上海直飞伦敦:思科三层交换的配置清单与综合案例 - VLAN守望者的日志 - 网易博客

来源:百度文库 编辑:中财网 时间:2024/04/30 12:40:32

思科三层交换的配置清单与综合案例

CISCO案例 2008-08-29 15:39:19 阅读30 评论0   字号: 订阅

网络基本情况

网络拓扑结构为:中心交换机采用Cisco Catalyst 4006-S3,Supervisor Engine III G引擎位于第1插槽,用于实现三层交换;1块24口1000Base-T模块位于第2插槽,用于连接网络服务器;1块6端口1000Base-X模块位于第3插槽,用于连接6 台骨干交换机。一台交换机采用Cisco Catalyst 3550-24-EMI,并安装1块1000Base-X GBIC千兆模块。一台交换机采用Cisco Catalyst 3550-24-SMI,也安装1块1000Base-X GBIC千兆模块。另外四台交换机采用Cisco Catalyst 2950G-24-SMI,安装1块1000Base-T GBIC千兆模块。所有服务器划分为一个VLAN,即VLAN 50。四台Catalyst 2950G-24-SMI交换机也只划分为一个VLAN,分别为VLAN 60、VLAN 70、VLAN 80和VLAN 90。

Catalyst 3550-24-EMI划分为4个VLAN,分别为VLAN 10、VLAN 20、VLAN 30和VLAN 40。Catalyst 3550-24-SMI划分2个VLAN,分别为VLAN 60和VLAN 80,与另外两台Catalyst 2950G-24-SMI交换机分别位于同一VLAN。

 

实例分析

由于所有Catalyst 2950G交换机都是一个独立的VLAN,因此,必须先在这些交换机上创建VLAN(VLAN 60~VLAN 90),并将所有端口都指定至该VLAN。然后,再在Catalyst 4006交换机相应端口上分别创建VLAN。Catalyst 4006的1000Base-X端口分别与各Catalyst 2950G的1000Base-X端口连接。其中,

GigabitEthernet3/2端口连接至1号Catalyst 2950交换机(VLAN 60),GigabitEthernet3/3端口连接至2号Catalyst 2950交换机(VLAN 70),GigabitEthernet3/4端口连接至3号Catalyst 2950交换机(VLAN 80),GigabitEthernet3/5端口连接至4号Catalyst 2950交换机(VLAN 90),GigabitEthernet3/6端口连接至6号楼交换机(VLAN 80)。由于在Catalyst 3550-24-EMI上划分有4个VLAN(VLAN 10~VLAN 40),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/1端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。

同样,在Catalyst 3550-24-SMI上划分有2个VLAN(VLAN 60和VLAN 80),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/6端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。

另外,所有服务器均连接至Catalyst 4006的1000Base-T模块,并单独成为一个VLAN(VLAN 90),因此,也必须为这些交换机创建一个VLAN,并将所有端口指定至该VLAN。需要注意的是,考虑到网络管理的需要,也可以剩余几个RJ-45端口 (如21至24端口)不指定至任何VLAN,从而便于连接网络管理设备。默认状态下,所有端口都属于VLAN1,而且也只有在VLAN1中才能实现对网络中所有设备的管理。

