您的位置:360文档中心› 博达交换机常见功能配置

博达交换机常见功能配置

合集下载
相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

S85/95常见功能开局指导
目录
一、DHCP开局 (4)
(一)创建DHCP池 (4)
1、需要把某个固定的IP地址分配给某个主机 (4)
2、配置dhcp的租约时间(时间配置为天/小时/分钟) (4)
(二)配置dhcp中继 (5)
(三)查看DHCP服务器 (5)
1、查看设备DHCP分配的地址情况 (5)
2、查看设备DHCP池的状态 (5)
二、DHCP-snooping开局 (6)
(一)配置dhcp-snooping功能 (6)
(二)DAI功能配置 (7)
(三)IP源地址检测功能配置 (7)
(四)维护DHCP-snooping (8)
三、MSTP开局 (9)
(一)配置MSTP (9)
(二)维护MSTP (10)
(1)查看设备的生成树状态 (10)
(2)查看设备生成树端口的变化 (11)
四、VRRP开局 (12)
(一)VRRP配置 (13)
LSW1配置: (13)
LSW2配置: (14)
(二)维护vrrp (14)
(1)显示VRRP 协议简要信息 (14)
(2)显示所有VRRP 组协议信息 (14)
五、ACL (15)
(一)ACL配置 (15)
(1)配置标准ACL(只匹配数据包中的源地址) (15)
或: (16)
(2)配置扩展ACL(匹配数据包的源目IP、源目端口号、协议等) (16)
(二)查看ACL配置 (16)
六、端口聚合 (17)
(一)端口聚合配置 (17)
(二)查看端口聚合组 (18)
(1)查看端口聚合组简要信息 (18)
(2)查看端口聚合组每个端口的流量统计 (18)
七、PBR (20)
(一)PBR配置 (20)
(二)查看PBR (21)
(1)查看PBR的所有配置信息 (21)
(2)查看哪个接口应用了ip-pbr (21)
八、OSPF (21)
(一)OSPF的配置 (22)
LSW1的配置: (22)
LSW2的配置: (22)
(二)查看OSPF (23)
1、查看ospf邻居状态 (23)
2、查看ospf数据库 (23)
3、查看LSA (24)
九、堆叠 (24)
(一)堆叠的配置 (25)
LSW1的配置: (25)
LSW2的配置: (25)
(二)查看与维护 (26)
1、查看设备的堆叠配置 (26)
2、显示RNP信息 (26)
(三)堆叠环境下常用配置 (27)
1、MAC地址同步命令 (27)
2、关闭stp引起的刷新mac地址表 (27)
3、arp重传 (27)
十、radius认证 (28)
(一)radius配置 (28)
(二)guest vlan (29)
(三)查看dot1x (29)
十一、RIP (30)
(一)配置 (30)
LSW1的配置 (30)
LSW2的配置 (30)
(二)查看rip (31)
(1)显示rip实例当前状态 (31)
(32)
(2)查看某个rip实例的所有路由 (32)
一、DHCP开局
(一)创建DHCP池
Switch_config#ip dhcpd enable//开启设备的dhcp服务Switch_config#ip dhcpd pool vlan20//创建dhcp池并取名为vlan20
Switch_config_dhcp#network 192.168.20.0 255.255.255.0//配置地址池的网络地址
Switch_config_dhcp#default-router 192.168.20.1//该网段的网关Switch_config_dhcp#range 192.168.20.2 192.168.20.254//需要分配的地址范围
Switch_config_dhcp#dns-server 114.114.114.114//配置DNS服务器
可选配置:
1、需要把某个固定的IP地址分配给某个主机
Switch_config_dhcp#ip-bind X.X.X.X hardware-address ?
WORD-- line -hexadecimal string (aa-bb-cc-dd...)
2、配置dhcp的租约时间(时间配置为天/小时/分钟)
Switch_config_dhcp#lease 0 12 0//配置租约时间为12个小时
<0-365>--租用天数
infinite--租期不限
注:
(1)range范围为10个C类地址段,一个DHCP池配置range只能8。

