交换机指令
show 命令
show version: //显示交换机版本信息
show flash: //显示保存在flash中的文件及大小
show history: //显示用户最近的命令历史
show arp: //显示arp映射表
show running-config: //显示当前运行状态下生效的交换机参数配置
show startup-config: //显示当前运行状态下写在Flash Memory中交换机参数配置,通常也是交换机下次上电启动时所有的配置文件
show switchport interface: //显示交换机端口的vlan端口模式和所属vlan号及交换机端口信息。
show interface ethernet 0/0/1 //显示指定交换机端口的信息
enable //进入特权模式
一般用户配置模式
? //输入?号显示命令
enable //进入特权用户配置模式,特权用户配置模式必须设置特权用户口令
exit //退出特权模式
help
show全局配置模式的配置方法
设置密码
# 特权模式下输入,进入全局配置模式
config terminal/config t/config
# 在全局配置模式下,设置特权用户口令
enable
config terminal
enable password level admin
...
exit
write
#取消enable密码
no enable password level admin设置接口
#先要进入特权模式
interface ethernet 0/0/1 #进入以太网端口0/0/1的接口
interface vlan 1 #进入vlan1接口
#vlan配置模式的配置方法
vlan 100 #创建vlan100,并进入vlan配置模式
exit
show vlan #查看vlan信息
no vlan 100 #删掉vlan 100其他
大部分的逆命令都是采用no命令的模式
set default #恢复出厂设置
write #保存当前运行时配置参数到Flash Memory
reload #热启动交换机
show v? #查看v开头的命令
clock set ? #查询此命令
clock set 15:29:50 #配置当前时间
clock set 15:29:50 2006.01.16 #配置当前年月日
show clock
show flash #显示保存在flash中的文件及大小
shutdown #关闭指定的以太网端口
no shutdown #打开指定端口交换机telent调试
# 要配置默认vlan的IP地址,即管理ip
config
interface vlan 1
ip address 192.168.1.100 255.255.255.0 #配置ip地址
no shutdown #激活vlan接口
exit
show run #查看配置
#
config
telnet-user dcnu password 0 digital #设置telnet用户
exit
show run
config
no telnet-user ... #删除用户交换机web服务
config
ip http server #开启http功能
web-user admin password 0 digital #设置密码shutdown
interface ethernet 0/0/1-8
no shutdowntelnet
#交换机作为客户端使用的
ctrl + | #断开与远程主机的连接
telnet 20.1.1.1 23 #连接到远程主机
telnet-server enable #打开交换机的Telnet服务器功能
no telnet-server enable #关闭,默认开启状态
#只有安全ip才能登陆交换机
telnet-server securityip 192.168.1.21 #安全登录的ip
no telnet-server ...
telnet-user <username> password {0|7} <password> #0|7表示口令不加密显示和加密显示,<password>最长不超过8个字符
vlan
- 一个端口只属于一个vlan
- 默认情况,所有端口都属于vlan1
#恢复出产设置
set default
write
reload
#给交换机设置IP地址即管理地址
config
interface vlan 1
ip address 192.168.1.11 255.255.255.0
no shutdown
exit
exit
#创建vlan100 和 vlan200
vlan 100
exit
vlan 200
exit
#验证配置
show vlan
#给vlan100 和 vlan200 添加端口
vlan 100 #进入vlan 100
switchport interface ethernet 0/0/1-8 #添加端口1-8
exit
vlan 200
switchport interface ethernet 0/0/9-16
exit
show vlan
#删除vlan
no vlan 100
#删除vlan中的一个或多个端口
no switchport interface 0/0/1-6
no switchport interface 0/0/1;2;5
no switchport interface 0/0/1-6;8不同交换机相同vlan之间互联
#交换机恢复出厂设置
set default
write
reload
#交换机A
hostname switchA
interface vlan 1
ip address 192.168.1.11 255.255.255.0
no shutdown
exit
vlan 100
switchport interface ethernet 0/0/1-8
exit
vlan 200
switchport interface ethernet 0/0/9-16
exit
#交换机B
hostname switchB
interface vlan 1
ip address 192.168.1.12 255.255.255.0
no shutdown
exit
vlan设置与A一样
#设置交换机trunk端口
#A
interface ethernet 0/0/24
switchport mode trunk
