmi-type Cisco; setting Management type Router (config-s0) #frame-relay intf-type DCE, set to DCE Router (config-s0) #frame-relay DLCI 16; Router (config-s0) #frame-relay Local-dlci 20. Set the virtual circuit number Router (config-s0) #frame-relay Interface-dlci 16. Router (config) #log-adjacency-changes; log adjacency changes Router (config) #int s0/0.1 point-to-point. Set sub-interface point-to-point Router#show frame PVC; Show permanent virtual circuit Router#show frame map; Display map |
Basic Access Control List:
Router (config) #access-list permit|deny Router (config) #interface; Default:deny any Router (config-if) #ip access-group in|out; default:out Example 1: Router (config) #access-list 4 Permit 10.8.1.1 Router (config) #access-list 4 deny 10.8.1.0 0.0.0.255 Router (config) #access-list 4 Permit 10.8.0.0 0.0.255.255 Router (config) #access-list 4 deny 10.0.0.0 0.255.255.255 Router (config) #access-list 4 Permit any Router (config) #int f0/0 Router (config-if) #ip Access-group 4 in |
Extended Access Control List:
Access-list Permit|deny ICMP <destinationip Wild>[type] Access-list Permit|deny TCP <destinationip Wild>[port] Example 3: Router (config) #access-list 101 deny ICMP any 10.64.0.2 0.0.0.0 Echo Router (config) #access-list 101 Permit IP any Router (config) #int s0/0 Router (config-if) #ip Access-group 101 in Example 3: Router (config) #access-list 102 deny TCP any 10.65.0.2 0.0.0.0 EQ 80 Router (config) #access-list 102 permit IP any Router (config) #interface S0/1 Router (config-if) #ip Access-group 102 out |
Delete the Access Control Example table:
Router (config) #no access-list 102
Router (config-if) #no IP access-group 101 in
NAT configuration for Routers
Router (config-if) #ip nat inside; The current interface is specified as an internal interface Router (config-if) #ip Nat outside; The current interface is specified as an external interface Router (config) #ip nat inside source static [P] < private ip>< public network ip> [Port] Router (config) #ip nat inside source static 10.65.1.2 60.1.1.1 Router (config) #ip nat inside source static TCP 10.65.1.3 80 60.1.1.1 80 Router (config) #ip nat pool P1 60.1.1.1 60.1.1.20 255.255.255.0 Router (config) #ip nat inside source list 1 pool P1 Router (config) #ip nat inside Destination List 2 pool P2 Router (config) #ip nat inside source List 2 interface s0/0 overload Router (config) #ip nat pool P2 10.65.1.2 10.65.1.4 255.255.255.0 type rotary Router#show IP NAT Translation Rotary is the meaning of rotation. IP in the address pool is rotated to match the address assigned by NAT. The overload parameter is used by Pat to map the internal IP to a different port on a public IP.
|
External Gateway Protocol configuration:
RouterA (config) #router BGP 100 RouterA (config-router) #network 19.0.0.0 RouterA (config-router) #neighbor 8.1.1.2 Remote-as 200 |
To configure PPP authentication:
RouterA (config) #username password RouterA (config) #int S0 RouterA (config-if) #ppp authentication {CHAP|PAP} |
3. PIX Firewall Command
Pix525 (config) #nameif ethernet0 outside security0; naming interfaces and levels Pix525 (config) #interface ethernet0 auto, set interface mode Pix525 (config) #interface ethernet1 100full; set interface mode Pix525 (config) #interface ethernet1 100full shutdown Pix525 (config) #ip address inside 192.168.0.1 255.255.255.0 Pix525 (config) #ip address outside 133.0.0.1 255.255.255.252 Pix525 (config) #global (if_name) Natid ip-ip; define public IP range Pix525 (config) #global (outside) 1 7.0.0.1-7.0.0.15; Pix525 (config) #global (outside) 1 133.0.0.1; Pix525 (config) #no Global (outside) 1 133.0.0.1 remove settings Pix525 (config) #nat (if_name) nat_id local_ip [Netmark] Pix525 (config) #nat (inside) 1 0 0 All intranet hosts (0 for 0.0.0.0) have access to the global 1 designated extranet. Pix525 (config) #nat (inside) 1 172.16.5.0 255.255.0.0 The host of the Intranet 172.16.5.0/16 network segment can access the global 1 designated extranet.
Pix525 (config) #route if_name 0 0 gateway_ip [metric]. Command format Pix525 (config) #route outside 0 0 133.0.0.1 1; Pix525 (config) #route inside 10.1.0.0 255.255.0.0 10.8.0.1 1; Pix525 (config) #static (inside, outside) 133.0.0.1 192.168.0.8 Represents the internal IP address 192.168.0.8, which is translated into the 133.0.0.1 global address when it is externally visited. Pix525 (config) #static (DMZ, outside) 133.0.0.1 172.16.0.8 The middle zone IP address 172.16.0.8, which is translated into the 133.0.0.1 global address when it is externally visited. |
One, configure PC solid state IP:
Double-click IP configuration
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/center ">
Configure the second computer in the same vein. Then connect the two computers to the switch, when the two computers form a simple LAN.
Double-click the button to enter the CMD mode of the computer, ping the IP
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/center ">
This shows that the two computers can communicate properly.
Just use the broadcast mode.
Two. Configure dynamic IP
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
The computer IP configuration chooses DHCP to obtain the IP on its own initiative, and then it needs to be configured. Dynamically assign IP to the server.
Double-click the server's IP configuration to have the server with a solid-state IP
Then configure the dynamic IP parameters in the DHCP configuration in the Click Server Config
So the dynamic IP is allocated.
Just the default gateway may be loaded just to go. You will need to type in command-line mode on your computer, such as:
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
To load the gateway, type ipconfig/renew at the command line of the computer
This allows the solid state IP to be configured.
Three, configure VLAN layer three switch, connect two LAN
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
Suppose a LAN is connected, and there are different LANs that need to partition VLANs. A three-layer switch is required for VLANs to be connected.
1. On the switch info206 the VLAN 2 VLAN 3 and divide the port into VLANs, which is the three computers below. Because the info206 has two VLANs, the info206 connection to the three layer switch requires the use of relay mode.
2. Divide all the required VLANs on the three-layer switch and assign each VLAN a gateway to the LAN as IP.
And then you can connect.
Set Trunk Trunk mode
The same on the three-layer switch to partition all the VLAN, and then to the VLAN with IP (as the gateway to the network segment)
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvbmvhbgdhdmlu/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
Then it's done, and remember that all VLANs have to be IP-equipped.
Finally, the most important thing is to open a three-layer switch routing function: (global mode) IP routing
Cisco emulator configuration Three-layer switch LAN