1. 以太网
1. 接口MTU和ip MTU
Switch(config-if)#mtu 1500
Switch(config-if)#ip mtu 1500
Switch#sh int s1/0
Switch#sh ip int s1/0
2. 管理MAC表
48位,点分十六进制表示
Switch#show mac address-table
Switch#clear mac address-table
Switch(config)#mac address-table static aaaa.bbbb.cccc vlan 10 interface e0/0
2. 二层交换
1. Protected port
Switch(config-if)#switchport protected
2. Native Vlan
Switch(config-if)#switchport trunk native vlan 10
Switch(config)#vlan dot1q tag native
配置对native vlan也打标签
Vlan范围:(dot1q)
3. Trunk配置
ISL:支持1-1005个vlan编号
DOT1Q:支持1-4094个vlan编号
Switch(config-if)#switchport mode access
将接口设置为access模式
Switch(config-if)#switchport trunk encapsulation {dot1q | ISL | negotiate }
Switch(config-if)#switchport mode {auto | desirable |trunk}
Switch#show interface f0/8 switchport
将接口设置为DTP动态协商,可auto或desirable
Switch(config-if)#switchport nonegotiate
将接口设置为nonegotiate,不发送DTP帧,如果配置为非协商,那么必须手工配置接口模式为access或trunk
Switch(config-if)#switchport mode dynamic [auto | desirable]
配置接口为协商模式
Switch#show interface trunk 查看trunk状态
Switch#show interfaces fa0/0 switchport 查看接口二层trunk信息
Switch(config-if)#switchport trunk allowed vlan {WORD | add | all | except | none | remove}
Switch1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Switch(config-if)#switchport trunk allowed vlan remove 20
Switch#show interface f0/8 switchport
查看接口trunk/vlan/private-vlan信息
4. VTP
1. VTP配置
Switch1(config)#vtp domain cisco
Switch1(config)#vtp mode {server | client |transparent}
Switch1(config)#vtp password 123456
Switch1#sh vtp password
2. VTP pruning
Switch1#sh vtp status
3. 查看trunk及allowed vlan状态
Switch1#sh int trunk
4. VTP pruning
Switch2(config)#vtp pruning
开启VTP修剪
Switch1#sh vtp status
查看VTP状态
5. 私有VLAN(PVLAN)
1. 创建主VLAN:
Vlan 100
Private-vlan primary
2. 创建辅助VLAN
Vlan 101
Private-vlan community
Vlan 102
Private-vlan ioslate
3. 配置主VLAN,将二层辅助VLAN关联到主VLAN
Vlan 100
Private-vlan association 101,102
4. 将辅助VLAN映射到主VLAN的SVI接口,从而允许PVLAN入口流量的三层交换。
Interface vlan 100
Private-vlan mapping add 101,102
5. 配置接口
Interface f0/1
Switchport mode private-vlan host
Switchport private-vlan host-association 100 101 //关联主VLAN和辅助VLAN到接口
Interface f0/2
Switchport mode private-vlan host
Switchport mode private-vlan host-association 100 102
主机接口配置
Interface f0/3
Switchport mode private-vlan promiscuous
Switchport private-vlan mapping add 100 101 //将端口映射到PLAN
混杂端口配置
6. 查看及验证
Show pvlan mapping
PLAN配置示例
Sw(config)#vtp transparent
Sw(config)#vlan 201
Sw(config-vlan)#private-vlan isolated
Sw(config)#vlan 202
Sw(config-vlan)#private-vlan community
Sw(config)#vlan 100
Sw(config-vlan)#private-vlan primary
Sw(config-vlan)#private-vlan association 201,202
!
Sw(config)#interface fa0/24
Sw(config-if)#switchport mode private-vlan promiscuous
Sw(config-if)#switchport mode private-vlan mapping 100 201,202
Sw(config)#interface range fa 0/1 – 2
Sw(config-if)#switchport mode private-vlan host
Sw(config-if)#switchport private-vlan host-association 100 202
Sw(config)#interface range fa 0/3 – 4
Sw(config-if)#switchport mode private-vlan host
Sw(config-if)#switchport private-vlan host-association 100 201
