思科交换机6509配置实例(双机热备)
思科交换机双机热备模式怎么使用.doc
思科交换机双机热备模式怎么使用方法步骤1、打开Cisco Packet Tracer,点击【交换机】,选择2960交换机,按住鼠标左键拖动到工作区。
这里有很多类型的交换机,其它类型的天使以后慢慢和大家讲解。
2、我们选择【终端设备】拖动两台台式机到工作区,用于测试通信3、最后用直通线连接交换机和电脑,对核心交换机进行双冗余设计4、分别设置两台主机的IP地址,主机0为:192.168.1.1;主机1为:192.168.1.25、在主机1上进行Ping测试,ping 192.168.1.1,发现是连通的6、假如现在我们核心交换机坏了一个,我们交换机双机热备,数据包可以走另外一个交换机,两台客户机没有受到任何的干扰7、我们假设核心交换机0坏了,就相当于所有连接核心交换机的线路都断了,这时任然不影响主机之间的通信相关阅读:交换机工作原理过程交换机工作于OSI参考模型的第二层,即数据链路层。
交换机内部的CPU会在每个端口成功连接时,通过将MAC 地址和端口对应,形成一张MAC表。
在今后的通讯中,发往该MAC地址的数据包将仅送往其对应的端口,而不是所有的端口。
因此,交换机可用于划分数据链路层广播,即冲突域;但它不能划分网络层广播,即广播域。
交换机拥有一条很高带宽的背部总线和内部交换矩阵。
交换机的所有的端口都挂接在这条背部总线上,控制电路收到数据包以后,处理端口会查找内存中的地址对照表以确定目的MAC(网卡的硬件地址)的NIC(网卡)挂接在哪个端口上,通过内部交换矩阵迅速将数据包传送到目的端口,目的MAC若不存在,广播到所有的端口,接收端口回应后交换机会学习新的MAC地址,并把它添加入内部MAC地址表中。
使用交换机也可以把网络分段,通过对照IP地址表,交换机只允许必要的网络流量通过交换机。
通过交换机的过滤和转发,可以有效的减少冲突域,但它不能划分网络层广播,即广播域。
思科交换机6509配置实例(双机热备)
CISCO 6509配置手册1.设置时间switch#config tswitch(config)# clock timezone GMT 8 ;配置时区switch(config)# clock set 13:30:21 31 JAN 2004 ;配置交换机时间2.设置主机名及密码Switch#congfig tSwitch(config)#hostname 6509a //配置交换机名称6509a(config)#enable password cisco //配置用户密码6509a (config)#enable secret cisco //配置安全密码6509a (config-line)#line vty 0 15 //配置远程访问密码6509a (config-line)#login6509a (config-line)#password cisco6509a (config-line)#login6509a (config-line)#^z6509a #show running-config //查看配置信息6509a #copy running-config startup-config6509a #show startup-config6509a #show bootvar6509a #dir bootflash:6509a #copy system:running-config nvram:startup-config6509a #show fabric status6509a #show hardware3.配置vlan6509a #config t6509a (config)#vlan 3016509a (config-vlan)# name hexinxitong6509a (config)#vlan 3026509a (config-vlan)# name callcenter6509a (config)#vlan 3036509a (config-vlan)# name kuaijicaiwu6509a (config)#vlan 3046509a (config-vlan)# name guojiyewu6509a (config)#vlan 3056509a (config-vlan)# name guanlixitong6509a (config)#vlan 3066509a (config-vlan)# name ceshihuanjing6509a (config)#vlan 3076509a (config-vlan)# name wangluoguanli6509a (config-vlan)#exit6509a (config)#exit6509a #show vlan6509a (config)#interface range giga 2/1 – 8 //配置端口信息6509a (config-if-range)#switchport //二层交换模式6509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3016509a (config-if-range)#exit6509a (config)#interface range giga 2/9– 146509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3026509a (config-if-range)#exit6509a (config)#interface range giga 2/15 – 176509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3036509a (config-if-range)#exit6509a (config)#interface range giga 2/18 – 226509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3046509a (config)#interface range giga 2/23 – 266509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3056509a (config-if-range)#exit6509a (config)#interface range giga 2/27 – 336509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3066509a (config-if-range)#exit6509a (config)#interface range giga 2/34 – 396509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3076509a (config-if-range)#exit6509a (config)#interface giga 2/486509a (config-if)#ip address 12.10.254.2 255.255.255.0 6509a (config-if)#no shut6509a (config)#exit6509a #show vlan4.配置trunk6509a(config)#int giga 5/16509a(config-if)#shut down6509a(config-if)#switchport6509a(config-if)#switchport trunk enca dot1q6509a(config-if)#switchport mode trunk6509a #show int giga 2/48 trunk6509a #show vtp counters6509a #show vtp status6509a(config)#int giga 6/16509a(config-if)#shut down6509a(config-if)#switchport6509a(config-if)#switchport trunk enca dot1q6509a(config-if)#switchport mode trunk6509a(config-if)#no shut down5.设置vlan地址及HSRP6509a #config t6509a(config) #int vlan 3016509a(config-if) #ip address 192.1.2.