12.14. Switch Config Example-白红宇

12.14.1. VLan Router

12.14.1.1. VLAN间DHCP

Switch#vlan database% Warning: It is recommended to configure VLAN from config mode,  as VLAN database mode is being deprecated. Please consult user  documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name developmentVLAN 2 modified:    Name: developmentSwitch(vlan)#vlan 3 name marketVLAN 3 modified:    Name: marketSwitch(vlan)#exitAPPLY completed.Exiting....Switch#conf terminalEnter configuration commands, one per line.  End with CNTL/Z.Switch(config)#int vlan 2Switch(config-if)#ip address 192.168.8.1 255.255.255.0Switch(config-if)#exitSwitch(config)#int vlan 3Switch(config-if)#ip address 192.168.9.1 255.255.255.0Switch(config-if)#exitSwitch(config)#ip dhcp pool vlan2Switch(dhcp-config)#network 192.168.8.0 255.255.255.0Switch(dhcp-config)#default-router 192.168.8.254Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Switch(dhcp-config)#lease 7Switch(dhcp-config)#exitSwitch(config)#ip dhcp pool vlan3Switch(dhcp-config)#network 192.168.9.0 255.255.255.0Switch(dhcp-config)#default-router 192.168.9.254Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Switch(dhcp-config)#lease 7Switch(dhcp-config)#exitSwitch(config)#ip dhcp excluded 192.168.8.1 192.168.8.254Switch(config)#ip dhcp excluded 192.168.9.1 192.168.9.254Switch(config)#ip dhcp snoopingSwitch(config)#ip dhcp snooping vlan 2-3Switch(config)#interface  range f0/1 - 10Switch(config-if-range)#switchport access vlan 2Switch(config-if-range)#switchport mode accessSwitch(config-if-range)#spanning-tree portfastSwitch(config-if-range)#ip dhcp snooping trustSwitch(config-if-range)#exitSwitch(config)#interface  range f0/11 - 20Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#switchport mode accessSwitch(config-if-range)#spanning-tree portfastSwitch(config-if-range)#ip dhcp snooping trustSwitch(config-if-range)#exitSwitch(config)#interface GigabitEthernet0/1Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk allowed vlan allSwitch(config-if)#end

例 12.2. VLAN间DHCP实例

Cisco Catalyst 2960 Series Switches

Switch#show running-configBuilding configuration...Current configuration : 4716 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Switch!boot-start-markerboot-end-marker!enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46.enable password 123456!no aaa new-modelsystem mtu routing 1500ip subnet-zero!ip dhcp pool vlan2   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp snooping vlan 2-3no ip dhcp snooping information optionip dhcp snooping!!crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336!!crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274  69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532  37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281  8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536  286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40  5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9  633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4  5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564  86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486  C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003  818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C  9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F  0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF  C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208  quit!!!!!spanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!!!interface FastEthernet0/1 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/3 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/4 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/5 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/6 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/7 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/8 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/9 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/10 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/11 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/12 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode trunk!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 no ip address no ip route-cache shutdown!interface Vlan2 ip address 192.168.8.1 255.255.255.0 no ip route-cache!interface Vlan3 ip address 192.168.9.1 255.255.255.0 no ip route-cache!no ip http serverno ip http secure-server!control-plane!!line con 0line vty 0 4 password 123456 loginline vty 5 15 password 123456 login!endSwitch#

Cisco 2811 Router

Router#show running-configBuilding configuration...Current configuration : 1103 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!enable secret 5 $1$d51C$qZVGfyDQJHQZ/W4muxjo4/enable password chen!no aaa new-model!resource policy!no network-clock-participate wic 0ip subnet-zero!!ip cef!!!!!controller E1 0/0/0!!interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 duplex auto speed auto!interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status!router rip network 192.168.3.0 network 192.168.8.0 network 192.168.9.0!ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!no ip http server!snmp-server community public RO!control-plane!!line con 0line aux 0line vty 0 4 password 3655927 login!scheduler allocate 20000 1000!endRouter#

