====== Оборудование уровня 2 Cisco Catalyst ======
===== Настройка имени устройства =====
!hostname switch
hostname switchN
===== Настройка интерфейсов уровня 3 =====
interface VLAN1
! ip address 192.168.X.3 255.255.255.0
ip address 192.168.X.50+N 255.255.255.0
no shutdown
===== Настройка маршрута по умолчанию =====
!ip default-gateway 192.168.X.1
===== Настройка DNS =====
!ip name-server 192.168.X.10
!ip domain-name corpX.un
ИЛИ
no ip domain lookup
ip host server 192.168.X.10
!ip host router 192.168.X.1
===== Введение в технологию VLAN =====
* [[https://arny.ru/education/new-ccna/native-vlan/|Native VLAN]]
==== Просмотр параметров VTP ===
show vtp status
show vlan
dir flash:/vlan.dat
==== Настройка интерфейсов ====
interface FastEthernet 0/1
switchport mode trunk
interface FastEthernet 0/2
switchport mode access
switchport access vlan 2
===== Настройка EtherChannel =====
interface Port-channel1
desc uplink to CORE (switch1 and switch2)
interface FastEthernet0/0
channel-group 1 mode on
interface FastEthernet0/1
channel-group 1 mode on
! shutdown ! in GNS
===== Настройка 802.1x =====
!!! may not be in some ealer ios !!!
dot1x system-auth-control
interface FastEthernet0/2
switchport mode access
spanning-tree portfast
dot1x port-control auto
!!! modern syntax
! authentication port-control auto
! dot1x pae authenticator
switch#show int f0/2
switch#show dot1x interface f0/2
===== Блокировка по mac адресу =====
mac-address-table static 001d.7d0c.062f vlan 1 drop
===== DHCP snooping =====
[[http://xgu.ru/wiki/DHCP_snooping]]
ip dhcp snooping
ip dhcp snooping vlan 1
interface FastEthernet 0/1
ip dhcp snooping trust
===== storm-control =====
* [[https://www.embeddedsystemtesting.com/2012/04/how-to-generate-broadcast-traffic-for.html|Tools to generate broadcast traffic]]
* В GNS эмуляторе коммутатора не поддерживаются счетчики на интерфейсе show interfaces f0/2
interface FastEthernet 0/2
storm-control broadcast level 1
storm-control multicast level 1
! storm-control action trap
! storm-control action shutdown
show storm-control
show interfaces | inc err-disable
===== SPAN =====
monitor session 1 source interface f0/0 both
monitor session 1 destination interface f0/15
===== port-security =====
* [[http://ciscomaster.ru/content/nastroyka-port-security-na-kommutatorah-cisco|Настройка Port Security на коммутаторах Cisco]]
switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security mac-address 0005.5E80.22A3
switchport port-security mac-address 00E0.F75B.C101