[Command List]
~ Configuring Access port
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
~ Configuring Trunk port
(config-if)# swithcport mode trunk
(config-if)# switchport trunk encapsulation
dot1q
(config-if)# switchport trunk native vlan
10
(config-if)# switchport trunk allowed vlan
1,20,30
(config-if)# switchport trunk encapsulation
isl
(config-if)# switchport nonegotiate
~ Checking vlan configuration
# show vlan
# show interface trunk
# show interface switchport
# show interfaces f0/1 switchport
~ Configuring VTP
(config)# vtp domain [name]
(config)# vtp password [pass]
(config)# vtp version 2
(config)# vtp mode
server|client|transparent
(config)# vtp mode
server|client|transparent
(config)# vtp pruning
(config-if)# switchport trunk pruning vlan
2-50
# show vtp status
~ Configuring Spanning-tree
(config)# spanning-tree stp|rstp|mstp
(config)# spanning-tree hello-time 5
(config)# spanning-tree forward-time 25
(config)# spanning-tree max-age 10
(config)# spanning-tree priority 12288
(config)# spanning-tree vlan 31-33,51-53 priority
4096
(config)# spanning-tree root primary|secondary
(config-if)# spanning-tree disable
(config-if)# spanning-tree vlan 2
port-priority 16
(config-if)# spanning-tree vlan 2 cost 14
# show spanning-tree
# show spanning-tree vlan 10
# show spanning-tree inconsistentports
~ Configuring Spanning-tree MST
(config)# spanning-tree mst configuration
(config-mst)# instance 1 vlan 10,20,30-40
(config-mst)# name ping-t
(config-mst)# resivion 0
(config-mst)# show pending
~ Configuring Spanning-tree toolkit
(config)# spanning-tree portfast default
(config-if)# spanning-tree portfast enable
(config)# spanning-tree portfast bpduguard
(config-if)# spanning-tree bpduguard enable
(config)# spanning-tree uplinkfast
(config)# spanning-tree backbonefast
(config-if)# spanning-tree guard root
(config)# spanning-tree loopguard default
(config-if)# spanning-tree guard loop
(config)# spanning-tree portfast bpdufilter
default
(config-if)# spanning-tree bpdufilter
enable
~ Configuring EtherChannel
(config)# interface range fastethernet 0/10
- 11
(config-if-range)# channel-protocol lacp|pagp
(config-if-range)# channel-group 1 mode
active|passive
(config-if-range)# channel-group 1 mode desirable|auto|on
# show etherchannel
# show etherchannel summary
~ Checking CEF and Adjacency table
# show
ip cef
# show adjacency|adjacency detail
~ Multilayer Switching Configuring
(config)# vlan 21,22
(config)# interface vlan 21
(config-if)# ip address 192.168.20.1
255.255.255.240
(config)# interface vlan 22
(config-if)# ip address 192.168.20.97
255.255.255.240
(config)# interface Fa0/1
(config-if)# switchport mode access
(config-if)# switchport autostate exclude
(config-if)# no switchport|switchport
(config)# ip routing
~ Router “Router-on-a-Stick” Configuring
R1(config-if)# interface
gigabitethernet0/1.1
R1(config-subif)# encapsulation dot1q 1
native
R1(config-subif)# ip address 192.168.0.1
255.255.255.0
R1(config-subif)# interface
gigabitethernet0/1.2
R1(config-subif)# encapsulation dot1q 2
R1(config-subif)# ip address 192.168.2.1
255.255.255.0
~ FHRP configuring commands
~ HSRP configuring commands
CatA(config)# interface Vlan 1
CatA(config-if)# ip address 192.168.1.100
255.255.255.0
CatA(config-if)# standby 1 ip 192.168.1.200
CatA(config-if)# standby 1 priority 200
CatA(config-if)# standby 1 track
gigabitEthernet 0/1 100
CatB(config)# interface Vlan 1
CatB(config-if)# ip address 192.168.1.101
255.255.255.0
CatB(config-if)# standby 1 ip 192.168.1.200
CatB (config-if)# standby 1 priority 150
CatB(config-if)# standby 1 track
gigabitEthernet 0/1 80
# show standby
# show standby brief
~ Configuring VACL commands
Deny packets of “Src: host 192.168.2.2 -
Dst: 192.168.2.0/24 - Vlan 2”
(config)# ip access-list extended ping-t
(config-ext-nacl)# permit ip host
192.168.2.2 192.168.2.0 0.0.0.255
(config)# vlan access-map roue 10
(config-access-map)# match ip address ping-t
(config-access-map)# action drop
(config)# vlan access-map roue 20
(config-access-map)# action forward
(config)# vlan filter roué vlan-list 2
~ Configuring DHCP snooping
(config)# ip dhcp snooping
(config)# ip dhcp snoopinp vlan 5
(config-if)# ip dhcp snooping trust|
# show ip dhcp snooping
~ Configuring DAI (Dynamic ARP Inspection)
(config)# ip arp inspection vlan 20
(config-if)# ip arp inspection trust
~ Configuring port-security
(config-if)# switchport mode access
(config-if)# switchport port-security
(config-if)# switchport port-security
maximum 5
(config-if)# switchport port-security
mac-address aaaa.aaaa.aaaa
(config-if)# switchport port-security
mac-address sticky
(config-if)# switchport port-security
violation shutdown|restrict|protect
# show port-security
# show port-security address
(config-if)# ip verify source
~ Private VLAN Configuration
(config)#
~ AAA IEEE802.1x Configuration
(config)# aaa new-model
(config)# radius-server host 192.168.100.1
key abc777
(config)# aaa authentication dot1x default
group radius
(config)# dot1x system-auth-control
(config)# interface FastEthernet 0/1
(config-if)# switchport mode access
(config-if)# dot1x port-control auto|force-authorized|force-unauthorized
No comments:
Post a Comment