Catalyst 2950 Switch
Cat2950#
Cat2950#conf t
Enter configuration commands, one per line. End with CNTL/Z.
!-- The VLAN Trunk Protocol (VTP) mode is set to server,
!-- and the VTP domain name to is set to cisco.
Cat2950(config)#vtp mode server
Setting device to VTP SERVER mode
Cat2950(config)#vtp domain cisco
Changing VTP domain name from VitalCom to cisco
!-- Created two VLANs: VLAN10 and VLAN20.
Cat2950(config)#vlan 10
Cat2950(config-vlan)#exit
Cat2950(config)#vlan 20
Cat2950(config-vlan)#exit
!-- Configured ports Fa0/5 through Fa0/14 in VLAN10,
!-- and ports fa0/15 through Fa0/26 in VLAN20.
Cat2950(config)#int range fa0/5 - 14
Cat2950(config-if-range)#switchport access vlan 10
Cat2950(config-if-range)#exit
Cat2950(config)#int range fa0/15 - 26
Cat2950(config-if-range)#switchport access vlan 20
Cat2950(config-if-range)#^Z
Cat2950#
00:32:39: %SYS-5-CONFIG_I: Configured from console by console
!-- Configured the management interface so that the switch
!-- can be accessed remotely by using Telnet.
Cat2950#conf t
Cat2950(config)#int vlan 10
Cat2950(config-if)#ip address 10.10.10.10 255.255.255.0
Cat2950(config-if)#no shutdown
00:24:07: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
Cat2950(config-if)#^Z
00:24:12: %SYS-5-CONFIG_I: Configured from console by console
Cat2950#conf t
Enter configuration commands, one per line. End with CNTL/Z.
!-- Configured the default-gateway, which is the IP address of the sub-interface
!-- on the router for VLAN 10, so that the switch can be accessed from any VLAN.
Cat2950(config)#ip default-gateway 10.10.10.1
!-- Configured a logical channel interface.
Cat2950(config)#int port-channel 1
Cat2950(config-if)#exit
!-- Ports are assigned to the logical channel interface to form an EtherChannel.
!-- Note: The channel mode on the switch is set to on because the Cisco 7200
!-- router on the other end does not support Port Aggregation Protocol(PAgP).
Cat2950(config)#int fa0/2
Cat2950(config-if)#channel-group 1 mode on
Cat2950(config-if)#exit
Cat2950(config)#
00:25:38: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
00:25:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed
state to up
Cat2950(config)#int fa0/3
Cat2950(config-if)#channel-group 1 mode on
Cat2950(config-if)#exit
!-- To configure trunking over EtherChannel, trunking
!-- is enabled over the logical channel interface.
Cat2950(config)#int port-channel 1
Cat2950(config-if)#switchport mode trunk
Cat2950(config-if)#
00:27:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/2, chang
ed state to down
00:27:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/3, chang
Ed state to down
00:27:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed
state to down
00:27:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/2, chang
Ed state to up
00:27:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/3, chang
Ed state to up
00:27:18: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
00:27:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed
state to up
!-- Configured VLAN10 as the Native VLAN for untagged traffic.
Cat2950(config-if)#switchport trunk native vlan 10
Cat2950(config-if)#^Z
00:24:12: %SYS-5-CONFIG_I: Configured from console by console
Cat2950#
Cisco 7200 Router
Cisco7200#
Cisco7200#conf t
Enter configuration commands, one per line. End with CNTL/Z.
!-- Created a logical channel interface to form an EtherChannel.
Cisco7200(config)#int port-channel 1
Cisco7200(config-if)#exit
!-- The ports fa3/0 and fa4/0 are configured as members of the
!-- logical channel to form an EtherChannel group.
Cisco7200(config)#int fa3/0
Cisco7200(config-if)#channel-group 1
FastEthernet3/0 added as member-1 to port-channel1
Cisco7200(config-if)#exit
Cisco7200(config)#
00:25:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed
state to up
Cisco7200(config)#int fa4/0
Cisco7200(config-if)#channel-group 1
FastEthernet4/0 added as member-2 to port-channel1
Cisco7200(config-if)#exit
!-- Configured sub-interfaces over port-channel for VLAN10 and VLAN20 to
configure
!-- trunking over EtherChannel. The IP address is assigned to InterVLAN routing.
