CISCO中文配置手册

2950交换机简明配置维护手册目录第1章说明 (3)第2章产品特性 (3)第3章配置端口 (3)3.1配置一组端口 (3)3.2配置二层端口 (5)3.2.1配置端口速率及双工模式 (6)3.2.2端口描述 (7)3.3监控及维护端口 (8)3.3.1监控端口和控制器的状态 (8)3.3.2刷新、重置端口及计数器 (10)3.3.3关闭和打开端口 (10)第4章配置VLAN (11)4.1理解VLAN (11)4.2可支持的VLAN (12)4.3配置正常范围的VLAN (12)4.3.1生成、修改以太网VLAN (13)4.3.2删除VLAN (15)4.3.3将端口分配给一个VLAN (15)4.4配置VLAN Trunks (16)4.4.2使用STP实现负载均衡 (19)第5章配置Cluster (23)第1章说明本手册只包括日常使用的有关命令及特性，其它未涉及的命令及特性请参考英文的详细配置手册。

第2章产品特性2950是只支持二层的交换机支持VLAN•到250 个VLAN•支持VLAN ID从1到4094（IEEE 802.1Q 标准）•支持ISL及IEEE 802.1Q封装安全•支持IOS标准的密码保护•支持标准及扩展的访问列表来定义安全策略•支持基于VLAN的访问列表监视•交换机LED指示端口状态•SPAN及远端SPAN (RSPAN) 可以监视任何端口或VLAN的流量•内置支持四组的RMON监控功能（历史、统计、告警及事件）第3章配置端口3.1 配置一组端口当使用interface range命令时有如下的规则:•有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64•端口号之间需要加入空格，如：interface range fastethernet 0/1 –5是有效的，而interface range fastethernet 0/1-5是无效的.•interface range命令只能配置已经存在的interface vlan•所有在同一组的端口必须是相同类别的。

GAMETUZI CISCO 5510 中文配置手册 07－8.23 ASA 5510 IN CHINA GAMETUZI spoto s USEROK 开始上电配置…配置设备介绍：（只为做实验实际应用请根据自己具体情况更改相关参数即可）核心交换机 4507提供VLAN3 网关地址：192.168.3.254提供 DNS 服务器连接：192.168.0.1接入交换机 2960提供 VLAN3 TURNK 连接，可用IP地址为192.168.3.0－192.168.3.240掩码：255.255.255.0网关：192.168.3.254DNS: 192.168.0.1内网实验防火墙 CISCO ASA 5510E0/0 IP:192.168.3.234E0/1 IP 10.1.1.1实现配置策略1.动态内部 PC1 DHCP 自动获得IP地址，可访问INTERNET，并PING通外部网关。

PC1 Ethernet adapter 本地连接:Connection-specific DNS Suffix . : gametuziDescription . . . . . . . . . . . : Broadcom 440x rollerPhysical Address. . . . . . . . . : 00-13-77-04-9Dhcp Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 10.1.1.20Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . : 10.1.1.1DHCP Server . . . . . . . . . . . : 10.1.1.1DNS Servers . . . . . . . . . . . : 192.168.0.12.静态内部 PC2 手动分配地址，可访问 INTERNET ，并PING通外部网关。

CISCO路由器产品配置手册第一章路由器配置基础.............................一、基本设置方式 .............................二、命令状态 (3)三、设置对话过程 .............................四、常用命令 .................................五、配置IP寻址 ..............................六、配置静态路由 .............................第二章广域网协议设置.............................一、HDLC .....................................PPP ....................... 错误!未定义书签。

X.25 .........................................Frame Relay ..................................ISDN .........................................PSTN .........................................第三章路由协议设置...............................RIP协议......................................IGRP协议.....................................OSPF协议.....................................重新分配路由 .................................IPX协议设置.................................. 第四章服务质量及访问控制.........................协议优先级设置 ...............................队列定制 .....................................访问控制 ..................................... 第五章虚拟局域网（VLAN）路由.....................虚拟局域网(VLAN) .............................交换机间链路（ISL）协议 ......................虚拟局域网（VLAN）路由实例错误!未定义书签。

Cisco路由器配置手册(大全)令狐采学第一章路由器配置基础一、基本设置方式一般来说，可以用5种方式来设置路由器：1．Console口接终端或运行终端仿真软件的微机；2．AUX口接MODEM，通过电话线与远方的终端或运行终端仿真软件的微机相连；3．通过Ethernet上的TFTP服务器；4．通过Ethernet上的TELNET程序；5．通过Ethernet上的SNMP网管工作站。

但路由器的第一次设置必须通过第一种方式进行,此时终端的硬件设置如下:波特率：9600数据位：8停止位：1奇偶校验: 无二、命令状态1. router>路由器处于用户命令状态，这时用户可以看路由器的连接状态，访问其它网络和主机，但不能看到和更改路由器的设置内容。

2. router#在router>提示符下键入enable,路由器进入特权命令状态router#，这时不但可以执行所有的用户命令，还可以看到和更改路由器的设置内容。

3. router(config)#在router#提示符下键入configure terminal,出现提示符router(config)#，此时路由器处于全局设置状态，这时可以设置路由器的全局参数。

4. router(config-if)#; router(config-line)#; router(config-router)#;… 路由器处于局部设置状态，这时可以设置路由器某个局部的参数。

5. >路由器处于RXBOOT状态，在开机后60秒内按ctrl-break可进入此状态，这时路由器不能完成正常的功能，只能进行软件升级和手工引导。

6. 设置对话状态这是一台新路由器开机时自动进入的状态，在特权命令状态使用SETUP命令也可进入此状态，这时可通过对话方式对路由器进行设置。

三、设置对话过程1. 显示提示信息2. 全局参数的设置3. 接口参数的设置4. 显示结果利用设置对话过程可以避免手工输入命令的烦琐，但它还不能完全代替手工设置，一些特殊的设置还必须通过手工输入的方式完成。

CISCO交换机配置手册V1.0作者：乖乖猪目录前言..................................................................................................................... 错误!未定义书签。

第一章交换机配置基础.................................................................................. 错误!未定义书签。

1.1配置方式 .................................................................................................. 错误!未定义书签。