(2)配置了ip-bind后无租约时间限制,会一直存在在绑定表中。

(二)配置dhcp中继
Switch_config#int vlan 20
Switch_config_v20#ip helper-address X.X.X.X//在网关地址上配置
(三)查看DHCP服务器
1、查看设备DHCP分配的地址情况
Switch#show ip dhcpd binding
(状态)(释放时间)
IP Address Hardware Address Type Lease Expired
192.168.10.211-22-33-44-55-66manual(静态)infinite
192.168.20.3e8-03-9a-35-2b-ed automatic(动态)THU JAN 01 17:29:08 1970
2、查看设备DHCP池的状态
Switch_config#show ip dhcpd pool
Pool vlan20 :
Network : 192.168.20.0 255.255.255.0
Range : 192.168.20.2 - 192.168.20.254
192.168.20.2binding hdaddress11-22-33-44-55-66//静态IP地址绑定
Total address : 253//能分配的总地址数Leased address : 2//租用地址Abandoned address : 0//废弃地址
Pended address : 0//手写地址
Available address : 251//可分配地址
二、DHCP-snooping开局
(一)配置dhcp-snooping功能
在LSW1和LSW2上配置
Switch_config#ip dhcp-relay snooping//全局下开启dhcp-snooping功能(所有vlan),如果只需要某个vlan启用该功能,则在这条命令的后面加上vlan即可
Switch_config#int g0/1
Switch_config_g0/5#dhcp snooping trust //把上联接口设置为信任接口
(二)DAI功能配置
功能介绍:在属于某个VLAN的所有物理端口进行ARP动态监测,如果该接口收到的ARP报文的源MAC和源IP地址不满足接口上配置的MAC和IP地址绑定关系,则拒绝处理该报文。

接口上配置的绑定关系可以是DHCP动态绑定的,也可以是手工配置的。

如果物理接口上没有配置任何MAC和IP地址绑定,则交换机拒绝转发所有ARP报文。

在LSW1和LSW2上配置
Switch_config#ip arp inspection vlan //启用某个vlan的DAI功能WORD-- VLAN IDs(1-4094), such as (1,3,5,7) Or (1,3-5,7) Or (1-7)
Switch_config#int g0/1
Switch_config_g0/5#arp inspection trust//设置上联接口为信任端口
(三)IP源地址检测功能配置
功能介绍:启动IP源地址监测的VLAN,属于该VLAN的所有物理端口收到的IP 报文的源MAC和源IP地址不满足接口上配置的MAC和IP地址绑定关系,则该报文被拒绝处理。

