1.配置VSS
2.根据用途划分VLAN
如:有线、无线、管理、行政、服务器(idrac、管理等)
3.配置远程登录
4.配置与接入、汇聚交换机互联
interface TenGigabitEthernet1/2/1 description 29.10 switchport trunk allowed vlan 1-63,71-4094 switchport mode trunk channel-protocol lacp channel-group 10 mode active
interface TenGigabitEthernet2/2/1 description 29.10 switchport trunk allowed vlan 1-63,71-4094 switchport mode trunk channel-protocol lacp channel-group 10 mode active interface Port-channel10 description 10.11.29.10 switchport switchport trunk allowed vlan 1-63,71-4094 switchport mode trunk
注:配置trunk口只注意排除掉RSPAN VLAN。
5.各VLAN网关配置ACL、DHCP中继
interface Vlan3 ip address 10.11.3.254 255.255.255.0 ip access-group vlan3 out ip helper-address 10.11.103.11 ip helper-address 10.11.103.12
ACL主要为限制跨网段访问445端口
ip access-list extended vlan102 permit tcp any host 10.11.102.11 eq 445 permit tcp any host 10.11.102.12 eq 445 deny tcp any 10.11.102.0 0.0.0.255 eq 445 permit ip any any
6.配置VTP
vtp domain xxx
vtp mode server
vtp password xxx
7.配置SNMP
snmp-server community xxx RO
8.抓包
monitor session 1 source interface Gi1/3/23 monitor session 1 source interface Gi2/3/23 monitor session 1 destination interface Gi1/3/22