配置清单

●Cisco Catalyst 4006交换机配置清单

Current configuration : 5594 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname hsnc
!
boot system bootflash:cat4000-is-mz.121-8a.EW1.bin
no logging console
enable secret level 1 5 $1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/
!
ip subnet-zero
!
!
!
interface GigabitEthernet1/1
no snmp trap link-status
!--不为Supervisor Engine III G引擎中的1000Base-X插槽指定VLAN
interface GigabitEthernet1/2
no snmp trap link-status
!
!
interface GigabitEthernet2/1
switchport access vlan 50
no snmp trap link-status
!--将端口GigabitEthernet2/1指定至VLAN 50
!
interface GigabitEthernet2/2
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/3
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/4
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/5
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/6
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/7
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/8
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/9
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/10
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/11
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/12
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/13
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/14
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/15
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/16
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/17
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/18
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/19
switchport access vlan 50
no snmp trap link-status
!
interface GigabitEthernet2/20
switchport access vlan 50
no snmp trap link-status
!--不将GigabitEthernet2/20~24指定至任何VLAN
!interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--确保未被授权的VLAN通过该Trunk,实现VLAN的访问安全
switchport mode trunk
!--将该端口设置为Trunk
description netcenter
no snmp trap link-status
!
interface GigabitEthernet3/2
switchport access vlan 60
no snmp trap link-status
!--将端口GigabitEthernet3/2指定至VLAN 60
!
interface GigabitEthernet3/3
switchport access vlan 70
no snmp trap link-status
!--将端口GigabitEthernet3/3指定至VLAN 70
!
interface GigabitEthernet3/4
switchport access vlan 80
no snmp trap link-status
!--将端口GigabitEthernet3/4指定至VLAN 80
!
interface GigabitEthernet3/5
switchport access vlan 90
no snmp trap link-status
!--将端口GigabitEthernet3/5指定至VLAN 90
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-90在该中继线通讯
!--可以拒绝或允许某个VLAN访问该Trunk
!--从而确保未被授权的VLAN通过该Trunk,实现VLAN访问安全
switchport mode trunk
!--将该端口设置为Trunk
description netcenter
no snmp trap link-status
!
interface Vlan1
description netmanger
no ip address
!
!--对VLAN1进行描述
interface Vlan10
description network center
no ip address
!--对VLAN2进行描述
!
interface Vlan20
description computer center
no ip address
!
interface Vlan30
description network lab
no ip address
!
interface Vlan40
description huaxuelou
no ip address
!
interface Vlan50
description wulilou
no ip address
!
interface Vlan60
description shengwulou
no ip address
!interface Vlan70
description zhongwenxi
no ip address
!
interface Vlan80
description tushuguan
no ip address
!
!
line con 0
stopbits 1
line vty 0 4
password aaa
login
!
end

Cisco Catalyst 3550-EMI配置清单

Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!--将端口FastEthernet0/1指定至VLAN 10
no ip address
!
interface FastEthernet0/2
switchport access vlan 10
no ip address
!
interface FastEthernet0/3
switchport access vlan 10
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 30
no ip address
!--将端口FastEthernet0/6指定至VLAN 30
!
interface FastEthernet0/12
switchport access vlan 30
no ip address
!
interface FastEthernet0/13
switchport access vlan 30
no ip address
!
interface FastEthernet0/14
switchport access vlan 30
no ip address
!
nterface FastEthernet0/15
switchport access vlan 30
no ip address
!
interface FastEthernet0/16
switchport access vlan 30
no ip address
!
interface FastEthernet0/17
switchport access vlan 30
no ip address
!
interface FastEthernet0/18
switchport access vlan 30
no ip address
!
interface FastEthernet0/19
switchport access vlan 40
ip address
!--将端口FastEthernet0/6指定至VLAN 40
!interface FastEthernet0/20
witchport access vlan 40
no ip address
!
interface FastEthernet0/21
switchport access vlan 40
no ip address
!
interface FastEthernet0/22
switchport access vlan 30
no ip address
!
interface FastEthernet0/23
switchport access vlan 40
no ip address
!
interface FastEthernet0/24
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
itchport mode trunk
!--将该端口设置为Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.12 255.255.255.0
!--LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end

Cisco Catalyst 3550-SMI配置清单

Building configuration...
Current configuration : 4055 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname office
!
enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 60
!--将端口FastEthernet0/1指定至VLAN 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 20
no ip address
!--将端口FastEthernet0/6指定至VLAN 20
!interface FastEthernet0/7
switchport access vlan 20
no ip address
!
interface FastEthernet0/8
switchport access vlan 20
no ip address
!
interface FastEthernet0/9
switchport access vlan 20
no ip address
!
interface FastEthernet0/10
switchport access vlan 20
no ip address
!
interface FastEthernet0/11
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!
interface FastEthernet0/12
switchport access vlan 80
no ip address
!
interface FastEthernet0/13
switchport access vlan 80
no ip address
!
interface FastEthernet0/14
switchport access vlan 80
no ip address
!
interface FastEthernet0/15
switchport access vlan 80
no ip address
interface FastEthernet0/16
switchport access vlan 80
no ip address
!
interface FastEthernet0/17
switchport access vlan 80
no ip address
!
interface FastEthernet0/18
switchport access vlan 80
no ip address
!
interface FastEthernet0/19
switchport access vlan 80
no ip address
!--将端口FastEthernet0/6指定至VLAN 80
!interface FastEthernet0/20
switchport access vlan 80
no ip address
!
interface FastEthernet0/21
switchport access vlan 80
no ip address
!
interface FastEthernet0/22
switchport access vlan 80
no ip address
!
interface FastEthernet0/23
switchport access vlan 80
no ip address
!
interface FastEthernet0/24
switchport access vlan 80
no ip address
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
!--启用802.1Q Trunk封装协议,即在该端口创建Trunk
switchport trunk allowed vlan 1-80
!--允许vlan 1-80在该中继线通讯
switchport mode trunk
!--从将该端口设置为Trunk
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.13 255.255.255.0
!--为LAN1指定IP地址
no ip route-cache
no ip mroute-cache
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end

