IPCPU——网络之路 » Cisco

西安时代教育张sir 2010 CCNP4.0 BGP v3.1 TIEC视频下载115网盘

admin — Sat, 15 May 2010 08:26:24 +0000

张sir 2010 CCNP4.0 BGP v3.1 TIEC-1

http://u.115.com/file/t5a00f255

张sir 2010 CCNP4.0 BGP v3.1 TIEC-2

http://u.115.com/file/t513667905

张sir 2010 CCNP4.0 BGP v3.1 TIEC-3

http://u.115.com/file/t5bc29ba56

张sir 2010 CCNP4.0 BGP v3.1 TIEC-4

http://u.115.com/file/t5ac227df9

张sir 2010 CCNP4.0 BGP v3.1 TIEC-5

http://u.115.com/file/t52bc53742

张sir 2010 CCNP4.0 BGP v3.1 TIEC-6

http://u.115.com/file/t5bbd1fc63

保持时间至2010-6-15，如不能下载请到
bbs.net527.cn
www.the2class.cn
寻找。

Cisco PVLAN的配置

admin — Sun, 09 May 2010 10:05:38 +0000

PVLAN即私有VLAN（Private VLAN），PVLAN采用两层VLAN隔离技术，只有上层VLAN全局可见，下层VLAN相互隔离。

每个pVLAN 包含2种VLAN ：主VLAN（primary VLAN）和辅助VLAN（Secondary VLAN）。辅助VLAN（Secondary VLAN）包含两种类型：隔离VLAN（isolated VLAN）和团体VLAN（community VLAN）。
pVLAN中的两种接口类型：处在pVLAN中的交换机物理端口，有两种接口类型。
①混杂端口（Promiscuous Port）
②主机端口（Host Port）

Catalyst3560， 45， 65系列支持

配置pVLAN的实例：
      SwitchA(config)#vlan 100
      SwitchA(config-vlan)#private-vlan primary
     !设置主VLAN 100

      SwitchA(config)#vlan 200
      SwitchA(config-vlan)#private-vlan community
    !设置团体VLAN 200

      SwitchA(config)#vlan 300
      SwitchA(config-vlan)#private-vlan isolated
    !设置隔离VLAN 300

      SwitchA(config)#vlan 100
      SwitchA(config-vlan)#private-vlan association 200,300
     !将辅助VLAN关联到主VLAN

      SwitchA(config)#interface vlan 100
      SwitchA(config-if)#private-vlan mapping add 200,300
     !将辅助VLAN映射到主VLAN接口，允许pVLAN入口流量的三层交换

      SwitchA(config)# interface fastethernet 0/2
      SwitchA(config-if)#switchport mode private-vlan host
      SwitchA(config-if)#switchport private-vlan host-association 100 200
      !2号口划入团体VLAN 200

      SwitchA(config)# interface fastethernet 0/3
      SwitchA(config-if)#switchport mode private-vlan host
      SwitchA(config-if)#switchport private-vlan host-association 100 300
      !3号口划入隔离VLAN 300

      SwitchA(config)# interface fastethernet 0/1
      SwitchA(config-if)#switchport mode private-vlan promiscuous
      SwitchA(config-if)#switchport private-vlan mapping 100 add 200-300
      !1号口杂合模式

CatOS的配置
      set vlan 100 pvlan-type primary
      set vlan 200 pvlan-type community
      set vlan 300 pvlan-type isolated
      set pvlan 100 200 5/1
      set pvlan 100 300 5/2
      set pvlan mapping 100,200 15/1
      set pvlan mapping 100,300 15/1    //指定混杂模式的接口

参考资料：
http://hi.baidu.com/n6630/blog/item/c6e6974cb3d362fdd62afc64.html
http://yixuelian.blog.51cto.com/133058/56824
http://hi.baidu.com/coghost/blog/item/4f4dfb22e3bdd5a24723e83e.html
http://baike.baidu.com/view/1065646.htm
关于端口隔离

Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# switchport protected

Catalyst 29 35系列支持
网关及共享口不敲protected 即可通信

二层的EtherChannel和三层的EtherChannel

admin — Sat, 08 May 2010 02:55:21 +0000

二层EtherChannel配置：

Switch(config)#int range f0/1 – 2

Switch(config-if-range)#channel-group 1 mode active

Switch(config)#int port-channel 1

Switch(config-if)#switchport mode trunk

物理口会自动继承逻辑口上的配置

interface FastEthernet0/1
channel-group 1 mode active
switchport mode trunk

注意事项：
3550上可能会出Command rejected（Packet Tracer5.3也是如此）要先封装协议，再起trunk。

Switch(config)#int f0/5
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.

Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk

三层EtherChannel配置：

interface range FastEthernet0/1 – 3
shutdown
no switchport
channel-group 1 mode active

interface Port-channel 1
no switchport
ip address 192.168.0.1 255.255.255.252

interface range FastEthernet0/1 – 3
no shutdown

注意事项：
shutdown 可以不用，但会弹出很多接口信息
Packet Tracer 5.3做实验时，range可能配不了channel-group单个接口进入配置即可。

删掉EtherChannel

no int po 1
default f0/1 – 3

Cisco MP(multilink ppp)的配置

admin — Fri, 07 May 2010 12:52:19 +0000

两种配置方法。一种是通过配置虚拟模板接口（Virtual-Template，VT）来实现MP，另一种是利用MP-Group接口实现MP。

方法一mp group：

interface Multilink1
ip address 192.168.0.1 255.255.255.0
ppp multilink
multilink-group 1
!
interface Serial0/0
no ip address
encapsulation ppp
serial restart-delay 0
ppp multilink
multilink-group 1
!
interface Serial0/1
no ip address
encapsulation ppp
serial restart-delay 0
ppp multilink
multilink-group 1
!

注意事项：

1.输入ppp multilink group 1会自动转换为
ppp multilink
multilink-group 1

2.保障接口 no shutdown

参考资料：

http://dreamearth.blog.51cto.com/616542/149360

—————————————-

方法二：使用virtual-template：

multilink virtual-template 1
!
interface Virtual-Template1
ip address 192.168.0.1 255.255.255.0
ppp multilink
!
interface Serial0/0
encapsulation ppp
ppp multilink
!
interface Serial0/1
encapsulation ppp
ppp multilink

实验验证：

Router#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  unassigned      YES unset up                    up
Serial0/1                  unassigned      YES unset up                    up
Virtual-Access1            192.168.0.1     YES TFTP   up                    up
Virtual-Template1          192.168.0.1     YES manual down                  down
Router#sh int virtual-access 1
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
Internet address is 192.168.0.1/24
MTU 1500 bytes, BW 3088 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set

切断一条链路后

Router#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  unassigned      YES unset up                    down
Serial0/1                  unassigned      YES unset up                    up
Virtual-Access1            192.168.0.1     YES TFTP   up                    up
Virtual-Template1          192.168.0.1     YES manual down                  down

参考资料：

http://ltyluck.blog.51cto.com/170459/214877

Cisco设备NTP配置

admin — Fri, 07 May 2010 10:32:09 +0000

拓扑：R1(192.168.0.1)———–R2(192.168.0.2)

R1(config)#clock timezone GMT 8

R1#clock set 18:00:00 7 May 2010
R1(config)#ntp master
—————-

R2(config)#clock timezone GMT 8

R2(config)#ntp server 192.168.0.1

R2#sh clock
18:02:07.939 GMT Fri May 7 2010

OK
————————
认证选项：

R1(config)#ntp authentication-key 1 md5 ipcpu

R1(config)#ntp authenticate

R1(config)#ntp trusted-key 1

Cisco IOS基于角色的CLI视图

admin — Fri, 07 May 2010 10:00:01 +0000

Role-Based CLI Access

Packet Tracer 5.3可以做，较旧的IOS版本做不了。

要使用基于角色的CLI视图,需满足：

1。启用AAA
2。设置enable密码（pass、secret均可）

使用方法

进入管理模式
Router#enable view root
Password:
Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘root’.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#parser view test
!创建新视图test
Router(config-view)#%PARSER-6-VIEW_CREATED: view ‘test’ successfully created.

Router(config-view)#secret 0 ipcpu
Router(config-view)#?
View commands:
commands Configure commands for a view //设置可以执行的命令
default   Set a command to its defaults
exit      Exit from view configuration mode
no        Negate a command or set its defaults
secret    Set a secret for the current view
Router(config-view)#

测试，默认没有几个命令
Router#enable view test
Password:
Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘test’.

Router#?
Exec commands:
disable     Turn off privileged commands
enable      Turn on privileged commands
exit        Exit from the EXEC
logout      Exit from the EXEC
Router#

官网有几个角色命令的例子，相关命令等级的划分可参考官网

官网链接：
Cisco IOS Role-Based Access Control with SDM