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 1 ip 192.1.2.16509a(config-if) #standby 1 priority 1056509a(config-if) #standby 1 preempt6509a(config-if) #standby 1 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3026509a(config-if) #ip address 192.100.4.2 255.255.255.06509a(config-if) #no ip redirects6509a(config-if) #standby 2 ip 192.100.4.16509a(config-if) #standby 2 priority 1056509a(config-if) #standby 2 preempt6509a(config-if) #standby 2 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3036509a(config-if) #ip address 192.100.5.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 3 ip 192.100.5.16509a(config-if) #standby 3 priority 1056509a(config-if) #standby 3 preempt6509a(config-if) #standby 3 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3046509a(config-if) #ip address 192.100.6.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 4 ip 192.100.6.16509a(config-if) #standby 4 priority 1056509a(config-if) #standby 4 preempt6509a(config-if) #standby 4 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3056509a(config-if) #ip address 192.100.7.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 5 ip 192.100.7.16509a(config-if) #standby 5 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3066509a(config-if) #ip address 192.100.8.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 6 ip 192.100.8.16509a(config-if) #standby 6 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3076509a(config-if) #ip address 192.100.9.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 7 ip 192.100.9.16509a(config-if) #standby 7 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6.配置EIGRP6509a #config t6509a(config) #ip routing eigrp 1006509a(config) #router eigrp 1006509a(config-router) #network 192.1.2.06509a(config-router) #network 192.100.0 .0 255.255.0.0 6509a(config-router) #network 12.0.0.06509a(config-router) #network 192.254.253.06509a(config-router) #no auto-summary6509a(config-router) #^z6509a #show ip proto6509a #show ip route。
Cisco Catalyst 6509交换机FWSM防火墙模块设置资料
Cisco Catalyst 6509交换机FWSM防火墙模块测试报告我们以往接触比较多的防火墙大都是独立的设备产品,抑或是和路由器集成在一起的模块,这种防火墙往往是位于网关位置,担当了内外网之间的防护线职能。
而思科系统公司充分利用自己对网络的理解,以一种不同的理念和思路把安全贯彻到了网络上的每一个角落。
当我们《网络世界》评测实验室拿到插入FWSM防火墙模块的被测设备Catalyst 6509交换机时,更是深刻地体会到了Cisco这种独特的视角。
集成:改动防火墙角色从外观上看,不同于以往的防火墙,FWSM防火墙模块本身并不带有所有端口,能插在Catalyst 6509交换机所有一个交换槽位中,交换机的所有端口都能够充当防火墙端口,一个FWSM模块能服务于交换机所有端口,在网络基础设施之中集成状态防火墙安全特性。
由于70%的安全问题来自企业网络内部,因此企业网络的安全不仅在周边,防止未经授权的用户进入企业网络的子网和VLAN是我们一直忽视的问题,也正是6509交换机加上FWSM防火墙模块要完成的职责。
Catalyst 6509作为企业的汇聚或核心交换机,往往要为企业的不同部门划分子网和VLAN,FWSM模块的加入为不同部门之间搭建了坚实的屏障。
和传统防火墙的体系结构不同,FWSM内部体系主要由一个双Intel PIII处理器和3个IBM网络处理器及相应的ASIC芯片组成。
其中两个网络处理器各有三条千兆线路连接到6509的背板上。
FWSM使用的是Cisco PIX操作系统这一实时、牢固的嵌入式操作系统,采用基于ASA(自适应安全算法)的核心实现机制,继承了思科PIX防火墙性能和功能方面的既有优势。
对于已购买了Catalyst 6509交换机的用户来说,他们不必对原有产品进行更换,就能通过独立购买FWSM 模块,获得这种防火墙特性,在简化网络结构的同时,真正实现对用户的投资保护。
功能:细致到每一处从FWSM防火墙模块的管理和易用性来看,对于那些非常熟悉Cisco IOS命令行的工程师来说,通过Console或Telnet进行设置非常容易上手,而对于笔者这种对Cisco 命令仅略通一二的人来说,最佳的管理和设置方式莫过于用Web进行管理,Web管理其实是调用了用来管理PIX防火墙的PIX Device Manager(PDM)2.1(1)工具,非常直观地帮助用户进行规则设置、管理和状态监视。
思科Cat6509-E核心交换机引擎冗余切换测试
思科WS-C6509-E核心交换机冗余引擎切换测试V1.02010-12-101.首先查看引擎冗余状态:WS-C6509-E_TJCore# wrBuilding configuration...1w0d: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]WS-C6509-E_TJCore#show redWS-C6509-E_TJCore#show redundancyRedundant System Information :------------------------------Available system uptime = 1 week, 13 hours, 44 minutesSwitchovers system experienced = 0Standby failures = 0Last switchover reason = noneHardware Mode = DuplexConfigured Redundancy Mode = ssoOperating Redundancy Mode = ssoMaintenance Mode = DisabledCommunications = UpCurrent Processor Information :-------------------------------Active Location = slot 5Current Software state = ACTIVEUptime in current state = 1 week, 13 hours, 43 minutesImage Version = Cisco Internetwork Operating System SoftwareIOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF3, RELEASE SOFTWARE (fc1)Technical Support: /techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Tue 14-Feb-06 18:22 by kehsiaoBOOT =BOOTLDR =Configuration register = 0x2102Peer Processor Information :----------------------------Standby Location = slot 6Current Software state = STANDBY HOTUptime in current state = 1 week, 13 hours, 43 minutesImage Version = Cisco Internetwork Operating System SoftwareIOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF3, RELEASE SOFTWARE (fc1)Technical Support: /techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Tue 14-Feb-06 18:22 by kehsiaoBOOT =BOOTLDR =Configuration register = 0x2102通过查看可以得知引擎冗余采用的为SSO状态化切换模式,且Slot5为SUP1,Slot6为SUP2。
