note of cisco

 
配置acl
 
Router2(config)#access-list 1 deny host 24.17.2.18 标准acl
Router2(config)#interface ethernet0
Router2(config-if)#ip access-group 1 in
Router2(config-if)#no ip access-group 1 in
Router1(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15
                any eq telnet log 可扩展acl
Router1(config)#access-list 102 permit ip 24.17.2.0 0.0.0.15 any log
Router1(config)#ip access-list extended deny_ping 可命名acl
Router1(config-ext-acl)#deny icmp host 192.168.1.18 192.168.1.1 0.0.0.0 log
Router1(config-ext-acl)#permit ip any any log
 
配置rip
Router1(config)#router rip
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.0.0.0
Router1(config-router)#network 172.16.0.0
 
 
 
配置OSPF
Router1#config terminal
Router1(config)# router ospf 100
Router1(config-router)#
Add the network(s) to which Router1 is directly connected.
Router1(config-router)#network 10.1.1.0 0.0.0.255 area 0
Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0
 
配置VTP
Switch3(config)#interface vlan1
Switch3(config-if)#ip address 10.1.1.1 255.255.255.0
Switch3(config-if)#no shutdown
Switch4(config)#interface vlan1
Switch4(config-if)#ip address 10.1.1.2 255.255.255.0
Switch3#vlan database
Switch3(vlan)#vtp server
Switch3(vlan)#vtp domain Boson
Switch3(vlan)#vtp password rules
Switch4(config)#interface fast 0/12
Switch4(config-if)#switchport mode trunk
 
 show version ；显示设备型号、Flash、DRAM、IOS版本 
    show ip interface brief ；显示接口简要信息（类型、状态、协议状态、IP地址） 
    show interface e0/0 ；显示某接口详细信息（MAC、IP、MASK、…） 
    show ip protocols ；显示IP路由协议信息
show stacks ；提供路由器进程和处理器利用率信息, 用stack decode 
    show tech-support ；显示几个show命令的输出 
    show access-lists ；查看访问列表配置 
    show memory ；用于测试内存问题
Show dhcp server
Show arp ；显示路由器的ARP表
 Ip access-list extended Example-Named-ACL 
    Deny tcp any any eq echo 
    Deny tcp any any eq 37 
    Permit udp host 172.16.10.2 any eq snmp
show startup-config ；显示写入NVRAM中的配置内容 
show running-config ；显示当前运行的配置内容
show access-lists ；查看访问列表配置
Show ip access-list ；显示IP访问列表（1-199） 
Show ip arp ；显示路由器的ARP缓存（IP、MAC、封装类型、接口） 
Show ip protocols ；显示运行在路由器上的IP路由协议的信息 
Show ip route ；显示IP路由表中的信息 
Show ip traffic ；显示IP流量统计信息
ip route 0.0.0.0 0.0.0.0 192.168.201.250
ip route 192.168.1.0 255.255.255.0 192.168.201.251
username xxxxxx privilege 15 password 7 xxxxxxxxxxxxxx
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
ip address 192.168.201.1 255.255.255.0
interface range fastethernet 0/1 – 5  端口号之间需要加入空格
configure terminal
 
 
acl
 
interface Ethernet0/0 
ip address 10.1.1.1 255.255.255.0 
ip access-group 101 in      
 
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range EVERYOTHERDAY  
 
time-range EVERYOTHERDAY 
periodic Monday Wednesday Friday 8:00 to 17:00
 
router(config-std-nacl)# 20 permit any 
router(config-std-nacl)# no 10 permit 10.1.1.1
 
 
 
vlan
 
 
show vlan
 
vlan database
3524XL(vlan)#vlan 2 name cisco_vlan_2 
3524XL(vlan)#no vlan 2
3524XL#configure terminal
3524XL(config)#interface fastethernet 0/3
3524XL(config-if)#switchport access vlan 2
3524XL(config-if)#no switchport access vlan 2
3524XL(config-if)#end
 
Switch#show running-config
3524XL#write memory
Switch(config)#interface range fastethernet [mod/slot - mod/slot]
Switch(config-if-range)#switchport access vlan vlan_number
 
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#no shut
 
 
Switch#vlan database    改vlan名
 
Switch(vlan)#vlan 3
 
Switch(vlan)#name CISCO
 
Switch(vlan)#apply
 
Switch#configure terminal
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
Switch(config)#access-list 105 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Switch(config)#access-list 105 permit ip 192.168.1.0 0.0.0.255 any
 
Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip access-group 101 in
Switch(config-if)#exit
 
Switch>enable
Switch#
 
 
 
 
 
 
 
 
 
 
 
 
h3c
 
[h3c]vlan17
[Quidway-vlan17]port g1/0/17
[Quidway-vlan17]interface Vlan-interface17
[h3c-Vlan-interface17]ip address 192.0.17.1 255.255.255.0
[h3c-Vlan-interface17]dhcp-server 1
 
 
5. 在VLAN接口10上选择全局地址池方式分配IP地址 
[SwitchA-Vlan-interface10]dhcp select global 
6. 创建全局地址池，并命名为”vlan10” 
[SwitchA]dhcp server ip-pool vlan10 
7. 配置vlan10地址池给用户分配的地址范围以及用户的网关,dns地址 
[SwitchA-dhcp-vlan10]network 10.1.1.0 mask 255.255.255.0 
[SwitchA-dhcp-vlan10]gateway-list 10.1.1.1 
[SwitchA-dhcp-vlan10]dns-list 202.96.209.5 202.96.209.133 
8. 禁止分配给用户的ip 
[SwitchA]dhcp server forbidden-ip 10.1.1.1 10.1.1.23 
[SwitchA]dhcp server forbidden-ip 10.1.1.200 10.1.1.250 
9.配置vlan接口通过dhcp方式获取ip（缺省情况下vlan接口不通过dhcp方式获取ip） 
[h3c]int vlan 3 
[h3c-vlan-intterface]ip address dhcp-alloc
11,路由配置 
[h3c]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
 
telnet配置： 
[h3c]user-intface vty 0 3 
[h3c-vty0 3]authentication-mode password 
[h3c-vty0 3]set authentication password simple 123456 
[h3c-vty0 3]user privilege level 3 设置vty可以执行的命令级别 
[h3c]management-vlan 2 设置管理vlan 
[h3c]local-user zhh 
[h3c-zhh]service-tye telnet level 3 
[h3c]telnet-server source-interface vlan-interface 2(为telnet服务端指定接口) 
[h3c]telnet-server source-ip 192.168.1.1 (为telnet服务端指定ip) 
[h3c]telnet source-interface vlan-interface 2 （为telnet客户端指定端口） 
[h3c]telent source-ip 192.168.1.1
#定义8:00至18:00的周期时间段。
 
<H3C> system-view
 
[H3C] time-range test 8:00 to 18:00 daily
(2)       定义源IP为10.1.1.1的ACL
 
#创建并进入ACL 2000视图。
 
[H3C] acl number 2000
 
#定义源IP为10.1.1.1的访问规则。
 
[H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
 
[H3C-acl-basic-2000] quit
 
(3)       在端口上应用ACL
 
#在端口上应用ACL 2000。
 
[H3C] interface Ethernet1/0/1
 
[H3C-Ethernet1/0/1] qos
 
[H3C-qoss-Ethernet1/0/1] packet-filter inbound ip-group 2000