接口上配置的绑定关系可以是DHCP动态绑定的,也可以是手工配置的。

如果此物理接口上没有配置任何MAC和IP地址绑定,则交换机拒绝转发所有该接口收到的IP报文。

在LSW1和LSW2上配置
Switch_config#ip verify source vlan //启用某个vlan的IP源地址检测功能
WORD-- VLAN IDs(1-4094), such as (1,3,5,7) Or (1,3-5,7) Or (1-7)
Switch_config#int g0/1
Switch_config_g0/5#ip-source trust//设置上联接口为信任端口
注:启用DAI和IP源地址检测功能必须先开启DHCP-snooping功能,DAI和IP源地址检测功能一般属于接入层技术,在接入交换机上配置即可
(四)维护DHCP-snooping
(1)Switch_config#show ip dhcp-relay snooping
ip dhcp-relay snooping//启用DHCP-snooping的vlan
ip arp inspection vlan1-4094//启用DAI的vlan
ip verify source vlan1-4094//启用IP源地址检测的vlan
DHCP Snooping trust interface://DHCP-snooping信任端口
g0/1
ARP Inspect trust interface://DAI信任端口
g0/1
IP source guard trust interface://IP源地址检测信任端口
g0/1
DHCP Snooping deny interface:
ip dhcp-relay snooping db-file /dhcpr-database
(2)Switch_config#show ip dhcp-relay snooping binding all
MAC地址IP地址剩余时间类型绑定vlan绑定接口Hardware Address IP Address Surplus Time Type VLAN Intf
-----------------------------------------------------------------
70:8b:cd:21:b1:9f 192.168.10.286400DHCP_SN 10g0/42
三、MSTP开局
根据现场客户要求达到冗余备份,流量负载均衡的情况
(一)配置MSTP
LSW1和LSW2配置:
Switch_config#spanning-tree mode mstp//配置生成树模式Switch_config#spanning-tree mstp name 123 //配置MSTP的域名Switch_config#spanning-tree mstp revision 1//配置MSTP修订号Switch_config#spanning-tree mstp instance 1 vlan 10//配置MSTP实例
可用配置:
Switch_config(D)#spanning-tree mstp hello-time//配置设备的hello时间
<1-10>-- Number of seconds between generation of config BPDUs
Switch_config(D)#spanning-tree mstp max-age//配置设备的最大老化时间
<6-40>-- Maximum number of seconds the information in a BPDU is valid Switch_config(D)#spanning-tree mstp max-hops//配置MSTP的最大跳数
<6-40>-- Maximum number of hops a BPDU is valid
Switch_config(D)#spanning-tree mstp forward-time//配置MSTP的转发时延
<4-30>-- Number of seconds for the forward delay timer
Switch_config#spanning-tree mstp X priority //修改实例X的优先级<0-61440>-- Bridge priority in increments of 4096
(二)维护MSTP
(1)查看设备的生成树状态
Switch#show spanning-tree
Spanning tree enabled protocol MSTP
MST00//实例0
Root ID Priority32768
Address8479.738E.0000
This bridge is the root//根桥ID
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority32768(priority 32768 mst-id 0)
Address8479.738E.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Pri.Nbr Type
---------------------------------------------------------------
g0/42Desg FWD 20000128.58Edge
g0/48Desg FWD 20000128.64Edge
MST01
Root ID Priority32769
Address8479.738E.0000
This bridge is the root
Bridge ID Priority32769(priority 32768 mst-id 1)
Address8479.738E.0000
Interface Role Sts Cost Pri.Nbr Type
---------------------------------------------------------------
g0/42Boun FWD 20000128.58Edge
(2)查看设备生成树端口的变化
诊断模式下(诊断模式命令:diagnosis 4100:DD2F:DA6B:AC22:9335:8C29:F4CE:DA44)
Switch(D)#show spanning-tree interface g0/48
Port 64 (GigaEthernet0/48) of MST00 is designated forwarding
Port identifier 128.64, priority 128, path cost 20000
Designated root has priority 32768, address 8479.738E.0000
External root path cost 0
Designated regional root has priority 32768, address 8479.738E.0000
Internal root path cost 0
Designated bridge has priority 32768, address 8479.738E.0000
Designated port id 128.64
Timers: message expires in 0 sec, forward delay 0 sec,
up time 18897 sec