cisco6509配置(扩展访问控制列表)
!version 12.2service timestamps debug datetime msec localtimeservice timestamps log datetime msec localtimeservice password-encryption!hostname 6509-L3!logging snmp-authfailenable password 7 060E0D220146000D!boot system flash bootflash:c6msfc3-pk9sv-mz.122-14.SX2.bin clock timezone PST 8ip subnet-zero!!ip domain-list assip host 1hl_7 192.168.0.5ip host 1hl_gy 192.168.0.6ip host 1hl_11 192.168.0.7ip host 2hl 192.168.0.8ip host 4hl 192.168.0.9ip host 6hl 192.168.0.10ip host 1cf 192.168.0.11ip host 2cf 192.168.0.12ip host 4c 192.168.0.4!no standby redirectredundancyhigh-availabilitysingle-router-mode!!!!!!interface Group-Async0physical-layer asyncip address negotiated previousencapsulation ppp!interface Vlan1ip address 192.168.0.1 255.255.255.0ip access-group tofirewall out!interface Vlan10ip address 192.168.41.1 255.255.255.0!interface Vlan20ip address 192.168.42.1 255.255.255.0!interface Vlan30ip address 172.16.9.1 255.255.255.0!interface Vlan40ip address 172.16.10.1 255.255.255.0ip access-group invlan40 inip access-group outvlan40 out!interface Vlan50ip address 172.16.11.1 255.255.255.0ip access-group invlan50 inip access-group outvlan50 out!interface Vlan60ip address 172.16.0.1 255.255.255.0!interface Vlan70ip address 172.16.1.1 255.255.255.0!interface Vlan80ip address 172.16.2.1 255.255.255.0!interface Vlan90ip address 172.16.3.1 255.255.255.0!interface Vlan100ip address 172.16.4.1 255.255.255.0!interface Vlan110ip address 172.16.5.1 255.255.255.0!interface Vlan120ip address 172.16.7.1 255.255.254.0 secondary ip address 172.16.6.1 255.255.254.0no ip redirects!interface Vlan130ip address 172.16.12.1 255.255.254.0ip access-group inbound inip access-group outbound out!interface Vlan140ip address 172.16.8.1 255.255.255.0!interface Vlan150ip address 172.16.16.1 255.255.255.252!router ripversion 2network 172.16.0.0network 192.168.0.0!ip classlessip route 0.0.0.0 0.0.0.0 192.168.0.236ip route 10.0.0.0 255.0.0.0 192.168.0.100ip route 172.16.17.0 255.255.255.0 172.16.16.2ip route 192.168.1.0 255.255.255.0 172.16.1.65ip route 220.201.208.112 255.255.255.252 172.16.16.2ip http server!!ip access-list extended inboundpermit ip any any reflect iptrafficip access-list extended invlan40permit ip host 172.16.10.168 any reflect iptrafficpermit ip any host 192.168.0.244 reflect iptrafficpermit ip any host 192.168.0.53 reflect iptrafficpermit ip any host 192.168.0.254 reflect iptrafficpermit ip any host 172.16.8.110 reflect iptrafficpermit ip host 172.16.10.82 any reflect iptrafficpermit ip host 172.16.10.117 any reflect iptrafficpermit ip any host 172.16.8.52 reflect iptrafficpermit tcp host 172.16.10.70 any eq domain reflect iptraffic permit tcp host 172.16.10.70 any eq pop3 reflect iptraffic permit tcp host 172.16.10.70 any eq smtp reflect iptraffic permit udp host 172.16.10.70 any eq domain reflect iptraffic permit ip any host 172.16.8.50 reflect iptrafficpermit ip any host 192.168.0.110 reflect iptrafficpermit ip any host 172.16.8.94 reflect iptrafficevaluate iptrafficip access-list extended invlan50permit ip any any reflect iptrafficip access-list extended outboundpermit ip host 192.168.0.3 anypermit ip host 172.16.1.65 anypermit ip any host 172.16.13.253permit ip any host 172.16.13.252permit ip any host 