switchport trunk allowed vlan all #允许所有vlan通过
exit
show vlan
#B 与A相同
交换机之间的冗余连接的危害
#交换机A
config
hostname switchA
interface vlan 1
ipaddress 10.1.157.100 255.255.255.0
no shutdown
exit
#交换机B
config
hostname switchB
interface vlan 1
ip address 10.1.157.101 255.255.255.0
no shutdown
exit
#确保两台交换机中的生成树协议关闭
no spanning-tree
show spandell交换机
VLAN配置
准备工作
S60#conf
S60(conf)#int gigabitethernet 0/0
S60(conf-if-gi-0/0)#no shutdown
00:29:23: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Gi 0/0
S60(conf-if-gi-0/0)#switchport
S60(conf-if-gi-0/0)#exit
S60(conf)#int gigabitethernet 0/43
S60(conf-if-gi-0/43)#no shutdown
00:29:36: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Gi 0/43
S60(conf-if-gi-0/43)#switchport
S60(conf-if-gi-0/43)#exit
创建vlan
S60(conf)#int vlan 2
S60(conf-if-vl-2)#exit
S60(conf)#int vlan 3
S60(conf-if-vl-3)#exit
Access口
S60#conf
S60(conf)#int gigabitethernet 0/43
S60(conf-if-gi-0/43)#no shutdown
S60(conf-if-gi-0/43)#switchport
S60(conf-if-gi-0/43)#exit
S60(conf)#int vlan 2 ;;将giga0/43口划进VLAN2
S60(conf-if-vl-2)#untagged gigabitethernet 0/43
S60(conf-if-vl-2)#no shutdown
;;显示
S60#sh run
interface GigabitEthernet 0/43
no ip address
switchport
no shutdown
!
interface Vlan 2
ip address 10.1.1.1/24
tagged Port-channel 1-2
untagged GigabitEthernet 0/43
no shutdownTrunk口
S60(conf)#int gigabitethernet 0/43
S60(conf-if-gi-0/43)#no shutdown
S60(conf-if-gi-0/43)#switchport
S60(conf)#int range vlan 2 - 5 , vlan 10 , vlan 20 注意vlan后,每一个命令之间都有空格,包括逗号之间
S60(conf-if-range-vl-2-5,vl-10,vl-20)#tag gig 0/43 这里不能用tab键,只能一个个字符敲进去
S60(conf-if-range-vl-2-5,vl-10,vl-20)#no shutdown
00:34:09: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 3
00:34:09: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 4
00:34:09: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 5
00:34:09: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 10
00:34:09: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Vl 20
Vlan接口配置IP(有些版本VLAN 1可能不允许配置IP)
S60(conf)#int vlan 2
S60(conf-if-vl-2)#ip add 10.1.1.254 255.255.255.0
show run配置如下
interface GigabitEthernet 0/0
no ip address
switchport
no shutdown
!
interface GigabitEthernet 0/43
no ip address
switchport
no shutdown
!
interface Vlan 2
no ip address
tagged GigabitEthernet 0/43
untagged GigabitEthernet 0/0
no shutdown
!
interface Vlan 3
no ip address
tagged GigabitEthernet 0/43
no shutdown
!
interface Vlan 4
no ip address
tagged GigabitEthernet 0/43
no shutdown
!
interface Vlan 5
no ip address
tagged GigabitEthernet 0/43
no shutdown
!
interface Vlan 10
no ip address
tagged GigabitEthernet 0/43
no shutdown
!
interface Vlan 20
no ip address
tagged GigabitEthernet 0/43
no shutdown
Port-channel配置
有静态和动态两种,可以选择跟对端设备兼容的模式,动态有以下参数可选:
S60(conf-if-gi-0/1-lacp)#port-channel 1 mode ?