Cisco Catalyst 2950G配置清单

四台Cisco Catalyst 2950G的配置基本相同,下面仅列出VLAN 60的配置情况。

Building configuration...
Current configuration : 2143 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msl
!
enable password aaa
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 60
no ip address
!
interface FastEthernet0/2
switchport access vlan 60
no ip address
!
interface FastEthernet0/3
switchport access vlan 60
no ip address
!
interface FastEthernet0/4
switchport access vlan 60
no ip address
!
interface FastEthernet0/5
switchport access vlan 60
no ip address
!
interface FastEthernet0/6
switchport access vlan 60
no ip address
!
interface FastEthernet0/7
switchport access vlan 60
no ip address
!
interface FastEthernet0/8
switchport access vlan 60
no ip address
!
interface FastEthernet0/9
switchport access vlan 60
no ip address
!
interface FastEthernet0/10
switchport access vlan 60
no ip address
!
interface FastEthernet0/11
switchport access vlan 60
no ip address
!interface FastEthernet0/12
switchport access vlan 60
no ip address
!
interface FastEthernet0/13
switchport access vlan 60
no ip address
!
interface FastEthernet0/14
switchport access vlan 60
no ip address
!
interface FastEthernet0/15
switchport access vlan 60
no ip address
!
interface FastEthernet0/16
switchport access vlan 60
no ip address
!
interface FastEthernet0/17
switchport access vlan 60
no ip address
!
interface FastEthernet0/18
switchport access vlan 60
no ip address
!
interface FastEthernet0/19
switchport access vlan 60
no ip address
!
interface FastEthernet0/20
switchport access vlan 60
no ip address
!
interface FastEthernet0/21
switchport access vlan 60
no ip address
!
interface FastEthernet0/22
switchport access vlan 60
no ip address
!
interface FastEthernet0/23
switchport access vlan 60
no ip address
!
interface FastEthernet0/24
switchport access vlan 60
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 172.16.100.10 255.255.255.0
!
ip classless
ip http server
!
!
!
!
line con 0
line vty 0 4
password aaa
login
line vty 5 15
login
!
end

以下内容 ancy 由撰写

经典的三层网络案例分析。

经典的三层网络案例分析。

目的:让不同的vlan 之间可以互相通讯。

IP规划

vlna ID ip网段 vlan网关

vlan 1 172.16.1.0/24 172.16.1.7-9

vlan 2 172.16.2.0/24 172.16.2.252-254

vlan 3 172.16.3.0/24 172.16.3.252-254

vlan 4 172.16.4.0/24 172.16.4.252-254

vlan 5 172.16.5.0/24 172.16.5.252-254

vlan 6 172.16.6.0/24 172.16.6.252-254

vlan 7 172.16.7.0/24 172.16.7.252-254

vlan 8 172.16.8.0/24 172.16.8.252-254

cisco路由器配置:

Enable
Configure terminal
Service password-encryption
Hostname cisco1721
Enable secret 654321
Enable password 123456
ip subnet-zero
ip name-server 202.96.134.133 202.96.172.218
interface fastethernet 0
ip address 61.142.221.5 255.255.255.240
speed auto
no shutdown
interface serial 0
ip unnumbered fastethernet 0
encapsulation ppp
no fair-queue
bandwidth 2048
no shutdown
exit
ip classless
ip route 0.0.0.0 0.0.0.0 serial 0
no ip http server
line con 0
line aux 0
line vty 0 4
password 12345678
login
no scheduler allocate
end

请注意NAT等是在防火墙设置的.