12.14.1.2. 多vlan与vlan间路由，并且每个vlan配合一个DHCP池，所有vlan均能访问internet

Cisco 2811 Router + 2960 Switch

Router>enableRouter#configure terminalEnter configuration commands, one per line.  End with CNTL/Z.Router(config)#ip dhcp excluded 192.168.8.1Router(config)#ip dhcp excluded 192.168.8.254Router(config)#ip dhcp excluded 192.168.9.1Router(config)#ip dhcp excluded 192.168.9.254Router(config)#ip dhcp pool vlan2Router(dhcp-config)#network 192.168.8.0 255.255.255.0Router(dhcp-config)#default-router 192.168.8.254Router(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Router(dhcp-config)#lease 7Router(dhcp-config)#exitRouter(config)#ip dhcp pool vlan3Router(dhcp-config)#network 192.168.9.0 255.255.255.0Router(dhcp-config)#default-router 192.168.9.254Router(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Router(dhcp-config)#lease 7Router(dhcp-config)#exitRouter(config)#interface f0/0Router(config-if)#ip address 172.16.0.1 255.255.255.0Router(config-if)#no shutRouter(config-if)#exitRouter(config)#interface f0/1Router(config-if)#description Connect to 2960_f0/24Router(config-if)#no shutRouter(config-if)#exitRouter(config)#interface f0/1.1Router(config-subif)#ip address 192.168.8.254 255.255.255.0% Configuring IP routing on a LAN subinterface is only allowed if thatsubinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,or ISL vLAN.Router(config-subif)#encapsulation dot1q 2Router(config-subif)#no shutRouter(config-subif)#exitRouter(config)#interface f0/1.2Router(config-subif)#ip address 192.168.9.254 255.255.255.0% Configuring IP routing on a LAN subinterface is only allowed if thatsubinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,or ISL vLAN.Router(config-subif)#encapsulation dot1q 3Router(config-subif)#no shutRouter(config-subif)#exitRouter(config)#ip routingRouter(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.254Router(config)#router ripRouter(config-router)#network 172.16.0.0Router(config-router)#network 192.168.8.0Router(config-router)#network 192.168.9.0Router(config-router)#exitRouter(config)#exitRouter#wrBuilding configuration...[OK]

Switch(config)#interface  range f0/1 - 10Switch(config-if-range)#switchport access vlan 1Switch(config-if-range)#switchport mode accessSwitch(config-if-range)#spanning-tree portfastSwitch(config-if-range)#no shutSwitch(config-if-range)#exitSwitch(config)#interface  range f0/11 - 20Switch(config-if-range)#switchport access vlan 2Switch(config-if-range)#switchport mode accessSwitch(config-if-range)#spanning-tree portfastSwitch(config-if-range)#no shutSwitch(config-if-range)#exitSwitch(config)#interface f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk encapsulation dot1qSwitch(config-if)#switchport trunk allowed vlan allSwitch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#interface vlan 2Switch(config-if)#ip add 192.168.8.1 255.255.255.0192.168.8.0 overlaps with Vlan2Switch(config-if)#ip helper-address 192.168.8.254Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#interface vlan 3Switch(config-if)#ip add 192.168.9.1 255.255.255.0Switch(config-if)#ip helper-address 192.168.9.254Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#endSwitch#wrBuilding configuration...[OK]

例 12.3. 配置实例参考

Router: Cisco 2811 Series Routers

Router#show running-configBuilding configuration...Current configuration : 1592 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!enable secret 5 $1$d51C$qZVGfyDQJHQZ/W4muxjo4/enable password chen!no aaa new-model!resource policy!no network-clock-participate wic 0ip subnet-zero!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.8.1ip dhcp excluded-address 192.168.8.254ip dhcp excluded-address 192.168.9.1ip dhcp excluded-address 192.168.9.254ip dhcp excluded-address 192.168.8.253!ip dhcp pool vlan2   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!!!!!controller E1 0/0/0!!interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 no ip address duplex auto speed auto!interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status!router rip network 192.168.3.0 network 192.168.8.0 network 192.168.9.0!Router#

Switch: Cisco Catalyst 2960 Series Switches

Switch#show running-configBuilding configuration...Current configuration : 3502 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Switch!boot-start-markerboot-end-marker!enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46.enable password 123456!username neo password 0 chenno aaa new-modelsystem mtu routing 1500ip subnet-zero!no ip dhcp snooping information option!!crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336!!crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274  69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532  37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281  8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536  286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40  5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9  633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4  5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564  86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486  C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003  818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C  9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F  0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF  C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208  quit!!!!!spanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!!!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast!interface FastEthernet0/14 switchport access vlan 3 switchport mode access spanning-tree portfast!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode trunk!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 no ip address no ip route-cache shutdown!interface Vlan2 ip address 192.168.8.1 255.255.255.0 ip helper-address 192.168.8.254 no ip route-cache!interface Vlan3 ip address 192.168.9.1 255.255.255.0 ip helper-address 192.168.9.254 no ip route-cache!no ip http serverno ip http secure-server!control-plane!!line con 0line vty 0 4 password 123456 loginline vty 5 15 password 123456 login!endSwitch#