active LACP active mode
off LACP off mode
passive LACP passive mode
注意:
1.FTOS(conf-if-po-55)#switchport
不要在物理口上敲这个命令,配置port-channel会报错,如果物理口上显示switchport,要no掉
2.物理口上的tag、untag之类命令要no掉,保证物理口干净无配置,这一类命令要在port-channel口上配
show run int te0/0 可以看到干净的物理口配置
interface TenGigabitEthernet 0/0
no ip address
no switchport
flowcontrol rx on tx off
no shutdown
例一、静态链路聚合,即不使用任何聚合协议,强制聚合
FTOS(conf)#interface range gi0/1 - 2
FTOS(conf-if-range-gi-0/1-2)#no shutdown
FTOS(conf-if-range-gi-0/1-2)#no switchport
FTOS(conf-if-range-gi-0/1-2)#exit
FTOS(conf)#interface port-channel 55
FTOS(conf-if-po-55)#channel-member gi0/1
FTOS(conf-if-po-55)#channel-member gi0/2
FTOS(conf-if-po-55)#lacp long-timeout
FTOS(conf-if-po-55)#switchport 不能在物理口上敲这个命令,会报错
FTOS(conf-if-po-55)#no shutdown
show run
interface GigabitEthernet 0/20
no ip address
no shutdown
!
interface GigabitEthernet 0/21
no ip address
no shutdown
interface Port-channel 2
no ip address
switchport
channel-member GigabitEthernet 0/20-21
no shutdown
interface Vlan 2 将两个port-channel口都配置为trunk
ip address 10.1.1.1/24
tagged Port-channel 1-2
测试
S60#ping 10.1.1.2 count continuous 拔线丢一个包
Type Ctrl-C to abort.
Sending 2147483647, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!00:35:09: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 0/20.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 99 percent (4100/4101), round-trip min/avg/max = 0/1/200 (ms)
S60#ping 10.1.1.2 count continuous 重新插回去不丢包
Type Ctrl-C to abort.
Sending 2147483647, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!00:35:19: %STKUNIT0-M:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi 0/20
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 100.0 percent (2845/2845), round-trip min/avg/max = 0/1/200 (ms)
S60#
S60#
例二、动态聚合,即使用LACP聚合协议
//提醒,如果对端是思科交换机,尽量采用静态链路聚合,否则要修改思科交换机的链路聚合协议为LACP,思科默认使用自忆的PAGA聚合协议
FTOS(conf)#interface range gi0/5 - 6
FTOS(conf-if-range-gi-0/5-6)#no shutdown
FTOS(conf-if-range-gi-0/5-6)#no switchport
FTOS(conf-if-range-gi-0/5-6)#port-channel-protocol lacp
FTOS(conf-if-range-gi-0/5-6-lacp)#port-channel 1 mode active
FTOS(conf-if-range-gi-0/5-6)#exit
FTOS(conf)#interface port-channel 10
FTOS(conf-if-po-10)#lacp long-timeout
FTOS(conf-if-po-10)#switchport 不能在物理口上敲这个命令,会报错
FTOS(conf-if-po-10)#no shutdown
show run
interface GigabitEthernet 0/1
no ip address
port-channel-protocol LACP
port-channel 1 mode active
no shutdown
!
interface GigabitEthernet 0/2
no ip address
port-channel-protocol LACP
port-channel 1 mode active
no shutdown
interface Port-channel 1
no ip address
no shutdown
interface Vlan 2 将两个port-channel口都配置为trunk
ip address 10.1.1.1/24
tagged Port-channel 1-2
测试
S60#ping 10.1.1.2 count continuous 拔线丢一个包
Type Ctrl-C to abort.
Sending 2147483647, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!00:23:57: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 0/2
00:23:57: %STKUNIT0-M:CP %LACP-5-PORT-UNGROUPED: PortChannel-001-Ungrouped: Interface Gi 0/2 exited port-channel 1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 99 percent (2745/2746), round-trip min/avg/max = 0/1/140 (ms)
S60#ping 10.1.1.2 count continuous 重新插回去不丢包
Type Ctrl-C to abort.
Sending 2147483647, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!00:24:06: %STKUNIT0-M:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi 0/2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100.0 percent (2993/2993), round-trip min/avg/max = 0/1/200 (ms)
S60#00:24:10: %STKUNIT0-M:CP %LACP-5-PORT-GROUPED: PortChannel-001-Grouped: Interface Gi 0/2 joined port-channel 1
S60#
FTOS (conf)#username admin password 12345678 pri 15
FTOS(conf)#ip ssh server enable
以下命令可选:
FTOS (conf)#ip ssh server version 2
FTOS(conf)#crypto key generate rsa
日志服务器配置
sw(conf)#logging on
sw(conf)#logging buffered 409600 warnings
sw(conf)#logging 10.10.10.1
sw(conf)#logging source-interface vlan 20
sw(conf)#logging trap warnings