交换机配置

一、Catalyst 4006-s3交换机配置:

Enable
Configure terminal
service pad
service password-encryption
hostname c4006-s3
enable password 123456.
Enable secret 654321
Ip subnet-zero
Ip name-server 172.16.8.1 172.16.8.2
ip routing
Exit
Vlan database
Vtp mode server
Vtp domain centervtp
Vlan 2 name vlan2
Vlan 3 name vlan3
Vlan 4 name vlan4
Vlan 5 name vlan5
Vlan 6 name vlan6
Vlan 7 name vlan7
Vlan 8 name vlan8
Vlan 9 name vlan9
Exit
Configure terminal
Interface port-channel 1
Interface gigabitethernet 2/1
channel-group 1
Interface gigabitethernet 2/2
channel-group 1
Interface gigabitethernet 2/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/3
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 2/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigbitethernet 2/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchprot trunk allowed vlan all
interface gigbitethernet 2/7
switchport access vlan 9
no shutdown
interface range gigabitethernet 2/8 – 20
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast
interface gigabitethernet 3/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 3/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree vlan 1-9 root primary
spanning-tree backbonefast
interface vlan 1
ip address 172.16.1.7 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 110 preempt
interface vlan 2
ip address 172.16.2.252 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 110 preempt
interface vlan 3
ip address 172.16.3.252 255.255.255.0
no shutdown
standby 3 ip 172.16.3.254
standby 3 priority 110 preempt
interface vlan 4
ip address 172.16.4.252 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 110 preempt
interface vlan 5
ip address 172.16.5.252 255.255.255.0
no shutdown
standby 5 ip 172.16.5.254
standby 5 priority 110 preempt
interface vlan 6
ip address 172.16.6.252 255.255.255.0
no shutdown
standby 6 ip 172.16.6.254
standby 6 priority 110 preempt
interface vlan 7
ip address 172.16.7.252 255.255.255.0
no shutdown
standby 7 ip 172.16.7.254
standby 7 priority 110 preempt
interface vlan 8
ip address 172.16.8.252 255.255.255.0
no shutdown
standby 8 ip 172.16.8.254
standby 8 priority 110 preempt
interface vlan 9
ip address 172.16.9.252 255.255.255.0
no shutdown
standby 9 ip 172.16.9.254
standby 9 priority 110 preempt
exit
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.9.250
line con 0
line aux 0
line vty 0 15
password 12345678
login
end

二、Catalyst 3550-12T交换机配置:

Enable
Configure terminal
service pad
service password-encryption
hostname c3550-12t
enable password 123456
enable secret 654321
ip subnet-zero
ip name-server 172.16.8.1. 172.16.8.2
ip routing
exit
vlan database
vtp mode server
vtp domain centervtp
vlan 2 name vlan2
vlan 3 name vlan3
vlan 4 name vlan4
vlan 5 name vlan5
vlan 6 name vlan6
vlan 7 name vlan7
vlan 8 name vlan8
vlan 9 name vlan9
exit
configure terminal
interface port-channel 1
interface gigabitethernet 0/1
channel-group 1
interface gigabitethernet 0/2
channel-group 1
exit
interface gigabitethernet 0/1
switchport mode trunk
switchport encapsulation dotlq
swithchport trunk allowed vlan all
interface gigabitethernet 0/3
switchport mode trunk
switchport trunk encapsulation dotlq
swithcport trunk allowed vlan all
interface gigabitethernet 0/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
interface gigabitethernet 0/7
switchport access vlan 9
no shutdown
interface range gigabitethernet 0/8 – 10
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast
interface gigabitethernet 0/11
switchport mode trunk
switchport trunk encapsulation dotlq
swithcprot trunk allowed vlan all
interface gigabitethernet 0/12
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree vlan 1-9 root secondary
spanning-tree backbonefast
interface vlan 1
ip address 172.16.1.8 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 100 preempt
interface vlan 2
ip address 172.16.2.253 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 100 preempt
interface vlan 3
ip address 172.16.3.253 255.255.255.0
not shutdown
standby 3 ip 172.16.3.254
standby 3 priority 100 preempt
interface vlan 4
ip address 172.16.4.253 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 100 preempt
interface vlan 5
ip addess 172.16.5.253 255.255.255.0
no shutdown
standby 5 ip 172.16.5.253
standby 5 priority 100 preempt
interface vlan 6
ip address 172.16.6.253 255.255.255.0
no shutdown
standby 6 ip 172.16.6.254
standby 6 priority 100 preempt
interface vlan 7
ip address 172.16.7.253 255.255.255.0
no shutdown
standby 7 ip 172.16.7.254
standby 7 priority 100 preempt
interface vlan 8
ip address 172.16.8.253 255.255.255.0
no shutdown
standby 8 ip 172.16.8.254
standby 8 priority 100 preempt
interface vlan 9
ip address 172.16.9.253 255.255.255.0
no shutdown
standby 9 ip 172.16.9.254
standby 9 priority 100 preempt
exit
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.9.250
ip http server
line con 0
line aux 0
line vty 0 15
password 12345678
login
end