172.16.12.9permit ip host 172.16.8.52 anypermit ip host 192.168.0.247 host 172.16.12.52 permit ip host 172.16.8.50 anypermit ip host 192.168.0.110 anypermit ip host 172.16.8.94 anyevaluate iptrafficip access-list extended outvlan40permit ip any host 172.16.10.168permit ip host 192.168.0.237 anypermit ip any host 172.16.10.117permit ip host 172.16.8.52 anypermit tcp any host 172.16.10.70 eq domainpermit tcp any host 172.16.10.70 eq pop3permit tcp any host 172.16.10.70 eq smtppermit udp any host 172.16.10.70 eq domainpermit ip host 172.16.8.50 anypermit ip host 192.168.0.110 anypermit ip host 172.16.4.105 host 172.16.10.82 permit ip host 172.16.11.160 host 172.16.10.82 permit ip host 172.16.8.94 anyevaluate iptrafficip access-list extended outvlan50permit ip host 192.168.0.108 anypermit ip host 172.16.1.60 host 172.16.11.52 permit ip host 172.16.1.60 host 172.16.11.53 permit ip host 172.16.1.61 host 172.16.11.52 permit ip host 172.16.1.61 host 172.16.11.53 permit ip host 172.16.6.230 anypermit ip host 172.16.6.231 anypermit ip host 192.168.0.237 anypermit ip host 10.0.1.147 host 172.16.11.52permit ip host 10.0.1.147 host 172.16.11.53permit ip host 10.0.1.147 host 172.16.11.72permit ip host 172.16.6.171 host 172.16.11.52 permit ip host 172.16.6.171 host 172.16.11.53permit ip host 172.16.6.183 host 172.16.11.52 permit ip host 172.16.6.183 host 172.16.11.53 permit ip host 172.16.6.183 host 172.16.11.72 permit ip host 172.16.4.190 host 172.16.11.52 permit ip host 172.16.4.190 host 172.16.11.53 permit ip host 172.16.3.57 host 172.16.11.52 permit ip host 172.16.3.57 host 172.16.11.53 permit ip host 172.16.3.57 host 172.16.11.72 permit ip host 172.16.3.64 host 172.16.11.52 permit ip host 172.16.3.64 host 172.16.11.53 permit ip host 172.16.3.64 host 172.16.11.72 permit ip host 172.16.3.101 host 172.16.11.52 permit ip host 172.16.3.101 host 172.16.11.53 permit ip host 172.16.3.101 host 172.16.11.72 permit ip host 172.16.2.185 host 172.16.11.52 permit ip host 172.16.2.185 host 172.16.11.53 permit ip host 172.16.2.185 host 172.16.11.72 permit ip host 172.16.2.196 host 172.16.11.53 permit ip host 172.16.2.196 host 172.16.11.52 permit ip host 172.16.2.196 host 172.16.11.72 permit ip host 172.16.2.245 host 172.16.11.52 permit ip host 172.16.2.245 host 172.16.11.53 permit ip host 172.16.2.245 host 172.16.11.72 permit ip host 172.16.2.81 host 172.16.11.52 permit ip host 172.16.2.81 host 172.16.11.53 permit ip host 172.16.2.81 host 172.16.11.72 permit ip host 172.16.2.96 host 172.16.11.52 permit ip host 172.16.2.96 host 172.16.11.53 permit ip host 172.16.2.96 host 172.16.11.72 permit ip host 172.16.2.94 host 172.16.11.52 permit ip host 172.16.2.94 host 172.16.11.53 permit ip host 172.16.2.94 host 172.16.11.72 permit ip host 172.16.2.151 host 172.16.11.52 permit ip host 172.16.2.151 host 172.16.11.53 permit ip host 172.16.2.151 host 172.16.11.72 permit ip host 10.0.1.27 host 172.16.11.72permit ip host 10.0.1.27 host 172.16.11.53permit ip host 10.0.1.27 host 172.16.11.52permit ip host 172.16.4.55 host 172.16.11.52 permit ip host 172.16.4.55 host 172.16.11.53 permit ip host 172.16.4.55 host 172.16.11.72 permit ip host 172.16.4.190 host 172.16.11.121 permit ip host 172.16.4.190 host 172.16.11.250permit ip host 172.16.3.101 host 172.16.11.250 permit ip host 172.16.3.57 host 172.16.11.250 permit ip host 172.16.3.101 host 172.16.11.121 permit ip host 172.16.3.57 host 172.16.11.121 permit ip host 172.16.1.61 host 172.16.11.250 permit ip host 172.16.8.75 host 172.16.11.52 permit ip host 172.16.8.77 host 172.16.11.52 permit ip host 172.16.8.73 host 172.16.11.52 permit ip host 172.16.8.80 host 172.16.11.52 permit ip host 172.16.8.75 host 172.16.11.53 permit ip host 172.16.8.77 host 172.16.11.53 permit ip host 172.16.8.73 host 172.16.11.53 permit ip host 172.16.8.80 host 172.16.11.53 permit ip host 172.16.8.75 host 