第二章交换机基本配置.................................................................................. 错误!未定义书签。

2.1用户认证 .................................................................................................. 错误!未定义书签。

2.1.1特权口令 .......................................................................................... 错误!未定义书签。

2.1.2VTY口令............................................................................................... 错误!未定义书签。

配置接口特性这一章详细说明交换机上的接口和描述怎么配置他们。

这章有以下这些内容：●理解接口类型●使用接口命令●配置二层接口●监控和维护第二层接口●配置第三从接口注意：需要完整的有关该章的语法和应用信息，请参考Catalyst 3550 Multilayer Switch Command Reference和Cisco IOS Interface Command Referencefor Release 12.1.理解接口类型这个部分描述了不同的接口类型，以及其它章节所包括的详细配置这些接口的一些参考内容。

其他章节描述了物理接口特性的配置过程。

这部分包括：•基于端口的VLAN （Port-Based VLANs）•交换端口（Switch Ports）•以太网通道端口组（EtherChannel Port Groups）•交换虚拟接口（Switch Virtual Interfaces）•被路由端口（Routed Ports）•连接接口（Connecting Interfaces）基于端口的VLAN （Port-based Vlans）一个Vlan是一个按功能、组、或者应用被逻辑分段的交换网络，并不考虑使用者的物理位置。

要更多关于Vlan的信息请看“Configuring VLANS”。

一个端口上接受到的包被发往属于同一个Vlan的接收端口。

没有一个第三层的设备路由Vlan间的流量，不同Vlan的网络设备无法通讯。

为了配置普通范围（Normal-range） Vlan（Vlan IDs 1-1005），使用命令：config-vlan模式(global) vlan vlan-id或vlan-configuration模式(exec) vlan database针对Vlan ID 1-1005的vlan-configration模式被保存在vlan数据库中。

为配置扩展范围（extended-range） Vlans （Vlan ID 1006-4094），你必须使用config-vlan模式，并把VTP的模式设为transparent透明模式。

Cisco产品配置手册（路由器部分）同天科技目录第一章路由器配置基础一、基本设置方式 (2)二、命令状态 (3)三、设置对话过程 (3)四、常用命令 (7)五、配置IP地址 (9)六、配置静态路由 (12)第二章广域网协议设置一、HDCL (13)二、PPP (16)三、X.25 (18)四、Frame Relay (22)五、ISDN (26)六、PSTN (35)第三章路由器协议设置一、RIP协议 (49)二、IGRP协议 (50)三、OSPF协议 (52)四、重新分配路由 (56)五、IPX协议设置 (59)第四章服务质量及访问控制一、协议优先级设置 (61)二、队列定制 (62)三、访问控制 (63)第五章虚拟局域网（VLAN）路由一、虚拟局域网（VLAN） (64)二、交换机间链路（ISL）协议 (64)三、虚拟局域网（VLAN）路由实例 (64)第六章参考一、Cisco路由器口令恢复 (70)二、IP地址分配 (71)1.路由器配置基础1.1. 基本配置方式一般来说，可以用5种方式来设置路由器：1．Console 口接终端或运行终端仿真软件的微机；机相连；3．通过Ethernet上的TFTP服务器；4．通过Ethernet 上的TELNET程序；5．通过Ethernet 上的SNMP网管工作站。

但路由器的第一次设置必须通过第一种方式进行，此时终端的硬件设置如下：波特率：960O数据位：8停止位：1奇偶校验：无1.2.命令状态1．router＞路由器处于用户命令状态，这时用户可以看路由器的连接状态，访问它网络和主机，但不能看到和更改路由器的设置内容。

2．router＃往router＞提示符下键人enable，路由器进入特权命令状态router＃，时不但可以执行所有的用户命令，还可以看到和更改路由器的设置内容。

3．router（config）＃在router＃提示符下键入。

Configure terminal，出现提示符router（config）＃，此时路由器处于分局设置状态，这时可以设置路出器的全局参数。

CISCO交换机配置手册V1.0作者：乖乖猪目录3.2.5案例三（STP不常用）3.3E THER C HANNEL..........................................................3.3.1简介...............................................................3.3.2命令...............................................................3.3.3案例一(强制模式) ...................................................3.3.4案例二(PAGP模式)...................................................3.3.5案例三（LACP模式）.................................................3.3.6案例四（交换机与服务器）............................................3.3.7案例五（三层模式）..................................................3.43.4.1简介...............................................................3.4.2命令...............................................................3.4.3案例一.............................................................3.4.4案例二.............................................................3.4.5案例三.............................................................3.5VRRP...................................................................3.5.1简介...............................................................3.5.2命令...............................................................3.5.3案例一.............................................................3.5.4案例二.............................................................4.2.2Xmodem方式4.3端口镜像 ...............................................................4.3.1简介...............................................................4.3.2命令...............................................................4.3.3案例...............................................................4.4交换机堆叠 .............................................................4.4.1简介...............................................................4.4.2命令...............................................................4.4.3案例一(3750) .......................................................第五章专业术语解释 ...........................................................5.1冲突域、广播域..........................................................5.2CSMA/CD ................................................................5.3交换机的几种主要技术参数详解和计算......................................5.4POE....................................................................前言本手册是作者多年学习整理汇编而成，主要目的是方便大家设备调试使用。

CISCO路由器配置手册第一章路由器配置基础一、二、三、四、五、六、第二章广域网协议设置一、二、三、四、五、六、第三章路由协议设置一、二、三、四、五、第四章服务质量及访问控制一、二、三、第五章虚拟局域网（VLAN）路由一、二、三、第一章路由器配置基础一、基本设置方式一般来说，可以用5种方式来设置路由器：1．Console口接终端或运行终端仿真软件的微机；2．AUX口接MODEM，通过电话线与远方的终端或运行终端仿真软件的微机相连；3．通过Ethernet上的TFTP服务器；4．通过Ethernet上的TELNET程序；5．通过Ethernet上的SNMP网管工作站。

但路由器的第一次设置必须通过第一种方式进行,此时终端的硬件设置如下:波特率：9600数据位：8停止位：1奇偶校验: 无二、命令状态1. router>路由器处于用户命令状态，这时用户可以看路由器的连接状态，访问其它网络和主机，但不能看到和更改路由器的设置内容。

