1.系统名称命名 hostname F1-SW01
2.系统钟配置
clock timezone beijing 8
3.用户角色,ssh和限源登录配置
ip access-list standard denglu-acl
10 permit host x.x.x.x
exit
role audit-admin
description audit admin
exit
role network-admin
description network admin
exit
role network-operator
description network operator
exit
role security-admin
description security admin
exit
local-user admin class manager
service-type ssh
privilege 15
password 7 123456
exit
line vty 0 4
access-class denglu-acl in
protocol input ssh
login local
exit
ip ssh server
ssh server prefer-key diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1
ssh server perfer-stoc-hmac hmac-sha2-256
ssh server perfer-identity-key ssh-rsa
4.交换机逐流转发配置
ip load-sharing per-flow
ipv6 load-sharing per-flow
5.802.1X配置
aaa server group radius radius1
server x.x.x.x acct-port 1813 auth-port 1812 key 7 123
exit
domain system
aaa authentication dot1x radius-group radius1
aaa authentication login local
aaa authorization login local
aaa accounting dot1x start-stop radius-group radius1
exit
6.环路检测配置
loopback-detection enable
int gi 0/7
shutdown
switchport access vlan 20
spanning-tree bpdu guard enable
spanning-tree portfast edgeport enable
loopback-detection enable
7.vlan和接口access和trunk配置
vlan 10,19-20,100,110
8.lldp配置
lldp run
int gi 0/7
shutdown
switchport access vlan 20
spanning-tree bpdu guard enable
spanning-tree portfast edgeport enable
loopback-detection enable
exit
int gi 0/8
switchport access vlan 20
spanning-tree bpdu guard enable
spanning-tree portfast edgeport enable
loopback-detection enable
exit
int gi 0/16
switchport mode trunk
switchport trunk allowed vlan add 1,10-11
switchport trunk pvid vlan 1
loopback-detection enable
exit
9.静态链路聚合配置
link-aggregation 1 manual
int ten 0/25
duplex full
link-aggregation 1 manual
exit
int ten 0/26
duplex full
link-aggregation 1 manual
exit
int link-aggregation1
switchport mode trunk
switchport trunk allowed vlan add 1,10-11
switchport trunk pvid vlan 10
no telnet server enable
端口范围配置:
int range gi 0/7-10
switchport mode trunk
switchport trunk allowed vlan add 1,10-11
10.vlan虚接口和地址、路由配置
int vlan 10
ip ad x.x.x.x 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 x.x.x.x
或者
ip default-gateway x.x.x.x
11.snmp和限源配置
ip access-list standard snmp-acl
10 permit host x.x.x.x
exit
snmp-server start
snmp-server view default 1.2 include
snmp-server view default 1.0.8802 include
snmp-server view default 1.1.2 include
snmp-server view default 1.3.111 include
snmp-server view default 1.3.6.1 include
snmp-server group 1 v3 authpriv read default notify default
snmp-server user admin 1 v3 auth sha password 7 123 encrypt des password 7 456 snmp-acl
12.端口隔离配置
isolate group 1
interface gi 0/1 both
interface gi 0/2 both
interface gi 0/3 both
exit
13.保存配置
wirte
copy runnning-config startup-config
重启设备生效
14.重启设备
reload
15.enable与进入配置视图
MP>enable
MP#
MP#config terminal
16.enabel密码配置
enable password 123XX
17.dhcp配置
service dhcp
ip dhcp excluded-addess 192.168.10.1 192.168.10.100
ip dhcp pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
option 43 hex 800478C0280C
18.STP配置
spanning-tree mode mstp
spanning-tree priority 4096
int range gi 0/7-10
spanning-tree portfast
19.流量优先级标记
class-map match-any VOIP
match dscp ef
prority percent 80
20.端口限速
int range gi 0/7-10
rate-limit in 1000000 1500000
rate-limit out 1000000 1500000
21.配置归档管理
archive config
patch flash:/config-archive
maximum 10
22.日志发送
logging host X.X.X.X
logging trap informational
logging source-interface vlan 10
23.设备诊断与网络通信检测
show tech-support > flash:/diagnostic.log
ping 8.8.8.8 source vlan 10
traceroute 8.8.8.8 source vlan 10
25.清除限制性地址
clear mac-address-table restricted static
26.设备查看命令
show run
show run int g0/0/1
show ip int b
show interface ethernet status
show mac-address-table
show ip dhcp binding
show logging
show vlan
show vlan 10
show mac-address-table
搞定C语言子集的词法分析器)
)