!-- Configured VLAN10 as the Native VLAN for untagged traffic.
Cisco7200(config)#int port-channel 1.10
Cisco7200(config-subif)#encapsulation dot1Q 10 native
Cisco7200(config-subif)#ip address 10.10.10.1 255.255.255.0
Cisco7200(config-subif)#exit
Cisco7200(config)#int port-channel 1.20
Cisco7200(config-subif)#encapsulation dot1Q 20
Cisco7200(config-subif)#ip address 10.10.11.1 255.255.255.0
Cisco7200(config-subif)#exit
Cisco7200(config)#exit
Cisco7200#
二、WS-X4232-L3三层路由模块的配置清单
(其中包括:VLAN路由、访问控制列表、三层模块与交换机背板通道的配置等等)
WS-X4232-L3#
Using 4055 out of 126968 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname WS-X4232-L3
!
enable secret 5 *****************
enable password **********
!
ip subnet-zero
!
!
!
interface Port-channel1
no ip address
no ip directed-broadcast
hold-queue 300 in
!
interface Port-channel1.1
encapsulation dot1Q 1 native
ip address 10.10.1.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.16
encapsulation dot1Q 16
ip address 21x.xxx.16.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.17
encapsulation dot1Q 17
ip address 21x.xxx.17.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.18
encapsulation dot1Q 18
ip address 21x.xxx.18.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.19
encapsulation dot1Q 19
ip address 21x.xxx.19.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.20
encapsulation dot1Q 20
ip address 21x.xxx.21.254 255.255.254.0 secondary
ip address 21x.xxx.20.254 255.255.254.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.22
encapsulation dot1Q 22
ip address 21x.xxx.22.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.23
encapsulation dot1Q 23
ip address 21x.xxx.23.254 255.255.255.0
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip directed-broadcast
!
interface FastEthernet1
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet1
ip address 21x.xxx.xxx.xxx 255.255.255.240
ip access-group 110 in
ip access-group 110 out
no ip directed-broadcast
!
interface GigabitEthernet2
no ip address
no ip directed-broadcast
!
interface GigabitEthernet3
no ip address
no ip directed-broadcast
no negotiation auto
channel-group 1
!
interface GigabitEthernet4
no ip address
no ip directed-broadcast
no negotiation auto
channel-group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 2xx.xxx.xxx.xxx
!
access-list 110 deny tcp any any eq echo
access-list 110 deny tcp any any eq chargen
access-list 110 deny tcp any any eq 135
access-list 110 deny tcp any any eq 136
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 138
access-list 110 deny tcp any any eq 139
access-list 110 deny tcp any any eq 389
access-list 110 deny tcp any any eq 445
access-list 110 deny tcp any any eq 4444
access-list 110 deny udp any any eq tftp
access-list 110 deny udp any any eq 135
access-list 110 deny udp any any eq 136
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny udp any any eq 389
access-list 110 deny udp any any eq 445
access-list 110 deny udp any any eq 1434
access-list 110 deny udp any any eq 1433
access-list 110 deny udp any any eq 1025
access-list 110 deny udp any any eq 455
access-list 110 deny udp any any eq 5554
access-list 110 deny udp any any eq 9996
access-list 110 deny udp any any eq 6129
access-list 110 deny udp any any eq 3127
access-list 110 deny udp any any eq 2745
access-list 110 deny tcp any any eq 6669
access-list 110 deny tcp any any eq 1023
access-list 110 deny tcp any any eq 1024
access-list 110 deny tcp any any eq 3332
access-list 110 deny tcp any any eq 69
access-list 110 deny udp any any eq 593
access-list 110 deny tcp any any eq 593
access-list 110 permit ip any any
arp 127.0.0.2 0005.5e73.9300 ARPA
!
line con 0
transport input none
line aux 0
line vty 0 4
password **********
login
!
end
WS-X4232-L3#