Number of transitions to forwarding state: 3
time since last transition: 0:0:2(2 seconds)//接口转成forward状态运行的时间
Bpdu sent 9457//发出的BPDU报文统计
MSTP: 9457, RSTP: 0, Config: 0, Tcn: 0, MST-Comp: 0
Received 0//接收到的BPDU报文统计
MSTP: 0, RSTP: 0, Config: 0, Tcn: 0, MST-Comp: 0
四、VRRP开局
使所有业务的网关达到冗余备份的效果
(一)VRRP配置
LSW1配置:
Switch_config#int vlan 1
Switch_config_v1#vrrp 1 associate 192.168.1.254 255.255.255.0//配置vrrp 的虚拟地址
Switch_config_v1#vrrp 1 priority 150//配置vrrp的优先级
Switch_config_v1#vrrp 1 track ip X.X.X.X 优先级//配置vrrp端口跟踪
Switch_config#int vlan 2
Switch_config_v2#vrrp 2 associate 192.168.2.254 255.255.255.0
Switch_config_v2#vrrp 2 priority 150
Switch_config_v2#vrrp 2 track ip X.X.X.X 优先级
Switch_config#int vlan 3
Switch_config_v3#vrrp 3 associate 192.168.3.254 255.255.255.0
Switch_config_v3#vrrp 3 priority 150
Switch_config_v3#vrrp 3 track ip X.X.X.X 优先级
LSW2配置:
Switch_config#int vlan 1
Switch_config_v1#vrrp 1 associate 192.168.1.254 255.255.255.0//配置vrrp 的虚拟地址
Switch_config#int vlan 2
Switch_config_v2#vrrp 2 associate 192.168.2.254 255.255.255.0
Switch_config#int vlan 3
Switch_config_v3#vrrp 3 associate 192.168.3.254 255.255.255.0
(二)维护vrrp
(1)显示VRRP 协议简要信息
Switch#show vrrp brief
(接口)(组)(优先级)(状态)(主地址)(虚拟地址)Interface Grp Prio Pree State Master addr Virtual addr
v1010150Y Master192.168.10.1192.168.10.254
(2)显示所有VRRP 组协议信息
Switch#show vrrp detail
VLAN10 - Group 10
VRRP State is Master
VRRP flags : 0x84
Virtual IP address : 192.168.1.254/24 //虚拟IP地址
Virtual Mac address : 0000.5e00.010a//虚拟MAC地址Current Priority : 150(Config 150)//当前优先级
VRRP timer : Advertise 1.0s (default)master_down 3.41s//vrrp通告时间以及holddown时间
VRRP current timer :
Advertise: 0.83s //上一个hello报文计时
master_down : 0.00s //holddown时间计时
preempt after : 0.00s
Authentication string is not set
Preempt is set(delay : 0s)
Learn Advertise Interval is not set
Master Router IP : 192.168.10.1, priority : 150, advertisment : 1.00s//主设备信息
五、ACL
(一)ACL配置
(1)配置标准ACL(只匹配数据包中的源地址)
Switch_config#ip access-list standard 123//创建标准ACL并取名为123
Switch_config_std#permit 192.168.1.1 255.255.255.0//允许192.168.1.0网段
Switch_config_std#deny 192.168.2.0 255.255.255.0//拒绝192.168.2.0网段
Switch_config#int g0/1
Switch_config_g0/1#ip access-group 123 //把ACL应用在接口上(默认在in方向)egress--配置在出口
<cr>--配置在入口
或:
Switch_config#ip access-group 123 vlan 1 //应用在某个vlan 上
egress-- Configured on egress
<cr>-- Configured on ingress
(2)配置扩展ACL(匹配数据包的源目IP、源目端口号、协议等)Switch_config#ip access-list extended 456//创建扩展ACL并取名为456
拒绝192.168.1.0网段访问192.168.2.0网段:
Switch_config_ext#deny ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
(二)查看ACL配置
Switch#show ip access-list
Extended IP access list 456
Index Rule content
--------------------------------------------------------------------
1deny ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
六、端口聚合
增加链路带宽,使链路达到冗余的效果
(一)端口聚合配置
LSW1和LSW2配置:
Switch_config#int port-aggregator 1//创建端口聚合组1
Switch_config_p1#switchport mode trunk//设置端口聚合组为trunk接口
Switch_config#int range g0/46-48//批量配置接口
Switch_config_if_range#switchport mode trunk//设置物理接口模式为trunk接口
Switch_config_if_range#aggregator-group 1 mode//配置聚合组的模式(静态和动态)
static -- Static port aggregate to aggregator
lacp-- Enable lacp protocol negotiate
注意事项:
配置端口聚合时,注意保持交换机上端口下的配置一致。