12.14.2. VLAN下联Switch

f0/21 与 f0/22 下个链接一个交换机并用vlan2,vlan3管理下联交换机

Switch#show running-configBuilding configuration...Current configuration : 3800 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Switch!boot-start-markerboot-end-marker!enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46.enable password 123456!no aaa new-modelsystem mtu routing 1500ip subnet-zero!ip dhcp pool vlan2   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp snooping vlan 2-3no ip dhcp snooping information optionip dhcp snooping!mls qos!crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336!!crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274  69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532  37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281  8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536  286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40  5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9  633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4  5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564  86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486  C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003  818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C  9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F  0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF  C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208  quit!!!!!spanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!!!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/22 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode trunk!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 no ip address no ip route-cache shutdown!interface Vlan2 ip address 192.168.8.1 255.255.255.0 no ip route-cache!interface Vlan3 ip address 192.168.9.1 255.255.255.0 no ip route-cache!no ip http serverno ip http secure-server!control-plane!!line con 0line vty 0 4 password 123456 loginline vty 5 15 password 123456 login!end

12.14.3. LAN to LAN

LAN -> Route <- LAN

Router#sh runBuilding configuration...*Dec 18 09:36:02.775: %SYS-5-CONFIG_I: Configured from console by consoleCurrent configuration : 700 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!no aaa new-model!resource policy!no network-clock-participate wic 0ip subnet-zero!!ip cef!!!!!controller E1 0/0/0!!interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 ip address 192.168.6.1 255.255.255.0 duplex auto speed auto!ip default-gateway 192.168.3.1ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!no ip http server!!control-plane!!line con 0line aux 0line vty 0 4 login!scheduler allocate 20000 1000!endRouter#

12.14.4. Cisco 2811 Router + 2960 Switch

例 12.4. Cisco 2811 Router + 2960 Switch

enableconfigure terminal!ip dhcp excluded-address 192.168.6.1ip dhcp excluded-address 192.168.6.254ip dhcp excluded-address 192.168.7.1ip dhcp excluded-address 192.168.7.254ip dhcp excluded-address 192.168.8.1ip dhcp excluded-address 192.168.8.254ip dhcp excluded-address 192.168.9.1ip dhcp excluded-address 192.168.9.254!ip dhcp pool vlan2   network 192.168.6.0 255.255.255.0   default-router 192.168.6.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.7.0 255.255.255.0   default-router 192.168.7.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan4   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan5   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp snoopingip dhcp snooping vlan 2-5!interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/14 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/15 switchport access vlan 4 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/16 switchport access vlan 5 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface Vlan2 ip address 192.168.6.1 255.255.255.0 no ip route-cache!interface Vlan3 ip address 192.168.7.1 255.255.255.0 no ip route-cache!interface Vlan4 ip address 192.168.8.1 255.255.255.0 no ip route-cache!interface Vlan5 ip address 192.168.9.1 255.255.255.0 no ip route-cache!

Router

interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 duplex auto speed auto!interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.6.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.7.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.3 encapsulation dot1Q 4 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.4 encapsulation dot1Q 5 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status!router rip network 192.168.3.0 network 192.168.8.0 network 192.168.9.0!ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!

例 12.5. example 2

Switch

interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast!interface FastEthernet0/14 switchport access vlan 3 switchport mode access spanning-tree portfast!interface FastEthernet0/15 switchport access vlan 4 switchport mode access spanning-tree portfast!interface FastEthernet0/16 switchport access vlan 5 switchport mode access spanning-tree portfast!interface Vlan2 ip address 192.168.6.1 255.255.255.0 ip helper-address 192.168.6.254 no ip route-cache!interface Vlan3 ip address 192.168.7.1 255.255.255.0 ip helper-address 192.168.7.254 no ip route-cache!interface Vlan4 ip address 192.168.8.1 255.255.255.0 ip helper-address 192.168.8.254 no ip route-cache!interface Vlan5 ip address 192.168.9.1 255.255.255.0 ip helper-address 192.168.9.254 no ip route-cache!