三、Catalyst 2950-24 vlan2 交换机配置:

Enable
Configure terminal
Service pad
Service password-encryption
Hostname c2950-241
Enable password 123456
Enable secret 654321
Ip subnet-zero
Interface vlan 1
Ip address 172.16.1.1 255.255.255.0
management
No shutdown
Ip default-gateway 172.16.1.9
Ip name-server 172.16.8.1 172.16.8.2
exit
Vlan database
Vtp mode client
Vtp domain centervtp
Exit
Configure terminal
Interface range fastethernet 0/1 – 20
Switchport mode access
Switchport accesss vlan 2
No shutdown
Spanning-tree portfast
Spanning-tree uplinkfast
Spanning-tree backbonefast
Interface gigabitethernet 0/1
Switchport mode trunk
Switchport trunk encapculation dotlq
Switchport trunk allowed vlan all
Spanning-tree cost 10
Interface gigabitethernet 0/2
Switchport mode trunk
Switchport trunk encapculation dotlq
Switchport trunk allowed vlan all
Spanning-tree cost 20
Exit
Line con 0
Line aux 0
Line vty 0 15
Password 12345678
Login
End

四、catalyst 2950-24 vlan 3 交换机配置:

enable
configure terminal
service pad
service password-encryption
hostname c2950-242
enable password 123456
enable secret 654321
ip subnet-zero
interface vlan 1
ip address 172.16.1.2 255.255.255.0
management
no shutdown
ip default-gateway 172.16.1.9
ip name-server 172.16.8.1 172.16.8.2
exit
vlan database
vtp domain centervtp
vtp mode client
exit
configure terminal
interface range fastethernet 0/1 – 20
switchport mode access
switchport access vlan 3
no shutdown
spanning-tree portfast
spanning-tree uplinefast
spanning-tree backbonefast
interface gigabitethernet 0/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree cost 10
interface gigabitethernet 0/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all
spanning-tree cost 20
exit
line con 0
line aux 0
line vty 0 15
password 12345678
login
end
copy running-config startup-config
reload

其它交换机配置类似。

vlan 9 172.16.9.0/24 172.16.9.252-254

交换机的二层交换与三层交换的联系 三层交换技术的不足 思科交换路由器的产品大全 什么是三层交换技术 什么是三层交换 CISCO三层交换模拟器 三层交换的VLAN默认是通的吗 交换到桌面交换机和普通三层交换机的区别? 三层交换机能连不同的网段吗? 求电脑配置的清单. 请教二层交换器和三层交换器设备是不是不同的? 请教二层交换器和三层交换器硬件设备是不是不的? 请教二层交换器和三层交换器硬件设备是不是不同的? 思科2950的交换机如何配置VLAN 有谁知道思科交换机的配置命令 思科路由器2600的配置方法 思科交换机3550配置VLAN的问题? 关于思科NAT配置的题目 为什么要使用交换式以太网?二层交换,三层交换,四层交换,起层交换各自是如何工作的?能实现什么功能? 电路交换与ATM交换的区别? 设计电路(列出元件清单):电话交换网络(实现40部电话之间的交换) 思科路由器与交换机之间的连接 当年华为与思科的纠纷 如何配置电脑的最新购买清单?