2. router#在router>提示符下键入enable,路由器进入特权命令状态router#，这时不但可以执行所有的用户命令，还可以看到和更改路由器的设置内容。

3. router(config)#在router#提示符下键入configure terminal,出现提示符router(config)#，此时路由器处于全局设置状态，这时可以设置路由器的全局参数。

4. router(config-if)#; router(config-line)#; router(config-router)#;…　路由器处于局部设置状态，这时可以设置路由器某个局部的参数。

5. >路由器处于RXBOOT状态，在开机后60秒内按ctrl-break可进入此状态，这时路由器不能完成正常的功能，只能进行软件升级和手工引导。

6. 设置对话状态这是一台新路由器开机时自动进入的状态，在特权命令状态使用SETUP命令也可进入此状态，这时可通过对话方式对路由器进行设置。

C H A P T E R 16Configuring RSTP and MSTPThis chapter describes how to configure the Cisco implementation of the IEEE 802.1W Rapid Spanning Tree Protocol (RSTP)and the IEEE 802.1S Multiple STP (MSTP)on your Catalyst 3550switch.It also describes how to configure per-VLAN rapid spanning tree (PVRST).RSTP provides rapid convergence of the spanning tree. MSTP, which uses RSTP to provide rapid convergence, enables VLANs to be grouped into a spanning-tree instance, provides for multiple forwarding paths for data traffic, and enables load balancing. It improves the fault tolerance of the network because a failure in one instance (forwarding path)does not affect other instances (forwarding paths). The most common initial deployment of MSTP and RSTP is in the backbone and distribution layers of a Layer 2 switched network; this deployment provides the highly-available network required in a service-provider environment.Both RSTP and MSTP improve the operation of the spanning tree while maintaining backwardcompatibility with equipment that is based on the (original) 802.1D spanning tree, with existing Cisco per-VLAN spanning tree (PVST), and with the existing Cisco-proprietary Multiple Instance STP (MISTP). For information about STP, see Chapter 15, “Configuring STP.” For information about optional spanning-tree features, see Chapter 17, “Configuring Optional Spanning-Tree Features.”PVRST uses RSTP to provide rapid convergence of spanning-tree instances. PVRST also maintains backward compatibility with equipment that is based on the 802.1D spanning tree, with PVST and MISTP. You can use this feature on a switch running MSTP. For information about PVRST, see the “Spanning-Tree Instances Using RSTP” section on page 16-2.Note For complete syntax and usage information for the commands used in this chapter, refer to thecommand reference for this release.This chapter consists of these sections:•Understanding RSTP, page 16-2•Understanding MSTP, page 16-7•Interoperability with 802.1D STP, page 16-11•Configuring RSTP and MSTP Features, page 16-11•Displaying the MST Configuration and Status, page 16-23Chapter16 Configuring RSTP and MSTP Understanding RSTPUnderstanding RSTPThe RSTP takes advantage of point-to-point wiring and provides rapid convergence of the spanning tree.Reconfiguration of the spanning tree can occur in less than1second(in contrast to50seconds with thedefault settings in the 802.1D spanning tree), which is critical for networks carrying delay-sensitivetraffic such as voice and video.These section describes how the RSTP works:•Spanning-Tree Instances Using RSTP, page 16-2•Port Roles and the Active Topology, page 16-2•Rapid Convergence, page 16-3•Synchronization of Port Roles, page 16-4•Bridge Protocol Data Unit Format and Processing, page 16-5For configuration information,see the“Configuring RSTP and MSTP Features”section on page16-11. Spanning-Tree Instances Using RSTPThe switch supports the PVRST and a maximum of 128 spanning-tree instances. When PVRST isenabled,the switch uses RSTP instead of STP to provide faster convergence.For information about thePVST, see the“Supported Spanning-Tree Instances” section on page15-2. For information about howspanning tree interoperates with the VLAN Trunking Protocol (VTP), see the“STP ConfigurationGuidelines” section on page15-11.When a network contains switches running PVRST and switches running PVST,we recommend that thePVRST switches and PVST switches be in different spanning-tree instances. In the PVRSTspanning-tree instances,the root switch must be a PVRST switch.In the PVST instances,the root switchmust be a PVST switch. The PVST switches should be at the edge of the network.Port Roles and the Active TopologyThe RSTP provides rapid convergence of the spanning tree by assigning port roles and by determiningthe active topology. The RSTP builds upon the IEEE 802.1D STP to select the switch with the highestswitch priority(lowest numerical priority value)as the root switch as described in“Election of the RootSwitch” section on page15-3. Then the RSTP assigns one of these port roles to individual ports:•Root port—Provides the best path(lowest cost)when the switch forwards packets to the root switch.•Designated port—Connects to the designated switch, which incurs the lowest path cost whenforwarding packets from that LAN to the root switch.The port through which the designated switchis attached to the LAN is called the designated port.•Alternate port—Offers an alternate path toward the root switch to that provided by the current root port.•Backup port—Acts as a backup for the path provided by a designated port toward the leaves of the spanning tree.A backup port can exist only when two ports are connected together in a loopback bya point-to-point link or when a switch has two or more connections to a shared LAN segment.•Disabled port—Has no role within the operation of the spanning tree.A port with the root or a designated port role is included in the active topology. A port with the alternate orbackup port role is excluded from the active topology.Chapter 16 Configuring RSTP and MSTPUnderstanding RSTP In a stable topology with consistent port roles throughout the network,the RSTP ensures that every root port and designated port immediately transition to the forwarding state while all alternate and backup ports are always in the discarding state (equivalent to blocking in 802.1D). The port state controls the operation of the forwarding and learning processes.Table 16-1 provides a comparison of 802.1D and RSTP port states.To be consistent with Cisco STP implementations, this guide documents the port state as blocking instead of discarding . Designated ports start in the listening state.Rapid ConvergenceThe RSTP provides for rapid recovery of connectivity following the failure of a switch,a switch port,or a LAN. It provides rapid convergence for edge ports, new root ports, and ports connected through point-to-point links as follows:•Edge ports—If you configure a port as an edge port on an RSTP switch by using the spanning-treeportfast interface configuration command,the edge port immediately transitions to the forwarding state. An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station.•Root ports—If the RSTP selects a new root port, it blocks the old root port and immediatelytransitions the new root port to the forwarding state.•Point-to-point links—If you connect a port to another port through a point-to-point link and the local port becomes a designated port, it negotiates a rapid transition with the other port by using the proposal-agreement handshake to ensure a loop-free topology.As shown in Figure 16-1,Switch A is connected to Switch B through a point-to-point link,and all of the ports are in the blocking state. Assume that the priority of Switch A is a smaller numerical value than the priority of Switch B. Switch A sends a proposal message (a configuration bridge protocol data unit [BPDU]with the proposal flag set)to Switch B,proposing itself as the designated switch.After receiving the proposal message,Switch B selects as its new root port the port from which the proposal message was received, forces all nonedge ports to the blocking state, and sends anagreement message (a BPDU with the agreement flag set) through its new root port.After receiving Switch B’s agreement message,Switch A also immediately transitions its designated port to the forwarding state.No loops in the network are formed because Switch B blocked all of its nonedge ports and because there is a point-to-point link between Switches A and B.T able 16-1Port State ComparisonOperational StatusSTP Port State RSTP Port State Is Port Included in the Active Topology?EnabledBlocking Discarding No EnabledListening Discarding No EnabledLearning Learning Yes EnabledForwarding Forwarding Yes Disabled Disabled Discarding NoChapter 16 Configuring RSTP and MSTPUnderstanding RSTP When Switch C is connected to Switch B, a similar set of handshaking messages are exchanged.Switch C selects the port connected to Switch B as its root port, and both ends immediatelytransition to the forwarding state.With each iteration of this handshaking process,one more switch joins the active topology. As the network converges, this proposal-agreement handshakingprogresses from the root toward the leaves of the spanning tree.The switch determines the link type from the port duplex mode:a full-duplex port is considered to have a point-to-point connection;a half-duplex port is considered to have a shared connection.You can override the default setting that is determined by the duplex setting by using the spanning-tree link-type interface configuration command.Figure 16-1Proposal and Agreement Handshaking for Rapid ConvergenceSynchronization of Port RolesWhen the switch receives a proposal message on one of its ports and that port is selected as the new root port, the RSTP forces