Router

ip dhcp excluded-address 192.168.6.1ip dhcp excluded-address 192.168.6.254ip dhcp excluded-address 192.168.7.1ip dhcp excluded-address 192.168.7.254ip dhcp excluded-address 192.168.8.1ip dhcp excluded-address 192.168.8.254ip dhcp excluded-address 192.168.9.1ip dhcp excluded-address 192.168.9.254!ip dhcp pool vlan2   network 192.168.6.0 255.255.255.0   default-router 192.168.6.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.7.0 255.255.255.0   default-router 192.168.7.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan4   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan5   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 ip address 172.16.0.254 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.6.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.7.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.3 encapsulation dot1Q 4 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.4 encapsulation dot1Q 5 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status!router rip network 192.168.3.0 network 192.168.6.0 network 192.168.7.0 network 192.168.8.0 network 192.168.9.0 network 172.16.0.0!ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!

12.14.4.1. running-config

例 12.6. Router running-config

Router#show running-configBuilding configuration...Current configuration : 2333 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!enable secret 5 $1$d51C$qZVGfyDQJHQZ/W4muxjo4/enable password chen!no aaa new-model!resource policy!no network-clock-participate wic 0ip subnet-zero!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.8.1ip dhcp excluded-address 192.168.8.254ip dhcp excluded-address 192.168.9.1ip dhcp excluded-address 192.168.9.254ip dhcp excluded-address 192.168.6.254ip dhcp excluded-address 192.168.7.1ip dhcp excluded-address 192.168.7.254ip dhcp excluded-address 192.168.6.1!ip dhcp pool vlan2   network 192.168.6.0 255.255.255.0   default-router 192.168.6.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 192.168.7.0 255.255.255.0   default-router 192.168.7.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan4   network 192.168.8.0 255.255.255.0   default-router 192.168.8.254   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan5   network 192.168.9.0 255.255.255.0   default-router 192.168.9.254   dns-server 208.67.222.222 208.67.220.220   lease 7!!!!!controller E1 0/0/0!!interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 ip address 172.16.0.254 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.6.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.7.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.3 encapsulation dot1Q 4 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.4 encapsulation dot1Q 5 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status!interface FastEthernet0/1.5!router rip network 192.168.3.0 network 192.168.6.0 network 192.168.7.0 network 192.168.8.0 network 192.168.9.0!ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!no ip http server!snmp-server community public RO!control-plane!!line con 0line aux 0line vty 0 4 password 3655927 login!scheduler allocate 20000 1000!endRouter#

例 12.7. Switch running-config

Switch#show running-configBuilding configuration...Current configuration : 3941 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Switch!boot-start-markerboot-end-marker!enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46.enable password 123456!username neo password 0 chenno aaa new-modelsystem mtu routing 1500ip subnet-zero!no ip dhcp snooping information option!!crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336!!crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274  69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532  37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281  8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536  286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40  5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9  633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4  5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564  86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486  C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003  818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C  9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F  0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF  C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208  quit!!!!!spanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!!!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast!interface FastEthernet0/14 switchport access vlan 3 switchport mode access spanning-tree portfast!interface FastEthernet0/15 switchport access vlan 4 switchport mode access spanning-tree portfast!interface FastEthernet0/16 switchport access vlan 5 switchport mode access spanning-tree portfast!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23 switchport access vlan 10 switchport mode access spanning-tree portfast!interface FastEthernet0/24 switchport mode trunk!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 no ip address no ip route-cache shutdown!interface Vlan2 ip address 192.168.6.1 255.255.255.0 ip helper-address 192.168.6.254 no ip route-cache!interface Vlan3 ip address 192.168.7.1 255.255.255.0 ip helper-address 192.168.7.254 no ip route-cache!interface Vlan4 ip address 192.168.8.1 255.255.255.0 ip helper-address 192.168.8.254 no ip route-cache!interface Vlan5 ip address 192.168.9.1 255.255.255.0 ip helper-address 192.168.9.254 no ip route-cache!no ip http serverno ip http secure-server!control-plane!!line con 0line vty 0 4 password 123456 loginline vty 5 15 password 123456 login!endSwitch#

12.14.5. Cisco Catalyst 3750 series DHCP + VLAN + Routing Example

过程 12.2. Cisco Catalyst 3750 series Example

进入交换机

Switch#configure terminalEnter configuration commands, one per line.  End with CNTL/Z.Switch(config)#

划分VLAN.