不然会出现聚合失败的情况,所以建议配置完聚合之后再对聚合端口进行配置。

例:
interface Port-aggregator1
switchport mode trunk
配置完成之后,注意检查。

show aggregator-group 1 brief 检查聚合组下端口是否都为(UA)状态,拔掉其中一条线路看看业务是否还是通讯。

若可以,则拔掉另外一条线路测试。

(二)查看端口聚合组
(1)查看端口聚合组简要信息
Switch#show aggregator-group 1 brief
Aggregator-group brief infomation
------------------------------
Group: 1
----------
System ID : 32768 8479.73B5.0603Partner : 0 0000.0000.0000
Group ID : 32768 8479.73B5.0632state : lineUp
Max Ports : 8ports : 3
------------------------------------------------------
Flags: D - down A - Use In port-aggregator
U - Up I - Not In port-aggregator
d - default
g0/48(UA)g0/46(DI)g0/47(UA)
注:UA表示该端口在端口聚合组中,端口也是up的;DI表示该端口是down的也不在端口聚合组中
(2)查看端口聚合组每个端口的流量统计
Switch#show int port-aggregator 1
Port-aggregator1 is down, line protocol is down
Ifindex is 273
Hardware is PortAggregator, Address is 0000.0000.0000(0000.0000.0000) MTU 1500 bytes, BW 10000 kbit, DLY 2000 usec
Encapsulation ARPA
Members in this Aggregator:
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
Real time input rate 0 bits/sec, 0 packets/sec
Real time output rate 0 bits/sec, 0 packets/sec
peak input rate 328528 bits/sec, 1970-1-8 2:7:21
peak input rate 478 packets/sec, 1970-1-8 2:7:21
peak output rate 136904 bits/sec
peak output rate 265 packets/sec
Received 0 packets, 0 bytes
0 broadcasts, 0 multicasts
0 discard, 0 error, 0 PAUSE
0 align, 0 FCS, 0 symbol, 0 fragment
0 jabber, 0 oversize, 0 undersize
Transmited 0 packets, 0 bytes
0 broadcasts, 0 multicasts
0 discard, 0 error, 0 PAUSE
0 collision, 0 indisc, 0 deferred
0 single, 0 multiple, 0 excessive, 0 late
g0/46(62): Link down, not aggregated
g0/47(63): Link down, not aggregated
g0/48(64): Link down, not aggregated
七、PBR
用户可以依靠某种策略来进行路由,而不是依赖路由协议。