all other ports to synchronize with the new root information.The switch is synchronized with superior root information received on the root port if all other ports are synchronized. An individual port on the switch is synchronized if•That port is in the blocking state •It is an edge port (a port configured to be at the edge of the network)If a designated port is in the forwarding state and is not configured as an edge port,it transitions to the blocking state when the RSTP forces it to synchronize with new root information.In general,when the RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking.After ensuring all of the ports are synchronized, the switch sends an agreement message to the designated switch corresponding to its root port.When the switches connected by a point-to-point link are in agreement about their port roles,the RSTP immediately transitions the port states to forwarding.The sequence of events is shown in Figure 16-2.Proposal Switch A Switch BF FRP DPF FRP DPF FRP DP F F RPDP Switch C 74007Agreement RootDesignated switch RootDesignated switch Proposal RootDesignated switch Agreement DP = designated portRP = root portF = forwardingChapter 16 Configuring RSTP and MSTPUnderstanding RSTP Figure 16-2Sequence of Events During Rapid ConvergenceBridge Protocol Data Unit Format and ProcessingThe RSTP BPDU format is the same as the IEEE 802.1D BPDU format except that the protocol version is set to 2.A new one-byte version 1Length field is set to zero,which means that no version 1protocol information is present.Table 16-2 shows the RSTP flag fields.The sending switch sets the proposal flag in the RSTP BPDU to propose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port.The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal.The port role in the agreement message is always set to the root port.2. Block9. Forward 1. Proposal4. Agreement 6. Proposal Root portDesignated port 8. Agreement 10. Agreement Edge port7. Proposal5. Forward3. Block 11. Forward74008T able 16-2RSTP BPDU FlagsBitFunction 0Topology change (TC)1Proposal 2–3:00011011Port role:Unknown Alternate port Root port Designated port 4Learning 5Forwarding 6Agreement 7Topology change acknowledgement (TCA)Chapter16 Configuring RSTP and MSTP Understanding RSTPThe RSTP does not have a separate topology change notification (TCN) BPDU. It uses the topologychange(TC)flag to show the topology changes.However,for interoperability with802.1D switches,theRSTP switch processes and generates TCN BPDUs.The learning and forwarding flags are set according to the state of the sending port.Processing Superior BPDU InformationIf a port receives superior root information(lower bridge ID,lower path cost,and so forth)than currentlystored for the port,the RSTP triggers a reconfiguration.If the port is proposed and is selected as the newroot port, RSTP forces all the other ports to synchronize.If the BPDU received is an RSTP BPDU with the proposal flag set, the switch sends an agreementmessage after all of the other ports are synchronized.If the BPDU is an802.1D BPDU,the switch doesnot set the proposal flag and starts the forward-delay timer for the port.The new root port requires twicethe forward-delay time to transition to the forwarding state.If the superior information received on the port causes the port to become a backup or alternate port,RSTP sets the port to the blocking state but does not send the agreement message.The designated portcontinues sending BPDUs with the proposal flag set until the forward-delay timer expires,at which timethe port transitions to the forwarding state.Processing Inferior BPDU InformationIf a designated port receives an inferior BPDU (higher bridge ID, higher path cost, and so forth thancurrently stored for the port)with a designated port role,it immediately replies with its own information. Topology ChangesThis section describes the differences between the RSTP and the 802.1D in handling spanning-treetopology changes.•Detection—Unlike 802.1D in which any transition between the blocking and the forwarding state causes a topology change,only transitions from the blocking to the forwarding state cause atopology change with RSTP (only an increase in connectivity is considered a topology change).State changes on an edge port do not cause a topology change. When an RSTP switch detects atopology change,it flushes the learned information on all of its nonedge ports except on those fromwhich it received the TC notification.•Notification—Unlike802.1D,which uses TCN BPDUs,the RSTP does not use them.However,for 802.1D interoperability, an RSTP switch processes and generates TCN BPDUs.•Acknowledgement—When an RSTP switch receives a TCN message on a designated port from an 802.1D switch,it replies with an802.1D configuration BPDU with the TCA bit set.However,if theTC-while timer(the same as the topology-change timer in802.1D)is active on a root port connectedto an802.1D switch and a configuration BPDU with the TCA bit set is received,the TC-while timeris reset.This behavior is only required to support802.1D switches.The RSTP BPDUs never have the TCAbit set.Chapter16 Configuring RSTP and MSTPUnderstanding MSTP •Propagation—When an RSTP switch receives a TC message from another switch through adesignated or root port, it propagates the change to all of its nonedge, designated ports and to theroot port (excluding the port on which it is received). The switch starts the TC-while timer for allsuch ports and flushes the information learned on them.•Protocol migration—For backward compatibility with 802.1D switches, RSTP selectively sends 802.1D configuration BPDUs and TCN BPDUs on a per-port basis.When a port is initialized, the migrate-delay timer is started (specifies the minimum time duringwhich RSTP BPDUs are sent), and RSTP BPDUs are sent. While this timer is active, the switchprocesses all BPDUs received on that port and ignores the protocol type.If the switch receives an802.1D BPDU after the port’s migration-delay timer has expired,it assumesthat it is connected to an802.1D switch and starts using only802.1D BPDUs.However,if the RSTPswitch is using 802.1D BPDUs on a port and receives an RSTP BPDU after the timer has expired,it restarts the timer and starts using RSTP BPDUs on that port.Understanding MSTPMSTP, which uses RSTP for rapid convergence, enables VLANs to be grouped into a spanning-treeinstance, with each instance having a spanning-tree topology independent of other spanning-treeinstances.This architecture provides multiple forwarding paths for data traffic,enables load balancing,and reduces the number of spanning-tree instances required to support a large number of VLANs.These sections describe how the MSTP works:•Multiple Spanning-Tree Regions, page 16-7•IST, CIST, and CST, page 16-8•Hop Count, page 16-10•Boundary Ports, page 16-10For configuration information,see the“Configuring RSTP and MSTP Features”section on page16-11. Multiple Spanning-Tree RegionsFor switches to participate in multiple spanning-tree(MST)instances,you must consistently configurethe switches with the same MST configuration information.A collection of interconnected switches thathave the same MST configuration comprises an MST region as shown in Figure16-3 on page16-9.The MST configuration determines to which MST region each switch belongs. The configurationincludes the name of the region,the revision number,and the MST instance-to-VLAN assignment map.You configure the switch for a region by using the spanning-tree mst configuration globalconfiguration command, after which the switch enters the MST configuration mode. From this mode,you can map VLANs to an MST instance by using the instance MST configuration command, specifythe region name by using the name MST configuration command,and set the revision number by usingthe revision MST configuration command.A region can have one member or multiple members with the same MST configuration; each membermust be capable of processing RSTP BPDUs. There is no limit to the number of MST regions in anetwork,but each region can support up to16spanning-tree instances.You can assign a VLAN to onlyone spanning-tree instance at a time.Chapter16 Configuring RSTP and MSTP Understanding MSTPIST, CIST, and CSTUnlike PVST and PVRST in which all the spanning-tree instances are independent, the MSTPestablishes and maintains two types of spanning-trees:•An internal spanning tree (IST), which is the spanning tree that runs in an MST region.Within each MST region, the MSTP maintains multiple spanning-tree instances. Instance 0 is aspecial instance for a region,known as the internal spanning tree(IST).All other MST instances arenumbered from 1 to 15.The IST is the only spanning-tree instance that sends and receives BPDUs; all of the otherspanning-tree instance information is contained in M-records,which are encapsulated within MSTPBPDUs.Because the MSTP BPDU carries information for all instances,the number of BPDUs thatneed to be processed by a switch to support multiple spanning-tree instances is significantlyreduced.All MST instances within the same region share the same protocol timers, but each MST instancehas its own topology parameters,such as root switch ID,root path cost,and so forth.By default,allVLANs are assigned to the IST.An MST instance is local to the region;for example,MST instance1in region A is independent ofMST instance 1 in region B, even if regions A and B are interconnected.