172.16.11.72 permit ip host 172.16.8.77 host 172.16.11.72 permit ip host 172.16.8.80 host 172.16.11.72 permit ip host 172.16.8.73 host 172.16.11.72 permit ip host 172.16.8.75 host 172.16.11.121 permit ip host 172.16.8.77 host 172.16.11.121 permit ip host 172.16.8.73 host 172.16.11.121 permit ip host 172.16.8.80 host 172.16.11.121 permit ip host 172.16.8.75 host 172.16.11.250 permit ip host 172.16.8.77 host 172.16.11.250 permit ip host 172.16.8.73 host 172.16.11.250 permit ip host 172.16.8.80 host 172.16.11.250 permit ip host 172.16.1.61 host 172.16.11.121 permit ip host 172.16.7.108 host 172.16.11.250 permit ip host 172.16.7.108 host 172.16.11.52 permit ip host 172.16.7.108 host 172.16.11.53 permit ip host 172.16.7.108 host 172.16.11.72 permit ip host 172.16.7.114 host 172.16.11.121 permit ip host 172.16.7.114 host 172.16.11.52 permit ip host 172.16.7.114 host 172.16.11.53 permit ip host 172.16.7.114 host 172.16.11.72 permit ip host 172.16.7.117 host 172.16.11.72 permit ip host 172.16.7.117 host 172.16.11.52 permit ip host 172.16.7.117 host 172.16.11.53 permit ip host 172.16.7.114 host 172.16.11.250 permit ip host 172.16.7.117 host 172.16.11.250 permit ip host 172.16.8.50 anypermit ip host 10.0.1.147 host 172.16.11.250 permit ip host 10.0.1.27 host 172.16.11.250permit ip host 10.0.1.147 host 172.16.11.121permit ip host 10.0.1.27 host 172.16.11.121permit ip host 192.168.0.110 anypermit tcp host 192.168.0.254 any eq ftppermit ip host 172.16.7.121 host 172.16.11.250 permit ip host 172.16.7.121 host 172.16.11.121 permit ip host 172.16.7.121 host 172.16.11.52 permit ip host 172.16.7.121 host 172.16.11.53 evaluate iptrafficip access-list extended tofirewallpermit tcp any host 192.168.0.110deny tcp any any eq echodeny tcp any any eq 139deny tcp any any eq 445deny tcp any any eq 135permit ip any any!logging 192.168.0.2access-list 11 permit 192.168.0.108access-list 11 permit 192.168.0.110access-list 11 permit 192.168.0.2access-list 11 permit 192.168.0.3access-list 11 permit 192.168.0.235access-list 11 permit 192.168.0.237access-list 11 permit 172.16.8.50arp 192.168.42.67 0014.224a.ea63 ARPAarp 172.16.7.185 000a.ebd9.7f33 ARPAarp 192.168.42.65 0010.dcd4.e74b ARPAarp 192.168.0.108 000d.61e8.a430 ARPAarp 192.168.42.71 0010.dcd4.dc0c ARPAarp 192.168.42.69 0010.dcce.e735 ARPAarp 192.168.42.75 0010.dcd4.7d3e ARPAarp 192.168.42.73 0005.5dd4.059b ARPAarp 192.168.0.101 000b.dbb7.9da4 ARPAarp 192.168.42.79 0010.dcd4.76d6 ARPAarp 192.168.0.102 000b.dbb8.4e25 ARPAarp 192.168.0.103 0016.7626.3c29 ARPAarp 192.168.42.77 000b.dbb8.cea5 ARPAarp 172.16.1.168 000d.6193.9c92 ARPAarp 172.16.7.172 0011.11a8.ab15 ARPAarp 172.16.2.164 000b.dbbb.00fa ARPAarp 172.16.2.162 0013.20d9.d0cb ARPAarp 192.168.42.95 0050.ba4f.9d8d ARPAarp 172.16.10.168 000d.61e8.3b66 ARPAarp 192.168.42.93 0011.110d.4cca ARPAarp 172.16.4.149 00e0.4cea.fab7 ARPA arp 172.16.2.254 0050.fc3a.8977 ARPA arp 172.16.5.254 0006.1bd0.b94c ARPA arp 171.16.2.254 0050.fc3a.8977 ARPA arp 172.16.8.253 0014.2246.4c96 ARPA arp 172.16.11.253 000b.dbb9.6520 ARPA arp 172.16.10.253 000d.61e8.a3ce ARPA arp 172.16.6.237 0011.110d.4de2 ARPA arp 172.16.11.208 1111.1111.1111 ARPA arp 172.16.7.209 0010.b54d.7b6c ARPA arp 172.16.7.208 000b.dbbb.00de ARPA arp 192.168.42.50 0005.5dd4.0704 ARPA arp 192.168.42.51 000a.e423.e9dd ARPA arp 172.16.7.200 0013.d303.28b1 ARPA arp 192.168.42.54 000b.dbbb.0e3b ARPA arp 192.168.42.52 000a.e43c.003a ARPA arp 192.168.42.53 000a.e423.ed2c ARPA arp 192.168.42.59 0010.dcd4.e951 ARPA arp 192.168.42.56 000b.dbb8.c8fb ARPA arp 172.16.7.199 0013.d324.c03a ARPA arp 172.16.4.56 0015.f240.edb7 ARPA arp 172.16.5.56 000c.f1ea.a554 ARPA arp 172.16.0.62 0010.dcd4.6eed ARPA arp 172.16.5.58 0011.11b7.1153 ARPA arp 172.16.0.56 000d.8740.7abf ARPA arp 172.16.2.58 0005.5dd4.0674 ARPA arp 172.16.11.50 0005.5d26.3229 ARPA arp 192.168.0.237 000b.dbb9.1131 ARPA