(红色箭头代表配置PBR以后数据流的走向)
(一)PBR配置
LSW1配置:
Switch_config#ip pbr//开启策略路由功能Switch_config#ip access-list extended 123//创建ACL123 Switch_config_ext#permit ip 192.168.1.1 255.255.255.0 any//匹配源目IP地址
Switch_config#route-map test//创建一个route-map Switch_config_route_map#match ip add 123//匹配ACL123 Switch_config_route_map#set ip next-hop 192.168.2.1//设置下一跳地址
Switch_config#int vlan 1
Switch_config_v1#ip policy route-map test//把route-map应用在接口上
(二)查看PBR
(1)查看PBR的所有配置信息
Switch_config#show ip pbr policy
IP policy based route state: enabled//PBR运行状态VLAN1 use route-map test, and has 1 entry active.//接口应用的route-map
------------------
Entry sequence 10, permit
Match ip access-list://应用的策略
123
Set Outgoing nexthop//设置的下一跳地址192.168.2.1
(2)查看哪个接口应用了ip-pbr
Switch_config#show ip policy
Interface Route-map
VLAN1test
VLAN10test10
八、OSPF
(一)OSPF的配置
LSW1的配置:
Switch_config#router ospf 100//启动OSPF协议Switch_config_ospf_100#router-id 1.1.1.1//指定设备的router-id
Switch_config_ospf_100#network 192.168.10.1 255.255.255.0 area 0//在区域0内宣告网段
Switch_config_ospf_100#network 192.168.20.1 255.255.255.0 area 0
Switch_config_ospf_100#network 192.168.30.1 255.255.255.252 area 0
Switch_config_ospf_100#network 192.168.40.1 255.255.255.252 area 0
LSW2的配置:
Switch_config#router ospf 100//启动OSPF协议Switch_config_ospf_100#router-id 1.1.1.1//指定设备的router-id
Switch_config_ospf_100#network 192.168.100.1 255.255.255.0 area 0//在区域0内宣告网段
Switch_config_ospf_100#network 192.168.200.1 255.255.255.0 area 0
Switch_config_ospf_100#network 192.168.30.2 255.255.255.252 area 0
Switch_config_ospf_100#network 192.168.50.2 255.255.255.252 area 0
(二)查看OSPF
1、查看ospf邻居状态
Switch#show ip ospf neighbor
----------------------------------------------------------------------------
OSPF process: 100(ospf进程号)
AREA: 0(区域)
(邻居id)(优先级)(状态)(死亡时间)(邻居地址)(接口)Neighbor ID Pri State DeadTime Neighbor Addr Interface
2.2.2.21FULL/BDR31192.168.0.2VLAN1
----------------------------------------------------------------------------
2、查看ospf数据库
Switch#show ip ospf database
----------------------------------------------------------------------------
OSPF process: 100
(Router ID: 192.168.0.1)
AREA: 0
Router Link States
Link ID ADV Router Age Seq Num Checksum Link Count
192.168.0.1192.168.0.14300x800000a6 0xa32d2
2.2.2.2 2.2.2.214520x800000a0 0x45512
Net Link States
Link ID ADV Router Age Seq Num Checksum
192.168.0.1192.168.0.14300x8000009c 0xb1a7
----------------------------------------------------------------------------
3、查看LSA
Switch#show ip ospf database router//查看1类LSA Switch#show ip ospf database network//查看2类LSA Switch#show ip ospf database summary //查看3类LSA Switch#show ip ospf database asbr-summary//查看4类LSA Switch#show ip ospf database external//查看5类LSA Switch#show ip ospf database nssa-external//查看7类LSA
九、堆叠
(一)堆叠的配置
LSW1的配置:
Switch_config#bvss
Switch_config_bvss#bvss enable//开启bvss Switch_config_bvss#bvss mode normal//配置bvss的模式Switch_config_bvss#bvss domain-id1//配置bvss堆叠域Switch_config_bvss#bvss member-id1//配置成员id Switch_config_bvss#bvss priority255//配置优先级Switch_config_bvss#bvss slot2//配置堆叠板卡Switch_config_bvss#bvss sgnp neighbour-timeout10//配置心跳时间Switch_config#interface TGigaEthernet2/1
Switch_config_tg2/1#bvss-link-group1//指定group Switch_config#interface TGigaEthernet2/2
Switch_config_tg2/2#bvss-link-group1
Switch_config#write bvss-config//保存bvss配置
LSW2的配置:
Switch_config#bvss
Switch_config_bvss#bvss enable//开启bvss Switch_config_bvss#bvss mode normal//配置bvss的模式Switch_config_bvss#bvss domain-id1//配置bvss堆叠域Switch_config_bvss#bvss member-id2//配置成员id Switch_config_bvss#bvss priority254//配置优先级
Switch_config_bvss#bvss slot2//配置堆叠板卡Switch_config_bvss#bvss sgnp neighbour-timeout10//配置心跳时间Switch_config#interface TGigaEthernet2/1
Switch_config_tg2/1#bvss-link-group2//指定group
Switch_config#interface TGigaEthernet2/2
Switch_config_tg2/2#bvss-link-group2
Switch_config#write bvss-config//保存bvss配置
配置完两台设备断电重启即可
(二)查看与维护
1、查看设备的堆叠配置
Switch#show bvss current-config
bvss configuration information:
bvss enable: TRUE//已开启堆叠
bvss domain-id: 1//堆叠域为1
bvss member-id : 1//成员ID为1
bvss mode: normal//堆叠模式为普通
bvss priority: 255//优先级为255
bvss mac-address mode: use-active-member//堆叠组MAC为主设备MAC
2、显示RNP信息
Switch#show bvss rnp
RNP is running. CfgPri 255, SwitchType 0x107b, Slot 0
System started, ignoreTimeoutCnt 0
DomainId 1, MemberId 1, LoopTopology 0, Merge 0, Master State MasterMemId 1, BackupMemId 2, MasterGlbMacAddr 00e0.0f62.0035 OldMasterMemberId 0, OldMasterWhile 0, txAdvPduCnt 3353
bvss link group 1 is usable, bvss link group 2 is not usable.
Pri info for member 1 (SwitchType 107b, slot 0):
Priority 255, RunningTime 17097, MAC 00e0.0f62.0035
//成员1优先级,运行时间,MAC地址
Pri info for member 2 (SwitchType 107b, slot 0):
Priority 254, RunningTime 4198, MAC fcfa.f736.c300
(三)堆叠环境下常用配置
1、MAC地址同步命令
Switch_config#mac address-table rpc [trunk][all]
注:若有跨板卡的聚合,建议配置;若没有跨板卡聚合,则无需配置;
2、关闭stp引起的刷新mac地址表
Switch_config#no spanning-tree fast-aging flush-fdb
3、arp重传
Switch_config#arp retry-allarp
十、radius认证
(一)radius配置
LSW1配置
Switch_config#dot1x enable //全局下开启dot1x认证Switch_config#int g0/2
Switch_config_g0/2#dot1x authentication type eap//端口认证类型Switch_config_g0/2#dot1x authentication method ?//端口认证方式WORD-- AAA authentication method name
Switch_config_g0/2#dot1x port-control auto//端口启用802.1X认证Switch_config#radius-server host X.X.X.X//配置radius服务器Switch_config#radius-server key 0 XXX//配置radius密钥Switch_config#aaa authentication dot1x XXX group radius//配置radius3A认证
(二)guest vlan
guest-vlan功能:在客户端没有响应时,给予相应端口有限的访问权限(例如下载客户端软件)。