•A common and internal spanning tree(CIST),which is a collection of the ISTs in each MST region, and the common spanning tree(CST)that interconnects the MST regions and single spanning trees.The spanning tree computed in a region appears as a subtree in the CST that encompasses the entireswitched domain. The CIST is formed as a result of the spanning-tree algorithm running betweenswitches that support the 802.1W, 802.1S, and 802.1D protocols. The CIST inside an MST regionis the same as the CST outside a region.For more information, see the“Operations Within an MST Region” section on page16-8 and the“Operations Between MST Regions” section on page16-9.Operations Within an MST RegionThe IST connects all the MSTP switches in a region. When the IST converges, the root of the ISTbecomes the IST master(shown in Figure16-3on page16-9),which is the switch within the region withthe lowest bridge ID and path cost to the CST root.The IST master also is the CST root if there is onlyone region within the network. If the CST root is outside the region, one of the MSTP switches at theboundary of the region is selected as the IST master.When an MSTP switch initializes, it sends BPDUs claiming itself as the root of the CST and the ISTmaster, with both of the path costs to the CST root and to the IST master set to zero. The switch alsoinitializes all of its MST instances and claims to be the root for all of them.If the switch receives superiorMST root information(lower bridge ID,lower path cost,and so forth)than currently stored for the port,it relinquishes its claim as the IST master.During initialization,a region might have many subregions,each with its own IST master.As switchesreceive superior IST information,they leave their old subregions and join the new subregion that mightcontain the true IST master. Thus all subregions shrink, except for the one that contains the true ISTmaster.For correct operation,all switches in the MST region must agree on the same IST master.Therefore,any twoswitches in the region synchronize their port roles for an MST instance only if they converge to a commonIST master.Chapter 16 Configuring RSTP and MSTPUnderstanding MSTP Operations Between MST RegionsIf there are multiple regions or legacy 802.1D switches within the network, MSTP establishes and maintains the CST, which includes all MST regions and all legacy STP switches in the network. The MST instances combine with the IST at the boundary of the region to become the CST.The IST connects all the MSTP switches in the region and appears as a subtree in the CST thatencompasses the entire switched domain, with the root of the subtree being the IST master. The MST region appears as a virtual switch to adjacent STP switches and MST regions.Figure 16-3shows a network with three MST regions and a legacy 802.1D switch (D).The IST master for region 1 (A) is also the CST root. The IST master for region 2 (B) and the IST master for region 3(C) are the roots for their respective subtrees within the CST. The RSTP runs in all regions.Figure 16-3MST Regions, IST Masters, and the CST RootFigure 16-3 does not show additional MST instances for each region. Note that the topology of MST instances can be different from that of the IST for the same region.Only the CST instance sends and receives BPDUs, and MST instances add their spanning-treeinformation into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example,hello time,forward time,max-age,and max-hops)are configured only on the CST instance but affect all MST instances. Parameters related to the spanning-tree topology (for example, switch priority, port VLAN cost, port VLAN priority) can be configured on both the CST instance and the MST instance.MSTP switches use version 3RSTP BPDUs or 802.1D STP BPDUs to communicate with legacy 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches.IST masterand CST rootIST master IST masterA MST Region 1DLegacy 802.1DB MST Region 2MST Region 3C 74009Chapter16 Configuring RSTP and MSTP Understanding MSTPHop CountThe IST and MST instances do not use the message-age and maximum-age information in theconfiguration BPDU to compute the spanning-tree topology. Instead, they use the path cost to the rootand a hop-count mechanism similar to the IP time-to-live (TTL) mechanism.By using the spanning-tree mst max-hops global configuration command, you can configure themaximum hops inside the region and apply it to the IST and all MST instances in that region. The hopcount achieves the same result as the message-age information (determines when to trigger areconfiguration). The root switch of the instance always sends a BPDU (or M-record) with a cost of 0and the hop count set to the maximum value. When a switch receives this BPDU, it decrements thereceived remaining hop count by one and propagates this value as the remaining hop count in the BPDUsit generates.When the count reaches zero,the switch discards the BPDU and ages the information heldfor the port.The message-age and maximum-age information in the RSTP portion of the BPDU remain the samethroughout the region, and the same values are propagated by the region’s designated ports at theboundary.Boundary PortsA boundary port is a port that connects an MST region to a single spanning-tree region running RSTP,or to a single spanning-tree region running 802.1D, or to another MST region with a different MSTconfiguration.A boundary port also connects to a LAN,the designated switch of which is either a singlespanning-tree switch or a switch with a different MST configuration.At the boundary,the roles of the MST ports do not matter,and their state is forced to be the same as theIST port state (MST ports at the boundary are in the forwarding state only when the IST port isforwarding). An IST port at the boundary can have any port role except a backup port role.On a shared boundary link,the MST ports wait in the blocking state for the forward-delay time to expirebefore transitioning to the learning state. The MST ports wait another forward-delay time beforetransitioning to the forwarding state.If the boundary port is on a point-to-point link and it is the IST root port,the MST ports transition to theforwarding state as soon as the IST port transitions to the forwarding state.If the IST port is a designated port on a point-to-point link and if the IST port transitions to theforwarding state because of an agreement received from its peer port, the MST ports also immediatelytransition to the forwarding state.If a boundary port transitions to the forwarding state in an IST instance, it is forwarding in all MSTinstances, and a topology change is triggered. If a boundary port with the IST root or designated portrole receives a topology change notice external to the MST cloud,the MSTP switch triggers a topologychange in the IST instance and in all the MST instances active on that port.Interoperability with 802.1D STPInteroperability with 802.1D STPA switch running MSTP supports a built-in protocol migration mechanism that enables it to interoperatewith legacy802.1D switches.If this switch receives a legacy802.1D configuration BPDU(a BPDU withthe protocol version set to0),it sends only802.1D BPDUs on that port.An MSTP switch can also detectthat a port is at the boundary of a region when it receives a legacy BPDU,an MSTP BPDU(version3)associated with a different region, or an RSTP BPDU (version 2).However, the switch does not automatically revert to the MSTP mode if it no longer receives 802.1DBPDUs because it cannot determine whether the legacy switch has been removed from the link unlessthe legacy switch is the designated switch.Also,a switch might continue to assign a boundary role to aport when the switch to which this switch is connected has joined the region. To restart the protocolmigration process (force the renegotiation with neighboring switches), you can use the clearspanning-tree detected-protocols privileged EXEC command.If all the legacy switches on the link are RSTP switches, they can process MSTP BPDUs as if they areRSTP BPDUs. Therefore, MSTP switches send either a version 0 configuration and TCN BPDUs orversion3MSTP BPDUs on a boundary port.A boundary port connects to a LAN,the designated switchof which is either a single spanning-tree switch or a switch with a different MST configuration.Configuring RSTP and MSTP FeaturesThese sections describe how to configure basic RSTP and MSTP features:•Default RSTP and MSTP Configuration, page 16-12•RSTP and MSTP Configuration Guidelines, page 16-12•Specifying the MST Region Configuration and Enabling MSTP, page 16-13 (required)•Configuring the Root Switch, page 16-14 (optional)•Configuring a Secondary Root Switch, page 16-16 (optional)•Configuring the Port Priority, page 16-17 (optional)•Configuring the Path Cost, page 16-18 (optional)•Configuring the Switch Priority, page 16-19 (optional)•Configuring the Hello Time, page 16-19 (optional)•Configuring the Forwarding-Delay Time, page 16-20 (optional)•Configuring the Maximum-Aging Time, page 16-21 (optional)•Configuring the Maximum-Hop Count, page 16-21 (optional)•Specifying the Link Type to Ensure Rapid Transitions, page 16-22 (optional)•Restarting the Protocol Migration Process, page 16-22 (optional)。

