cisco 3750配置

作者: admin 分类: 乱7八糟 发布时间: 2011-11-11 12:20 ė 6 没有评论

控制台密码: (config)#line console 0

(config-line)#password 123

(config-line)#login

VYT密码: (config)#line vty 0 15

(config)#password 123

(config)#login

特权密码: (config)#enable password /secret 123

3、在配置文件中密码部分加密显示

(config)#service password-encrytion

配置VLAN

configure terminal

vlan 10

name 122.200.77.0

end

将端口加入vlan

configure terminal

interface gigabitEthernet 1/0/1 进入要分配的端口

switchport mod access 定义二层口

switchport access vlan 10 把端口分配给某一VLAN

end 退出

配置VLAN IP地址

conf t

int vlan 10

ip add 192.168.3.1 255.255.255.0

no sh

配置对联地址

conf t

int gig 1/0/9

ip add 192.168.1.122 255.255.255.0

exit

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.1.1

配置桥组
conf t

bridge irb

bridge 2 protocol vlan-bridge

end

int gigb 1/0/1

bri 2

封IP地址
ip route 120.20.20.20 255.255.255.255 Null 0 这一条足矣
conf t
arp 122.200.20.20 001f.29e6.0001 arpa 这条也不错

int vlan 10
ip access-group 1 in
ip access-group 1 out

arp攻击保护网关

arp access-list static-arp

permit ip host 122.101.1.1 mac host 0000.0000.0000.0000

ip arp inspection filter static-arp vlan 20

122.101.10.1 是网关地址 也就是vlan 20的MAC地址和IP地址

端口限速:

config t

mls qos

access-list 2 permit any

class-map match-all 2M-rate

match access-group 2 //绑定访问列表2,将符合列表2的流归为2M-rate这个类里

!

policy-map 2M-rate

class 2M-rate

police 2000000 200000 exceed-action drop //限速2M

interface GigabitEthernet1/0/9

description “2M-201100104”

service-policy input 2M-rate

CISCO 查看哪个口流量大
sh int | in (is up|5 min)

cisco 策略路由

interface GigabitEthernet1/0/26 进入26口
no switchport
ip add 192.168.50.194 255.255.255.252

end退出到全局模式
access-list 40 permit 118.26.178.0 0.0.0.255
route-map 118up permit 10
match ip address 40
set ip next-hop 192.168.50.193

int gi 1/0/23 进入端口

ip policy route-map 118up

 

cisco ACL配置

conf  t

access-list 101 permit tcp 10.10.64.0 0.0.0.255 host 10.10.32.32 eq 8090
access-list 101 deny ip 10.10.64.0 0.0.0.255 10.10.32.0 0.0.0.255
access-list 101 deny ip 10.10.64.0 0.0.0.255 10.10.0.0 0.0.0.255
access-list 101 permit ip 10.10.64.0 0.0.0.255 any

int vlan 30

interface Vlan30
ip address 10.10.64.1 255.255.192.0
ip access-group 101 in
查看端口下的MAC
show ip arp vlan 10
show mac address-table address 782b.cb55.1da0
sh mac address-table interface gigabitEthernet 1/0/5

查看CPU使用率
show processes cpu | exclude 0.00%

查看CDP设备
show cdp nei detail
转载注明(LINUXQQ)

本文出自 小Q,转载时请注明出处及相应链接。

本文永久链接: http://www.linuxqq.com/archives/801.html

0
更多
Ɣ回顶部