(一)CISCO3550交换机的配置
CISCO3550交换机上联一台路由器(拥有互联网出口),下面连接一台CISCO29450交换机,在CISCO3550上还对各个VLAN作了定义,CISCO3550交换机的配置如下所示:
Catalyst 3550 (Catalyst 3550-48 Switch)
Cat3550#show running-config
Building configuration...
Current configuration : 3092 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cat3550
ip subnet-zero
!--- Enable IP routing for interVLAN routing.(这一步非常重要,通过ip routing命令了实现了各个VLAN间的路由,这样各个VLAN间是可以互访的,但是由于每个VLAN都是一个独立的广播域,所以即使在一个VLAN中发生诸如ARP地址欺骗之类的病毒,也不会影响其它的VLAN)
ip routing
!
spanning-tree extend system-id
!
interface FastEthernet0/1
no ip address
!
!--- Output suppressed.
!
interface FastEthernet0/5
description to SERVER_1
!--- Configure the server port to be in the server VLAN, VLAN 3.
switchport access vlan 3
!--- Configure the port to be an access port to prevent trunk negotiation delays.
switchport mode access
no ip address
!--- Configure PortFast for initial Spanning Tree Protocol (STP) delay. Refer to
!--- Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays
!--- for more information. (这里又介绍了一个非常重要的概念,即如果确认交换机下某个端口连接的是一台重要的服务器,那就可以将该端口设置为“spanning-tree portfast”状态,从而实现服务器与交换机端口的快速连接)
spanning-tree portfast
!
!--- Output suppressed.
!
interface FastEthernet0/48
description To Internet_Router
!--- The port that connects to the router converts into a routed (L3) port.(fa0/48是上连到一台路由器)
no switchport
!--- Configure the IP address on this port. (为了实现与路由器的通讯,在端口上设置了IP地址)
ip address 200.1.1.1 255.255.255.252
!
interface GigabitEthernet0/1
description To 2950
!--- Configure IEEE 802.1 (dot1q) trunking, with negotiation, on the L2 switch.
!--- If there is not support for Dynamic Trunking Protocol (DTP) on the far switch,
!--- issue the switchport mode trunk command to force the switch port to trunk mode.
!--- Note: The default trunking mode is dynamic auto. If you establish a trunk link
!--- with the default trunking mode, the trunk does not appear
!--- in the configuration, even though a trunk has been established on
!--- the interface. Use the show interfaces trunk command to verify the
!--- establishment of the trunk.
(G0/1下连到一台CISCO2950的交换机,其实CISCO3550交换机是支持自动设置为TRUNK模式的,即如果下连的网络端口被设置为TRUNK模式的话,3550上的对应端口就会自动的变成TRUNK模式,但是本例中为了详细说明TRUNK的设置,还是把端口封装802.1Q的命令写了出来)
switchport trunk encapsulation dot1q
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description USER_VLAN
!--- This IP address is the default gateway for users. (VLAN2是接入用户的VLAN,VLAN上设置的IP地址就作为下接用户的网关,这也是一个非常重要的概念)
ip address 10.1.2.1 255.255.255.0
!
interface Vlan3
description SERVER_VLAN
!--- This IP address is the default gateway for servers. (VLAN3是连接服务器的)
ip address 10.1.3.1 255.255.255.0
!
interface Vlan10
description MANAGEMENT_VLAN
!--- This IP address is the default gateway for other L2 switches. (VLAN10是管理VLAN,下面所连接交换机会以VLAN10的IP作为自己的网关,为管理专门划分一个VLAN,将管理VLAN与业务VLAN区别开了这也是非常重要的一个概念)。
ip address 10.1.10.1 255.255.255.0
!
ip classless
!--- This route statement allows the 3550 to send Internet traffic to
!--- the default router which, in this case, is the 7200VXR (Fe 0/0 interface). (因为是上连到一台路由器,所以在这台交换机上设置了默认路由)
ip route 0.0.0.0 0.0.0.0 200.1.1.2
ip http server
!
line con 0
line vty 5 15
!
end
