Body part:
Single switch VLAN division
enter system view system
enter system view system-view
exit to system view quit
delete vlan 20 undo vlan 20
switch name sysname
display vlan disp vlan
create vlan (you can also enter vlan 20) vlan 20
put port 1- 5 Put port e1/0/1 to e1/0/5 in VLAN 20 to
display port 20 in vlan disp vlan 20
enter port 24 int e1/0/24
put current port into vlan 20 port access vlan 20
means delete current VLAN port 10 undo port e1/0/10
view the current configuration disp curr
delete the configuration command copy command before undo
Basic router configuration commands
Name the router (or switch) sysname router_name
Delete the configuration in the Flash ROM delete
Write the configuration into the Flash ROM save
Enter the interface configuration mode interface serial 0
Exit the interface mode to the system view quit
Close/restart the interface shutdown/undo shutdown
Configure the IP address and subroutine for the interface Net mask ip address ip_address subnet_mask
display interface configuration information display interfaces
display routing table display ip routing
test network connectivity ping ip_address
test the gateway through which the packet passes from the host to the destination tracert ip_address
open all debugging information debug all
close all debugging information undo debug all
enable debugging information output function info-center enable
output debugging information to PC info-center console dubugging
output debugging information to Telnet terminal or dumb terminal info-center monitor dubugging
Configure the switch to support TELNE
Enter system view system
switch name sysname
enter VLAN 1 int vlan 1
configure IP address ip address 192.168.3.100 255.255.255.0
enter virtual terminal user-int vty 0 4
set password mode authentication-mode password (aut password)
set authentication password simple 222 (set aut pass sim 222)
Configure user privilege level 3 (use priv lev 3)
View current configuration disp current-configuration (disp cur)
View switch VLAN IP configuration disp ip int
*Delete configuration must return to user mode
Delete the configuration reset saved-configuration (reset saved)
Reboot the switch
Three-layer switch configuration VLAN-VLAN communication
sw1 (Layer 3 switch):
enter the view system
name sysname,
create VLAN 10 vlan 10,
create VLAN 20 vlan 20,
enter port 20 int e1/0/20,
put port 20 into VLAN 10 port access vlan 10,
enter 24 port int e1/0/ 24
Set port 24 as TRUNK port port link-type trunk
port trunk permit vlan all (port trunk permit vlan 10 can only be used for vlan 10) Port 24 uses
sw2 for all VLANs :
vlan 10
int e1/0/5
port access vlan 10
int e1/0/24
Set 24 port as TRUNK port port link-type trunk
port trunk permit vlan all (port trunk permit vlan 10 can only be used for vlan 10) 24 port uses
sw1 (layer 3 switch) for all VLANs :
Create virtual interface VLAN 10 int vlan 10
Set the address of virtual interface VLAN 10 ip address 192.168.10.254 255.255.255.0
Create virtual interface VLAN 20 int vlan 20
Set the address of the virtual interface IP VLAN 20 ip address 192.168.20.254 255.255.255.0
Note: The gateway of the computer in vlan 10 is set to 192.168.10.254 The gateway of the computer in
vlan 20 is set to 192.168.20.254
IP access list
int e1/0
ip address 192.168.3.1 255.255.255.0
int e2/0
ip address 192.168.1.1 255.255.255.0
int e3/0
ip address 192.168.2.1 255.255.255.0
acl number 2001 (2001-2999 belongs to the basic access list)
rule 1 deny source 192.168.1.0 0.0.0.255 (deny the data of the address 192.168.1.0 network segment to pass)
rule 2 permit source 192.168.3.0 0.0.0.255 (allow the data of the address 192.168.3.0 network segment to pass) The
following is the access control list in Application under interface:
firewall enable
firewall default permit
int e3/0
firewall packet-filter 2001 outbound
disp acl 2001 display information
undo acl number 2001 delete 2001 control list
extended access control list
acl number 3001
rule deny tcp source 192.168.3.0 0.0.0.255 destination 192.168.2.00.0.0.255 destination-port eq ftp
must be executed under r-acl-adv-3001
rule permit ip source an destination any (rule permit ip)
int e3/0
firewall enable Enable firewall
firewall packet-filter 3001 inbound
More training materials for hcia, hcip, and hcie can be added to network engineer qun: 696283186