guest-vlan可以是系统中任何一个已配置的vlan。

Switch_config#dot1x guest-vlan//开启guest vlan功能Switch_config_g0/2# dot1x guest-vlan X//接口下配置guest vlan
(三)查看dot1x
Switch#show dot1x
802.1X Parameters
reAuthen No//是否开启了重认证
reAuth-Period3600//重认证周期
quiet-Period60//认证失败后重认证等待时间Tx-Period30//报文发送频率
Supp-timeout30
Server-timeout30
reAuth-max5//重认证次数
max-request3//最大发送请求次数
authen-type Eap//认证类型
十一、RIP
(一)配置
LSW1的配置
Switch_config#router rip 1//配置rip进程号
Switch_config_rip_1#version 2//配置rip版本
Switch_config_rip_1#exi
Switch_config#int vlan 1
Switch_config_v1#ip rip 1 enable//接口启用rip(相当于华为的network)
Switch_config#int vlan 2
Switch_config_v2#ip rip 1 enable
Switch_config#int vlan 3
Switch_config_v3#ip rip 1 enable
Switch_config#int vlan 4
Switch_config_v4#ip rip 1 enable
LSW2的配置
Switch_config#router rip 1//配置rip进程号
Switch_config_rip_1#version 2//配置rip版本
Switch_config_rip_1#exi
Switch_config#int vlan 1 0
Switch_config_v10#ip rip 1 enable//接口启用rip(相当于华为的network)
Switch_config#int vlan 20
Switch_config_v20#ip rip 1 enable
Switch_config#int vlan 30
Switch_config_v30#ip rip 1 enable
Switch_config#int vlan 40
Switch_config_v40#ip rip 1 enable
(二)查看rip
(1)显示rip实例当前状态
Switch#show ip rip
Process: 1 //进程号
Update: 30,Expire: 180,Holddown: 120//路由更新时间、宣告无效时间、删除路由时间
Input-queue: 200
Validate-update-source: Enable
zero-domain-check: Enable
Neighbor List://邻居
interface List://启用的接口interface VLAN1
(2)查看某个rip实例的所有路由
Switch#show ip rip 1 database
192.168.1.0/24directly connected VLAN1//直连路由。

相关文档
最新文档