====== Оборудование уровня 2 Cisco Catalyst ====== ===== Настройка имени устройства ===== !hostname switch hostname switchN ===== Настройка интерфейсов уровня 3 ===== interface VLAN1 ! ip address 192.168.X.3 255.255.255.0 ip address 192.168.X.50+N 255.255.255.0 no shutdown ===== Настройка маршрута по умолчанию ===== !ip default-gateway 192.168.X.1 ===== Настройка DNS ===== !ip name-server 192.168.X.10 !ip domain-name corpX.un ИЛИ no ip domain lookup ip host server 192.168.X.10 !ip host router 192.168.X.1 ===== Введение в технологию VLAN ===== * [[https://arny.ru/education/new-ccna/native-vlan/|Native VLAN]] ==== Просмотр параметров VTP === show vtp status show vlan dir flash:/vlan.dat ==== Настройка интерфейсов ==== interface FastEthernet 0/1 switchport mode trunk interface FastEthernet 0/2 switchport mode access switchport access vlan 2 ===== Настройка EtherChannel ===== interface Port-channel1 desc uplink to CORE (switch1 and switch2) interface FastEthernet0/0 channel-group 1 mode on interface FastEthernet0/1 channel-group 1 mode on ! shutdown ! in GNS ===== Настройка 802.1x ===== !!! may not be in some ealer ios !!! dot1x system-auth-control interface FastEthernet0/2 switchport mode access spanning-tree portfast dot1x port-control auto !!! modern syntax ! authentication port-control auto ! dot1x pae authenticator switch#show int f0/2 switch#show dot1x interface f0/2 ===== Блокировка по mac адресу ===== mac-address-table static 001d.7d0c.062f vlan 1 drop ===== DHCP snooping ===== [[http://xgu.ru/wiki/DHCP_snooping]] ip dhcp snooping ip dhcp snooping vlan 1 interface FastEthernet 0/1 ip dhcp snooping trust ===== storm-control ===== * [[https://www.embeddedsystemtesting.com/2012/04/how-to-generate-broadcast-traffic-for.html|Tools to generate broadcast traffic]] * В GNS эмуляторе коммутатора не поддерживаются счетчики на интерфейсе show interfaces f0/2 interface FastEthernet 0/2 storm-control broadcast level 1 storm-control multicast level 1 ! storm-control action trap ! storm-control action shutdown show storm-control show interfaces | inc err-disable ===== SPAN ===== monitor session 1 source interface f0/0 both monitor session 1 destination interface f0/15 ===== port-security ===== * [[http://ciscomaster.ru/content/nastroyka-port-security-na-kommutatorah-cisco|Настройка Port Security на коммутаторах Cisco]] switchport port-security switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address 0005.5E80.22A3 switchport port-security mac-address 00E0.F75B.C101