3560客户中文配置手册第1章概述1-11.1 概述1-11.2 初次访问设备1-21.2.1 通过Console口访问设备1-2第2章命令行方式访问设备2-12.1.1 命令行模式2-12.1.2 基本设置命令2-12.2 通过Console口进入命令行接口2-22.3 通过Telnet进入命令行接口2-2第3章接口配置3-13.1 概述3-13.2 二层口配置3-13.2.1 配置端口速率及双工模式3-13.3 配置一组端口3-23.4 配置三层口3-33.5 监控及维护端口3-53.5.1 监控端口和控制器的状态3-53.5.2 刷新、重置端口及计数器3-73.5.3 关闭和打开端口3-83.6 交换机端口镜像配置3-93.6.1 创建一个本地SPAN会话3-103.7 以太通道端口组（Ethernet Port Groups）3-11第4章配置VLAN 4-124.1 简介4-124.2 可支持的VLAN 4-124.3 配置正常范围的VLAN 4-124.3.1 删除VLAN 4-144.3.2 将端口分配给一个VLAN 4-154.4 配置VLAN Trunks 4-164.5 配置VTP DOMAIN 4-184.6 配置VLAN接口地址4-18第5章交换机HSRP配置5-1第6章路由协议配置6-36.1.1 静态路由6-36.1.2 RIP路由6-36.1.3 OSPF路由6-5第1章概述1.1 概述3560交换机是支持二层、三层功能的交换机，共分为EMI,SMI两个版本Enhanced Multilayer Software Image增强多层软件镜像软件(EMI)•EMI提供了一组更加丰富的企业级功能，包括基于硬件的高级IP单播和多播路由。

