实验2.1 交换机基本配置
实验2.1 交换机基本配置
1. 实验目的
通过本实验可以掌握交换机的基本配置方法。
2. 实验拓扑
交换机基本配置实验拓扑如图2-1所示。
图2-1 交换机基本配置实验拓扑
3. 实验步骤
(1)配置主机名
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#hostname S1
R1(config)#int f0/0
R1(config-if)#ip add 172.16.0.1 255.255.255.0
R1(config-if)#no shut
R2(config)#int f0/0
R2(config-if)#ip add 172.16.0.2 255.255.255.0
R2(config-if)#no shut
//配置R1和R2是为了测试网络连通性
(2)配置基本安全措施
S1(config)#enable secret cisco123
S1(config)#service password-encryption
S1(config)#line vty 0
S1(config)#line vty 0 15
S1(config-line)#pass
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line conso
S1(config-line)#line console 0
S1(config-line)#pass
S1(config-line)#password cisco
S1(config-line)#login
(3)接口基本配置
S1(config)#int f1/1
S1(config-if)#duplex full
S1(config-if)#speed 100
S1(config-if)#mdix auto //启用介质检测功能,自动识别
S1(config-if)#description connected to R1 //注释,并不会影响接口的功能。
(4)配置管理地址
S1(config-if)#int vlan 1
S1(config-if)#ip add 172.16.0.100 255.255.255.0
S1(config-if)#no shut
S1(config-if)#exit
S1(config)#ip default-gateway 172.16.0.254 //为了让其他网段的计算机也可以telnet 该交换机
(5)配置SSH
采用telnet 管理交换机,可能会有安全问题。可以采用SSH 来提高安全性。
S1(config)#ip domain-name ccnpcisco.com
//以上配置域名,生成密钥时需要
S1(config)#crypto key generate
//ssh的关键字名就是“hostname+.+ip domain-name”
S1(config)#line vty 0 15
S1(config-line)#login local
//SSH需要用户名和密码,以上配置用户和密码放在本地,即在交换机的配置文件中。 S1(config)#username test secret cisco
//以上配置用户名和密码
(6)管理接口的错误条件
交换机在遇到各种各样的错误,如环路等,默认时交换机会关闭接口。管理员需要在故障原因排除后执行“shutdown ”或“no shutdown ”命令把接口重新打开,可以配置接口自动关闭的条件和接口在故障后的自动恢复。
S1(config)#errdisable detect cause ?
all Enable error detection on all cases
bpduguard Enable error detection on bpdu-guard
dtp-flap Enable error detection on dtp-flapping
link-flap Enable error detection on linkstate-flapping
pagp-flap Enable error detection on pagp-flapping
rootguard Enable error detection on root-guard
udld Enable error detection on udld
S1(config)#errdisable detect cause all
//以上配置什么情况下会自动关闭接口,默认时是ALL
S1(config)#errdisable recovery ?
cause Enable error disable recovery for application
interval Error disable recovery timer value
S1(config)#errdisable recovery cause bpduguard
//以上配置什么情况下会自动恢复接口,默认时不会自动恢复接口,使用“errdisable recovery cause ?”可以查看各种会引起接口关闭的原因。
S1(config)#errdisable recovery interval ?
timer-interval(sec)
S1(config)#errdisable recovery interval 30
//以上配置接口错误关闭后,间隔多长时间会进行自动恢复。
4. 实验调试
(1)show ip interface brief
Interface IP-Address OK? Method Status
Vlan1 172.16.0.100 YES manual up
FastEthernet1/1 unassigned YES unset up
FastEthernet1/2 unassigned YES unset up
//以上显示了各个接口的IP 地址、状态等简要信息。
(2)telnet
从R1或者R2 Telnet交换机
R1#telnet 172.16.0.100
Trying 172.16.0.100 ... Open
User Access Verification
Username: test
Password:
S1>en
Password:
S1#
(3)SSH
//先对交换机show run 或show ip ssh查看ssh 版本是v1还是v2,然后再ssh
R1#ssh -l test -v 1 172.16.0.100
Password:
S1>en
Password: Protocol up up up
S1#
(4)监控MAC 地址表
S1#show mac-address-table
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
c203.2c24.0000 Self 1 Vlan1
c204.2c24.0000 Dynamic 1 FastEthernet1/1
c205.2c24.0000 Dynamic 1 FastEthernet1/2
//以上显示交换机学习到的MAC 地址,该命令可以带不同的参数以显示特定信息,如下所示:
S1#show mac-address-table ?
address mac address name
aging-time Show address aging time
count Show address count
dynamic Show 802.1d dynamic addresses
interface interface name
multicast Show multicast addresses for selected wildcard
secure Show secure addresses
self Show system self addresses
static Show static addresses
vlan vlan name
| Output modifiers
S1#clear mac-address-table ?
address mac address name
dynamic Clear 802.1d dynamic addresses
interface interface name
secure Clear secure addresses
static Clear static addresses
vlan vlan number
//以上是清除MAC 地址表
S1#clear mac-address-table dynamic
S1#
//以上是清除动态学习到的MAC 地址表
S1(config)#$-table static 00e0.c80c.2996 interface fastEthernet 1/1 vlan 1
S1(config)#mac-address-table static 00e0.c80c.2996 interface fastEthernet 1/1 $
//以上两条命令内容相同,以上是配置静态MAC 地址表,把特定的MAC 地址绑定在特定的接口上,通常是处于安全的考虑。
(5)查看接口的信息
S1#show interfaces f1/1 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Fa1/1 0 0 0 0
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Fa1/1 0 0 0 0 S1#
//以上显示接口收、发各种数据包的数量
S1#show interfaces f1/1 counters errors
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
Fa1/1 0 0 0 0 0
Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts Giants Fa1/1 0 0 0 0 0 0
S1#
//以上显示接口收、发各种数据包的错误数量
S1#show int f1/1 status
Port Name Status Vlan Duplex Speed Type
Fa1/1 connected to R1 connected 1 auto 100 10/100BaseTX S1#
//以上显示接口的状态、双工和速率等。
S1#show int f1/1
FastEthernet1/1 is up, line protocol is up
Hardware is Fast Ethernet, address is c203.2c24.f101 (bia c203.2c24.f101)
Description: connected to R1
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
//显示接口的各种信息。