搞过两年的网络,时隔三年竟忘的差不多了,下面是自己的一些简单记录:
1.交换机ACL配置和应用:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
Switch(config)#access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
Switch(config)#access-list 100 permit ip any any
Switch(config)#interface vlan 20
Switch(config-if)# ip access-group 100 in
Switch(config-if)# no sh
Switch(config-if)# do wr
**************************************************************************************************
2.交换机SSH配置:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#access-list 80 remark ssh
Switch(config)#access-list 80 permit 192.168.20.0 0.0.0.255
Switch(config)#access-list 80 permit 192.168.30.0 0.0.0.255
Switch(config)#line vty 0 15
Switch(config-line)#login local //使用本地定义的用户名和密码
Switch(config-line)#transport input none
Switch(config-line)#transport input ssh //只允许SSH登录
Switch(config-line)#access-class 80 in //应用80的ACL规则,只允许20和30网段的IP可以SSH登录
Switch(config-line)#exit
Switch(config)#username cisco password passwd //设置用户名和密码
Switch(config)#enable secret cisco //设置enable密码
Switch(config)#ip ssh version 2 //ssh版本
Switch(config)#end
Switch(config)#do wr //保存到配置文件中
**************************************************************************************************
3.交换机DHCP配置
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(Config-pool)#ip dhcp pool vlan20 //设置vlan20的地址池
Switch(Config-pool)#network 192.168.20.0 255.255.255.0 //设置可分配的子网
Switch(Config-pool)#dns-server 8.8.8.8 202.96.209.133 //设置dns服务器
Switch(Config-pool)#default-router 192.168.20.254 //设置子网网关
Switch(Config-pool)#exit
Switch(config)#ip dhcp excluded-address 192.168.20.200 192.168.20.254 //设置保留不分配的IP
**************************************************************************************************
4.三层交换策略路由(PBR)配置
Switch-A#
Switch-A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch-A(config)#sdm prefer routing
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Switch-A(config)#do wr
Building configuration...
[OK]
Switch-A(config)#do reload
Proceed with reload? [confirm]
Switch-A(config)#access-list 110 permit ip 172.16.100.0 0.0.0.255 any
Switch-A(config)#route-map ros permit 10
Switch-A(config-route-map)# match ip address 110
Switch-A(config-route-map)# set ip next-hop 10.1.2.1
Switch-A(config-route-map)# exit
Switch-A(config)# interface gigabitEthernet 1/0/12
Switch-A(config-if)# ip policy route-map ros
**************************************************************************************************
5.使交换机支持1024以上的VLAN ID
Switch-A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch-A(config)#vtp mode transparent
Switch-A(config)#do wr
**************************************************************************************************
问题1:
Switch-B(config)#ip ssh version 2
Please create RSA keys to enable SSH (of atleast 768 bits size) to enable SSH v2
解决办法:
Switch-B(config)#crypto key generate rsa
% You already have RSA keys defined named Switch-B.chensh.net.
% Do you really want to replace them? [yes/no]: y
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys, keys will be non-exportable...[OK]
Switch-B(config)#
问题2:
Switch(config)#crypto key generate rsa
% Please define a domain-name first.
解决办法:
Switch(config)#ip domain-name chensh.net