•支持双机热备(HSRP),OSPF路由功能.Standard Multilayer Software Image标准多层软件镜像软件(SMI)•SMI功能集包括高级QoS、速率限制、访问控制列表（ACL），以及基本的静态和路由信息协议（RIP）路由功能支持VLAN·到1005 个VLAN·支持VLAN ID从1到4094（IEEE 802.1Q 标准）·支持ISL及IEEE 802.1Q封装安全·支持IOS标准的密码保护·静态MAC地址映射·标准及扩展的访问列表支持，对于路由端口支持入出双向的访问列表，对于二层端口支持入的访问列表·支持基于VLAN的访问列表3层支持（需要多层交换的IOS）·HSRP·IP路由协议o RIP versions 1 and 2o OSPFo IGRP及EIGRPo BGP Version 4支持以下SFP模块:·1000BASE-T SFP: 铜线最长100 m·1000BASE-SX SFP: 光纤最长1804 feet (550 m)·1000BASE-LX/LH SFP: 光纤最长32,808 feet (6 miles or 10 km)·1000BASE-ZX SFP: 光纤最长328,084 feet (62 miles or 100 km)管理从用户与设备交互的特点来分，访问设备的方式可以分为命令行方式和Web方式。

配置设备介绍：（只为做实验实际应用请根据自己具体情况更改相关参数即可）核心交换机4507 提供VLAN3 网关地址：192。

168.3.254 提供DNS 服务器连接:192。

168。

0.1 接入交换机2960 提供VLAN3 TURNK 连接，可用IP 地址为192.168.3.0－192.168。

3。

240 掩码：255.255。

255。

0 网关:192。

168.3。

254DNS：192.168。

0。

1 内网实验防火墙CISCO ASA 5510E0/0 IP:192。

168.3.234E0/1 IP 10。

1.1.1 实现配置策略1。

动态内部PC1 DHCP 自动获得IP 地址，可访问INTERNET，并PING 通外部网关.PC1 Ethernet adapter 本地连接:Connection-specific DNS Suffix . : gametuziDescription 。

. 。

. . 。

：Broadcom 440x rollerPhysical Address。

. . . 。

. ：00-13-77—04-9Dhcp Enabled. 。

. . 。

. : YesAutoconfiguration Enabled 。

. 。

. ：YesIP Address。

. . 。

. 。

. 。

. . ：10。

1.1。

20Subnet Mask . . . . . . . 。

. 。

：255.255。

0.0Default Gateway 。

. 。

. ：10.1.1。

1DHCP Server . . . . 。

. . 。

. . ：10.1.1.1DNS Servers 。

. . 。

. 。

. : 192。

168。

0.12. 静态内部PC2 手动分配地址，可访问INTERNET ,并PING 通外部网关。

PC1 Ethernet adapter 本地连接：Connection—specific DNS Suffix . : gametuziDescription . 。

CISCOASDM5.2中⽂操作⼿册ASA ⽇常管理⼿册版本：2.0 姜道友说明：本⽂主要针对ASA防⽕墙的ASDM⽇常管理操作，适合ASA防⽕墙之ASDM管理的初学者，也是防⽕墙技术爱好者的⼀个参考。

防⽕墙的配置及命令⾏的操作参考我的另⼀篇⽂章。

1. 安装ASDM客户端软件 (1)2. 设置上⽹权限 (2)3. 增加访问端⼝ (3)4. 保存配置 (4)5. 查看⽇志 (5)6. 查看流量 (7)7. 防⽕墙登录管理 (8)8. 查看VPN状态 (9)9. 查看远程拨⼊VPN信息 (9)10. 查看路由表 (10)11. 查看故障倒换状态 (11)1. 安装ASDM客户端软件安装asdm50-install.msi 并安装java环境程序：jre-1_5_0-windows-i586.exe，然后运⾏ASDM，输⼊IP地址、⽤户名和密码后即可登录：2. 设置上⽹权限其中ACCEPT_ALL为特权⽤户，可以访问所有端⼝ ACCEPT_HIGH为内部⽤户上⽹、skype及MSN等访问，⼤部⽤户属于此组。

如下图：例如：双击ACCEPT_HIGH，在Nes Address中输⼊IP地址，点击Add即可添加3. 增加访问端⼝如果增加内部⼈员访问的端⼝，可双击services下的HIGH_tcp_servers，然后增加相应的端⼝即可，如下图：4. 保存配置不管是修改ASA 防⽕墙上的任何设置，都需要保存⼀下，否则下次重新启动后将丢失现在的配置，具体步骤如下：5. 查看⽇志点击如下图中的view，即可查看，如下图：如果想查找192.168.16.117的⽇志，如下图操作：如果相查看当前⽹络的流量，可按照下图操作可以telnet 192.168.x.x然后输⼊⽤户名和密码，即可登录命令⾏下操作，如下图：查看当前登录到防⽕墙的⽤户，可按照下图操作8. 查看VPN状态输⼊sh vpn-sessiondb detail l2l即可查看当前防⽕墙中VPN建⽴的通道状态grandfw# sh vpn-sessiondb detail l2l sh vpn-sessiondb detail full l2l查看VPN整体状态grandfw# sh vpn-sessiondb detail full l2l9. 查看远程拨⼊VPN信息查看拨⼊到ASA防⽕墙⽤户的详细信息，如：IPSEC参数、远程IP地址及访问权限等10. 查看路由表11. 查看故障倒换状态。