arp 172.16.4.62 0014.2246.4bd2 ARPA arp 172.16.1.58 000f.1f5d.8b43 ARPA arp 172.16.3.56 0005.5d26.3461 ARPA arp 172.16.9.50 5254.ab14.6e7a ARPA arp 172.16.5.51 0060.6702.f70d ARPA arp 172.16.7.55 0010.c6cf.4a25 ARPA arp 172.16.4.52 0060.6706.a32c ARPA arp 172.16.3.51 0011.110d.4d16 ARPA arp 192.168.0.253 0010.5ce3.baab ARPA arp 192.168.0.254 000c.766e.ff8a ARPA arp 192.168.42.231 0013.20ac.53ed ARPA arp 192.168.42.228 0013.20d3.f9ad ARPA arp 172.16.6.23 0020.ed83.0c04 ARPA arp 172.16.6.10 0010.5cc5.811d ARPA arp 172.16.2.11 de ARPAarp 172.16.9.126 00e0.4c61.14d7 ARPAarp 172.16.2.110 0013.20d3.7d21 ARPAarp 172.16.4.107 0015.5809.c9ee ARPAarp 172.16.2.104 0011.110d.a157 ARPAarp 172.16.3.104 0010.5ce3.b37c ARPAarp 172.16.3.103 0013.20d9.cee8 ARPAarp 172.16.0.97 0013.20d9.ced5 ARPAarp 172.16.0.93 0010.b500.0657 ARPAarp 172.16.2.95 0020.ed3b.c492 ARPAarp 172.16.4.91 0015.f240.edb0 ARPAarp 172.16.10.82 0010.b54d.73e4 ARPAarp 172.16.4.93 000f.1f9e.aba3 ARPAarp 172.16.7.87 0014.2a31.7b60 ARPAarp 172.16.2.82 0010.b54d.7b6a ARPAarp 172.16.7.86 0014.2a35.ba95 ARPAarp 172.16.0.77 0010.dcd4.7d10 ARPAarp 172.16.5.75 000c.7680.fb56 ARPAarp 172.16.0.79 5254.ab14.769d ARPAarp 172.16.8.64 000b.dbb9.15c2 ARPAarp 172.16.5.77 0011.0911.bffd ARPAarp 172.16.8.65 000d.61e8.b0c1 ARPAarp 172.16.0.73 00d0.b76c.9893 ARPAarp 172.16.5.79 0010.dc48.ff46 ARPAarp 172.16.5.65 0013.20d9.cd7c ARPAarp 172.16.1.70 0020.ed15.91aa ARPAarp 172.16.7.70 000a.eb6a.0403 ARPAarp 172.16.0.66 0010.dcd4.76e3 ARPA!snmp-server community public ROsnmp-server community private RWsnmp-server chassis-idsnmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps ttysnmp-server enable traps flash insertion removalsnmp-server enable traps hsrpsnmp-server enable traps configsnmp-server enable traps entitysnmp-server enable traps fru-ctrlsnmp-server enable traps bgpsnmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps ipmulticastsnmp-server enable traps msdpsnmp-server enable traps rsvpsnmp-server enable traps frame-relaysnmp-server enable traps rtrsnmp-server enable traps isakmp policy add snmp-server enable traps isakmp policy delete snmp-server enable traps isakmp tunnel start snmp-server enable traps isakmp tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2snmp-server enable traps isdn chan-not-avail snmp-server enable traps isdn ietfsnmp-server enable traps dlswsnmp-server host 192.168.0.2 privatesnmp-server host 192.168.0.2 public!tftp-server 192.168.0.3!line con 0exec-timeout 5 30password 7 141F1008410C233Flogging synchronousloginline vty 0 4access-class 11 inpassword 7 011B040716030F1Blogin!exception dump 192.168.0.3end。
路由器之双机热备的全面配置示例
双机热备的全面配置示例-中华服务器网-技术学院
hostname 2511-2 enable secret 5 $1$7o5F$MSyFWzVf6JBgnjLJghHSB. ! ! interface Ethernet0 ip address 192.4.1.lOO 255.255.255.0 no ip redirects standby 1 timers 5 15 standby 1 priority 100 staidby 1 preempt standby 1 authentication cisco sandby 1 ip 192.4.1.1 !interface Serial0ip address 192.8.1.2 255.255.255.0encapsulation x25ip ospf missage-digest-key 2 md5 cisco no ip mroute-cache x25 address 5678 x25 htc 16 x25 nvc 4 x25 map ip 192.8.l.1 1234 broadcast ! interface Serial1 no ip address no ip mroute-cachc bandwidth 2000 clockrate 2000000
/tech/629a.html(第 5/24 页)2005-11-1 9:47:22
双机热备的全面配置示例-中华服务器网-技术学院
encapesulation ppp ip ospf message-digest-key 1 md5 kim ip ospf network non-broadcast bandwidth 64 ppp authentication chap ! router ospf 1 passive-interface Ethernet0 network 192.3.1.0 0.0.0.255 area 0 network 192.4.l.0 0.0.0.255 area 0network 192.7. l.0 0.0.0.255 area 0neighbor 192.7.1.2 priority 1neighbor 192.3.1.2 priority 1area 0 authentication message-digest!no ip classless! line con 0line 1 8line aux 0line vty 0 4 password cisco login ! end 2511-2的配置 2511-2#sho run Building configuration... Current configuration: ! version 11.3 no servicc password-encryption !
