一、基本配置
1、进入全局配置模式
enable configure terminal
2、配置主机名
hostname MAP-Switch
3、设置启用密码
enable password 123456
4、设置登录密码
username admin password 123456
5、配置管理口IP地址
interface vlan 1 ip address 192.168.1.1 255.255.255.0 no shutdown
二、VLAN配置
1、创建VLAN
vlan 10 name test-vlan
2、配置端口加入VLAN
interface GigabitEthernet1/0/1 switchport access vlan 10
3、配置端口为Trunk口
interface GigabitEthernet1/0/20 switchport mode trunk switchport trunk allowed vlan all
4、删除VLAN
no vlan 10
三、交换机间互联
1、配置交换机间互联
interface GigabitEthernet1/0/24 description to MAP-Switch2 switchport mode trunk switchport trunk allowed vlan all
2、查看交换机之间的邻居关系
show cdp neighbors
3、查看端口的状态
show interface status
四、Spanning Tree协议配置
1、启用Spanning Tree协议
spanning-tree mode stp
2、查看Spanning Tree状态
show spanning-tree
3、配置Spanning Tree根桥
spanning-tree vlan 1 root primary
4、配置端口优先级
interface GigabitEthernet1/0/1 spanning-tree port-priority 32
五、访问控制列表(ACL)配置
1、创建ACL
ip access-list extended test-ACL
2、配置ACL规则
ip access-list extended test-ACL permit ip 192.168.1.0 0.0.0.255 any deny ip any any
3、应用ACL到接口
interface GigabitEthernet1/0/1 ip access-group test-ACL in
六、SNMP配置
1、启用SNMP
snmp-server community public RO
2、配置SNMP Trap
snmp-server enable traps snmp-server host 192.168.1.10 public
3、查看SNMP配置
show snmp
七、端口镜像配置
1、配置镜像端口
interface GigabitEthernet1/0/24 port mirror enable
2、配置目标端口
interface GigabitEthernet1/0/10 port mirror monitor GigabitEthernet1/0/24
3、查看端口镜像状态
show port-mirroring
八、QoS配置
1、启用QoS
mls qos
2、配置端口的服务类型
interface GigabitEthernet1/0/1 mls qos trust dscp
3、配置QoS策略
policy-map QoS_Policy class VoIP priority percent 80 class Data bandwidth percent 20
4、应用QoS策略到接口
interface GigabitEthernet1/0/1 service-policy input QoS_Policy
九、端口安全配置
1、启用端口安全特性
switchport port-security
2、配置允许的MAC地址数量
switchport port-security maximum 2
3、配置违规行为
switchport port-security violation restrict
4、查看端口安全统计
show port-security interface GigabitEthernet1/0/1