Cisco产品配置手册（路由器部分）同天科技目录第一章路由器配置基础一、基本设置方式 (2)二、命令状态 (3)三、设置对话过程 (3)四、常用命令 (7)五、配置IP地址 (9)六、配置静态路由 (12)第二章广域网协议设置一、HDCL (13)二、PPP (16)三、X.25 (18)四、Frame Relay (22)五、ISDN (26)六、PSTN (35)第三章路由器协议设置一、RIP协议 (49)二、IGRP协议 (50)三、OSPF协议 (52)四、重新分配路由 (56)五、IPX协议设置 (59)第四章服务质量及访问控制一、协议优先级设置 (61)二、队列定制 (62)三、访问控制 (63)第五章虚拟局域网（VLAN）路由一、虚拟局域网（VLAN） (64)二、交换机间链路（ISL）协议 (64)三、虚拟局域网（VLAN）路由实例 (64)第六章参考一、Cisco路由器口令恢复 (70)二、IP地址分配 (71)1.路由器配置基础1.1. 基本配置方式一般来说，可以用5种方式来设置路由器：2．AUX口接MODEM，通过电话线与远方的终端或运行终端仿真软件的微机相连；3．通过Ethernet上的TFTP服务器；4．通过Ethernet 上的TELNET程序；5．通过Ethernet 上的SNMP网管工作站。

但路由器的第一次设置必须通过第一种方式进行，此时终端的硬件设置如下：波特率：960O数据位：8停止位：1奇偶校验：无1.2. 命令状态1．router＞路由器处于用户命令状态，这时用户可以看路由器的连接状态，访问它网络和主机，但不能看到和更改路由器的设置内容。

2．router＃往router＞提示符下键人enable，路由器进入特权命令状态router＃，时不但可以执行所有的用户命令，还可以看到和更改路由器的设置内容。

3．router（config）＃在router＃提示符下键入。

2950交换机简明配置维护手册目录说明 (3)产品特性 (3)配置端口 (3)配置一组端口 (3)配置二层端口 (5)配置端口速率及双工模式 (6)端口描述 (7)监控及维护端口 (8)监控端口和控制器的状态 (8)刷新、重置端口及计数器 (10)关闭和打开端口 (10)配置VLAN (11)理解VLAN (11)可支持的VLAN (12)配置正常范围的VLAN (12)生成、修改以太网VLAN (13)删除VLAN (14)将端口分配给一个VLAN (15)配置VLAN Trunks (16)使用STP实现负载均衡 (19)配置Cluster (23)第1章说明本手册只包括日常使用的有关命令及特性，其它未涉及的命令及特性请参考英文的详细配置手册。

第2章产品特性2950是只支持二层的交换机支持VLAN•到250 个VLAN•支持VLAN ID从1到4094（IEEE 802.1Q 标准）•支持ISL及IEEE 802.1Q封装安全•支持IOS标准的密码保护•支持标准及扩展的访问列表来定义安全策略•支持基于VLAN的访问列表监视•交换机LED指示端口状态•SPAN及远端SPAN (RSPAN) 可以监视任何端口或VLAN的流量•内置支持四组的RMON监控功能（历史、统计、告警及事件）第3章配置端口3.1 配置一组端口当使用interface range命令时有如下的规则:•有效的组范围:o vlan从1 到4094o fastethernet槽位/{first port} - {last port}, 槽位为0o gigabitethernet槽位/{first port} - {last port},槽位为0o port-channel port-channel-number - port-channel-number, port-channel号从1到64•端口号之间需要加入空格，如：interface range fastethernet 0/1 –5是有效的，而interface range fastethernet 0/1-5是无效的.•interface range命令只能配置已经存在的interface vlan•所有在同一组的端口必须是相同类别的。

路由器配置手册一．路由器连接1．对于CISCO系列（以1720为例），路由器本身有一个FASTETHERNET 口（以太网口），一个AUX口（辅助控制口），一个控制口。

一个模块卡配有的高速模块上SERIAL1和SERIAL2两个串口。

配置一台路由器，首先连接路由器电源，用CISCO专用的配置线（一头RJ45，一头9孔）分别连接路由器的CONSOLE口（控制口）和终端的串口。

2．在开始-程序-附件-通讯里打开超级终端，任意填写一个名字，确定。

选择COM1，确定，将每秒位数设为9600，数据流控制设为：无，确定。

3.打开路由器，终端将接受路由器信息，等待提示。

二．路由器配制1．Would you like to enter the initial configuration dialog? [yes/no]:N % Please answer 'yes' or 'no'询问是否进入路由器会话配制模式选N2．Would you like to terminate autoinstall? [yes]: n询问是否进行终端自动设置模式选N3．进入路由器配制模式（以陵家桥为例）enable↙进入特权模式config terminal↙进入终端配制模式enable secret ombpk↙设置secret密码为ombpkenable password omb 设置password密码为omb hostname LJQ↙设置路由器名称snmp-server community public ro↙设置使用snmp协议int fastEthernet 0 ↙进入快速以太网配制ip address 192.2.52.15 255.255.255.0↙配置IP地址no shutdown↙启用int s0↙进入串口配置ip unnumbered fastEthernet 0↙不给串口设IP encapsulation ppp↙绑定PPP协议no shutdown↙启用int s1↙进入串口配置ip unnumbered fastEthernet 0↙不给串口设IP encapsulation ppp↙绑定PPP协议no shutdown↙启用exit↙回到终端配置模式router eigrp 100↙采用eigrp 100 协议network 192.2.52.0↙宣告本路由器网段ctrl+z↙write↙保存配制。