Switch#VLAN database% Warning: It is recommended to configure VLAN from config mode,  as VLAN database mode is being deprecated. Please consult user  documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2VLAN 2 added:    Name: VLAN0002Switch(vlan)#vlan 3VLAN 3 added:    Name: VLAN0003Switch(vlan)#

Switch(config)#interface vlan 1Switch(config-if)#ip address 172.16.0.100 255.255.255.0Switch(config)#exitSwitch(config)#interface vlan 2Switch(config-if)#ip address 10.10.0.1 255.255.255.0Switch(config)#interface vlan 3Switch(config-if)#ip address 10.10.1.254 255.255.255.0

DHCP

Switch(config)#ip dhcp pool vlan2Switch(dhcp-config)#network 10.10.0.0 255.255.255.0Switch(dhcp-config)#default-router 10.10.0.1Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Switch(dhcp-config)#lease 7Switch(dhcp-config)#exitSwitch(config)#ip dhcp pool vlan3Switch(dhcp-config)#network 10.10.1.0 255.255.255.0Switch(dhcp-config)#default-router 10.10.1.254Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220Switch(dhcp-config)#lease 7Switch(dhcp-config)#exit

启用路由 vlan 路由

Switch(config)#ip routingSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.254

配置接口

Switch(config)#interface GigabitEthernet1/0/2Switch(config-if)#switchport access vlan 2Switch(config-if)# switchport mode accessSwitch(config-if)# spanning-tree portfast%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface  when portfast is enabled, can cause temporary bridging loops. Use with CAUTION%Portfast has been configured on GigabitEthernet1/0/2 but will only have effect when the interface is in a non-trunking mode.Switch(config-if)# ip dhcp snooping trustSwitch(config-if)#exitSwitch(config)#interface GigabitEthernet1/0/3Switch(config-if)#switchport access vlan 3Switch(config-if)#switchport mode accessSwitch(config-if)#spanning-tree portfast%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface  when portfast is enabled, can cause temporary bridging loops. Use with CAUTION%Portfast has been configured on GigabitEthernet1/0/3 but will only have effect when the interface is in a non-trunking mode.Switch(config-if)#ip dhcp snooping trustSwitch(config-if)#exit

配置访问控制列表

　　Switch(config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255　　Switch(config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255　　Switch(config)access-list 103 permit udp any any eq bootpc　　Switch(config)access-list 103 permit udp any any eq tftp　　Switch(config)access-list 103 permit udp any eq bootpc any　　Switch(config)access-list 103 permit udp any eq tftp any　　Switch(config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255　　Switch(config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255　　Switch(config)access-list 104 permit udp any eq tftp any　　Switch(config)access-list 104 permit udp any eq bootpc any　　Switch(config)access-list 104 permit udp any eq bootpc any　　Switch(config)access-list 104 permit udp any eq tftp any

应用访问控制列表

/*将访问控制列表应用到VLAN 3和VLAN 4,VLAN 2不需要*/

Switch(config)Int Vlan 3　　Switch(config-vlan)ip access-group 103 out　　Switch(config-vlan)Int Vlan 4　　Switch(config-vlan)ip access-group 104 out

结束并保存配置

Switch(config)#endSwitch#write memoryBuilding configuration...[OK]Switch#00:43:52: %SYS-5-CONFIG_I: Configured from console by console

例 12.8. Cisco Catalyst 3750 series Example

Switch#show running-configBuilding configuration...Current configuration : 2085 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!!no aaa new-modelswitch 1 provision ws-c3750g-24tssystem mtu routing 1500ip subnet-zeroip routing!ip dhcp pool vlan2   network 10.10.0.0 255.255.255.0   default-router 10.10.0.1   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 10.10.1.0 255.255.255.0   default-router 10.10.1.254   dns-server 208.67.222.222 208.67.220.220   lease 7!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface GigabitEthernet1/0/1!interface GigabitEthernet1/0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet1/0/3 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet1/0/4!interface GigabitEthernet1/0/5!interface GigabitEthernet1/0/6!interface GigabitEthernet1/0/7!interface GigabitEthernet1/0/8!interface GigabitEthernet1/0/9!interface GigabitEthernet1/0/10!interface GigabitEthernet1/0/11!interface GigabitEthernet1/0/12!interface GigabitEthernet1/0/13!interface GigabitEthernet1/0/14!interface GigabitEthernet1/0/15!interface GigabitEthernet1/0/16!interface GigabitEthernet1/0/17!interface GigabitEthernet1/0/18!interface GigabitEthernet1/0/19!interface GigabitEthernet1/0/20!interface GigabitEthernet1/0/21!interface GigabitEthernet1/0/22!interface GigabitEthernet1/0/23!interface GigabitEthernet1/0/24!interface GigabitEthernet1/0/25!interface GigabitEthernet1/0/26!interface GigabitEthernet1/0/27!interface GigabitEthernet1/0/28!interface Vlan1 ip address 172.16.0.100 255.255.255.0!interface Vlan2 ip address 10.10.0.1 255.255.255.0!interface Vlan3 ip address 10.10.1.254 255.255.255.0!ip classlessip route 0.0.0.0 0.0.0.0 172.16.0.254ip http server!!control-plane!!line con 0line vty 5 15!end