思科交换机6509的配置方法
清除vlanzhaozhou-6006 (enable) clear vlan 400This command will deactivate all ports on vlan 400in the entire management domainDo you want to continue(y/n) [n]?yVlan 400 deletedzhaozhou-6006 (enable)保存配置zhaozhou-6006 (enable) copy config 2Upload configuration to bootflash:211395136 bytes available on device bootflash, proceed (y/n) [n]? y.................................................Configuration has been copied successfully.zhaozhou-6006 (enable) sh flash-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. ffffffff 671e2eaa 49e1e4 25 4579681 Dec 02 1999 19:44:41 cat6000-sup.5-3-2-CSX.bin2 .. ffffffff 8bce2df9 4a1f40 6 15578 Oct 22 2001 17:54:41 zz60063 .. ffffffff bbf1e548 4a7c94 1 23762 Apr 05 2006 10:19:22 211371372 bytes available (4619412 bytes used)zhaozhou-6006 (enable) copy config flashFlash device [bootflash]?Name of file to copy to []? dqtvnet2006Upload configuration to bootflash:dqtvnet200611371244 bytes available on device bootflash, proceed (y/n) [n]? y.................................................Configuration has been copied successfully.zhaozhou-6006 (enable)删除带有名字的vlanzhaozhou-6006 (enable) copy config 2Upload configuration to bootflash:211395136 bytes available on device bootflash, proceed (y/n) [n]? y.................................................Configuration has been copied successfully.zhaozhou-6006 (enable) sh flash-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. ffffffff 671e2eaa 49e1e4 25 4579681 Dec 02 1999 19:44:41 cat6000-sup.5-3-2-CSX.bin2 .. ffffffff 8bce2df9 4a1f40 6 15578 Oct 22 2001 17:54:41 zz60063 .. ffffffff bbf1e548 4a7c94 1 23762 Apr 05 2006 10:19:22 211371372 bytes available (4619412 bytes used)zhaozhou-6006 (enable) copy config flashFlash device [bootflash]?Name of file to copy to []? dqtvnet2006Upload configuration to bootflash:dqtvnet200611371244 bytes available on device bootflash, proceed (y/n) [n]? y.................................................Configuration has been copied successfully.zhaozhou-6006 (enable)查看端口命令zhaozhou-6006 (enable) sh intsl0: flags=51<UP,POINTOPOINT,RUNNING>slip 0.0.0.0 dest 0.0.0.0sc0: flags=63<UP,BROADCAST,RUNNING>vlan 100 inet 221.209.150.82 netmask 255.255.255.248 broadcast 221.209.150.87 zhaozhou-6006 (enable)通过命令设置多个端口vlanzhaozhou-6006 (enable) set vlan 1 2/1-48VLAN 1 modified.VLAN 100 modified.VLAN Mod/Ports---- -----------------------1 2/1-485/1-48zhaozhou-6006 (enable)vtp清除#vtpset vtp domain zxstkset vtp mode serverset vtp v2 disableset vtp pruning disableset vtp pruneeligible 2-1000clear vtp pruneeligible 1001-1005set vlan 1 name default type ethernet mtu 1500 said 100001 state activeset vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state activeset vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieeeset vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active bridge 0x0 stp ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 0 stemaxhop 0!#ipset interface sc0 100 221.209.150.82/255.255.255.248 221.209.150.87set interface sc0 upzhaozhou-6006 (enable) clear vtp domain zxstkUsage: clear vtp statisticsclear vtp pruneeligible <vlans..>(vlans: 1..1005An example of vlans is 2-10,1005)zhaozhou-6006 (enable) clear vtp pruneeligible 2-1000Vlans 1-1005 will not be pruned on this device.VTP domain zxstk modified.zhaozhou-6006 (enable)设置vtp模式透明zhaozhou-6006 (enable) set vtp mode ?Usage: set vtp [domain <name>] [mode <mode>] [passwd <passwd>][pruning <enable|disable>] [v2 <enable|disable>(mode = client|server|transparentUse passwd '0' to clear vtp password)Usage: set vtp pruneeligible <vlans>(vlans = 2..1000An example of vlans is 2-10,1000)zhaozhou-6006 (enable) set vtp mode transparentVTP domain zxstk modifiedzhaozhou-6006 (enable)设置端口汇聚zhaozhou-6006 (enable) set trunk ?Usage: set trunk <mod_num/port_num> [on|off|desirable|auto|nonegotiate] [vlans] [trunk_type] (vlans = 1..1005An example of vlans is 2-10,1005)(trunk_type = isl,dot1q,dot10,lane,negotiate)zhaozhou-6006 (enable) set trunk 2/3 on 1-400Adding vlans 1-400 to allowed list.Please use the 'clear trunk' command to remove vlans from allowed list.Port(s) 2/3 allowed vlans modified to 1-1005.Failed to set port 2/3 to trunk mode on.Trunk mode 'on' not allowed with trunk encapsulation type 'negotiate'.zhaozhou-6006 (enable) set trunk 2/3 on 1-400 dot1qAdding vlans 1-400 to allowed list.Please use the 'clear trunk' command to remove vlans from allowed list.Port(s) 2/3 allowed vlans modified to 1-1005.Port(s) 2/3 trunk mode set to on.Port(s) 2/3 trunk type set to dot1q.zhaozhou-6006 (enable)。
思科6509交换机FWSM防火墙模块配置资料_大全
性能5 Gb 1.7 Gb
VLAN标签有无
路由动态静态
故障恢复使用许可不需要需要
VPN功能无有
IDS签名无有
最大接口数100 10
输入控制列表(ACL)支持1280002M
Q. FWSM的性能如何?
A.总性能约为5Gbps。FWSM可以每秒支持一百万个并发连接,并且每秒可以建立超过10万个连接。
Q. FWSM主要具有哪些特性?
A. FWSM的主要特性包括:
·高性能,OC-48或者5 Gbps吞吐量,全双工防火墙功能
·具有整个X 6.0软件功能集和PIX 6.2的下列特性:
o命令授权
o对象组合
o ILS/NetMeeting修正
o URL过滤改进
·3Mpps吞吐量
·支持100个VLAN
·一百万个并发连接
Q. FWSM所能支持的最低的软件版本是多少?
A.最低的IOS软件版本是12.1(13)E,而综合CatOS的最低版本是7.5(1)。
Q. FWSM支持交换矩阵吗?
A.是的,FWSM支持交换矩阵。它具有一条与总线的连接和一条与交换矩阵的连接。
Q. FWSM是否利用热备份路由协议(HSRP)实现冗余?
Q. FWSM用什么机制检测流量?
A. FWSM使用与Cisco PIX防火墙相同的检测算法:自适应安全算法(ASA)。ASA是一种状态检测引擎,可以检测流量的完整性。ASA可以使用源和目的地的地址和端口、TCP序列号,以及其他TCP标志,散列IP报头信息。散列的作用相当于指纹,即创建一个独特的代码,表明建立输入或者输出连接的客户端的身份。
传统防火墙往往会成为网络上的瓶颈,因此性能是用户相当关心的问题。通过此次测试(请见表中数据),我们可以看到出众的性能是FWSM与Catalyst 6500紧密集成所带来的结果,交换机的优异性能表现在启动防火墙后同样得到了良好的体现。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
CISCO 6509配置手册1.设置时间switch#config tswitch(config)# clock timezone GMT 8 ;配置时区switch(config)# clock set 13:30:21 31 JAN 2004 ;配置交换机时间2.设置主机名及密码Switch#congfig tSwitch(config)#hostname 6509a //配置交换机名称6509a(config)#enable password cisco //配置用户密码6509a (config)#enable secret cisco //配置安全密码6509a (config-line)#line vty 0 15 //配置远程访问密码6509a (config-line)#login6509a (config-line)#password cisco6509a (config-line)#login6509a (config-line)#^z6509a #show running-config //查看配置信息6509a #copy running-config startup-config6509a #show startup-config6509a #show bootvar6509a #dir bootflash:6509a #copy system:running-config nvram:startup-config6509a #show fabric status6509a #show hardware3.配置vlan6509a #config t6509a (config)#vlan 3016509a (config-vlan)# name hexinxitong6509a (config)#vlan 3026509a (config-vlan)# name callcenter6509a (config)#vlan 3036509a (config-vlan)# name kuaijicaiwu6509a (config)#vlan 3046509a (config-vlan)# name guojiyewu6509a (config)#vlan 3056509a (config-vlan)# name guanlixitong6509a (config)#vlan 3066509a (config-vlan)# name ceshihuanjing6509a (config)#vlan 3076509a (config-vlan)# name wangluoguanli6509a (config-vlan)#exit6509a (config)#exit6509a #show vlan6509a (config)#interface range giga 2/1 – 8 //配置端口信息6509a (config-if-range)#switchport //二层交换模式6509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3016509a (config-if-range)#exit6509a (config)#interface range giga 2/9– 146509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3026509a (config-if-range)#exit6509a (config)#interface range giga 2/15 – 176509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3036509a (config-if-range)#exit6509a (config)#interface range giga 2/18 – 226509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3046509a (config)#interface range giga 2/23 – 266509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3056509a (config-if-range)#exit6509a (config)#interface range giga 2/27 – 336509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3066509a (config-if-range)#exit6509a (config)#interface range giga 2/34 – 396509a (config-if-range)#switchport mode access6509a (config-if-range)#switchport access vlan 3076509a (config-if-range)#exit6509a (config)#interface giga 2/486509a (config-if)#ip address 12.10.254.2 255.255.255.0 6509a (config-if)#no shut6509a (config)#exit6509a #show vlan4.配置trunk6509a(config)#int giga 5/16509a(config-if)#shut down6509a(config-if)#switchport6509a(config-if)#switchport trunk enca dot1q6509a(config-if)#switchport mode trunk6509a #show int giga 2/48 trunk6509a #show vtp counters6509a #show vtp status6509a(config)#int giga 6/16509a(config-if)#shut down6509a(config-if)#switchport6509a(config-if)#switchport trunk enca dot1q6509a(config-if)#switchport mode trunk6509a(config-if)#no shut down5.设置vlan地址及HSRP6509a #config t6509a(config) #int vlan 3016509a(config-if) #ip address 192.1.2.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 1 ip 192.1.2.16509a(config-if) #standby 1 priority 1056509a(config-if) #standby 1 preempt6509a(config-if) #standby 1 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3026509a(config-if) #ip address 192.100.4.2 255.255.255.06509a(config-if) #no ip redirects6509a(config-if) #standby 2 ip 192.100.4.16509a(config-if) #standby 2 priority 1056509a(config-if) #standby 2 preempt6509a(config-if) #standby 2 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3036509a(config-if) #ip address 192.100.5.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 3 ip 192.100.5.16509a(config-if) #standby 3 priority 1056509a(config-if) #standby 3 preempt6509a(config-if) #standby 3 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3046509a(config-if) #ip address 192.100.6.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 4 ip 192.100.6.16509a(config-if) #standby 4 priority 1056509a(config-if) #standby 4 preempt6509a(config-if) #standby 4 track giga 1/486509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3056509a(config-if) #ip address 192.100.7.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 5 ip 192.100.7.16509a(config-if) #standby 5 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3066509a(config-if) #ip address 192.100.8.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 6 ip 192.100.8.16509a(config-if) #standby 6 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6509a #config t6509a(config) #int vlan 3076509a(config-if) #ip address 192.100.9.2 255.255.255.0 6509a(config-if) #no ip redirects6509a(config-if) #standby 7 ip 192.100.9.16509a(config-if) #standby 7 preempt6509a(config-if) #no shutdown6509a(config-if) #exit6509a(config) #exit6509a#show ip interface brief6.配置EIGRP6509a #config t6509a(config) #ip routing eigrp 1006509a(config) #router eigrp 1006509a(config-router) #network 192.1.2.06509a(config-router) #network 192.100.0 .0 255.255.0.0 6509a(config-router) #network 12.0.0.06509a(config-router) #network 192.254.253.06509a(config-router) #no auto-summary6509a(config-router) #^z6509a #show ip proto6509a #show ip route。