12.14.6. Cisco Catalyst 3750 + Cisco Catalyst 2960 VTP Example

12.14.6.1. VTP Server

config terminalvlan databasevtp mode servervtp domain ciscovtp password ciscoip routing!ip dhcp pool vlan2   network 10.10.0.0 255.255.255.0   default-router 10.10.0.1   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 10.10.1.0 255.255.255.0   default-router 10.10.1.254   dns-server 208.67.222.222 208.67.220.220   lease 7interface GigabitEthernet1/0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet1/0/3 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface Vlan1 ip address 172.16.0.100 255.255.255.0!interface Vlan2 ip address 10.10.0.1 255.255.255.0!interface Vlan3 ip address 10.10.1.254 255.255.255.0!ip route 0.0.0.0 0.0.0.0 172.16.0.254end

12.14.6.2. VTP Client

conf tint GigabitEthernet0/2switchport mode trunkendvlan databasevtp clientvtp domain ciscovtp password ciscointerface FastEthernet0/23 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/24 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!exit

12.14.6.3. Cisco Config File

例 12.9. 3750

Switch#show running-configBuilding configuration...Current configuration : 1427 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!!no aaa new-modelsystem mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/24 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet0/1!interface GigabitEthernet0/2 switchport mode trunk!interface Vlan1 no ip address no ip route-cache shutdown!ip http server!control-plane!!line con 0line vty 5 15!endSwitch#Switch>Switch>Switch>Switch>enSwitch#show runSwitch#show running-configBuilding configuration...Current configuration : 2085 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!!no aaa new-modelswitch 1 provision ws-c3750g-24tssystem mtu routing 1500ip subnet-zeroip routing!ip dhcp pool vlan2   network 10.10.0.0 255.255.255.0   default-router 10.10.0.1   dns-server 208.67.222.222 208.67.220.220   lease 7!ip dhcp pool vlan3   network 10.10.1.0 255.255.255.0   default-router 10.10.1.254   dns-server 208.67.222.222 208.67.220.220   lease 7!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface GigabitEthernet1/0/1!interface GigabitEthernet1/0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet1/0/3 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet1/0/4!interface GigabitEthernet1/0/5!interface GigabitEthernet1/0/6!interface GigabitEthernet1/0/7!interface GigabitEthernet1/0/8!interface GigabitEthernet1/0/9!interface GigabitEthernet1/0/10!interface GigabitEthernet1/0/11!interface GigabitEthernet1/0/12!interface GigabitEthernet1/0/13!interface GigabitEthernet1/0/14!interface GigabitEthernet1/0/15!interface GigabitEthernet1/0/16!interface GigabitEthernet1/0/17!interface GigabitEthernet1/0/18!interface GigabitEthernet1/0/19!interface GigabitEthernet1/0/20!interface GigabitEthernet1/0/21!interface GigabitEthernet1/0/22!interface GigabitEthernet1/0/23!interface GigabitEthernet1/0/24!interface GigabitEthernet1/0/25!interface GigabitEthernet1/0/26!interface GigabitEthernet1/0/27!interface GigabitEthernet1/0/28!interface Vlan1 ip address 172.16.0.100 255.255.255.0!interface Vlan2 ip address 10.10.0.1 255.255.255.0!interface Vlan3 ip address 10.10.1.254 255.255.255.0!ip classlessip route 0.0.0.0 0.0.0.0 172.16.0.254ip http server!!control-plane!!line con 0line vty 5 15!end

例 12.10. 2960

Switch#show running-configBuilding configuration...Current configuration : 1427 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!!no aaa new-modelsystem mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface FastEthernet0/24 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust!interface GigabitEthernet0/1!interface GigabitEthernet0/2 switchport mode trunk!interface Vlan1 no ip address no ip route-cache shutdown!ip http server!control-plane!!line con 0line vty 5 15!end

原文出处：Netkiller 系列手札

本文作者：陈景峯

转载请与作者联系，同时请务必标明文章原始出处和作者信息及本声明。