交换机端口聚合 VTP 端口安全 交换机路由器静态路由配置 Cisco

1：配置要求

使用静态路由和多层交换网络技术完成如下要求的网络配置，通过网络配置，使所有计算机都能连通，要求：

1、使两台核心交换机之间形成一根聚合了两条物理链路的TRUNK聚合虚拟链路；

2、交换机S2可以管理除交换机S1之外所有交换机的VLAN，别的交换机不能修改和新建VLAN信息，交换机S1只能自己管理自己和传递S2的VLAN维护信息；

3、在交换机S3和S4上启用交换机端口安全，交换机S3上的F0/1-2口只能连到指定的计算机（以MAC为标识），如果有更改，则端口关掉；交换机S4上的F0/1-2口只能连到指定的计算机（以MAC为标识），如果有更改，则端口警报并不能访问；

4、给拓扑图设计IP地址，并配置所有计算机的IP参数（包括网关），配置所有路由接口和VLAN的地址和启用相应的端口；

5、路由器和三层交换机上都使用静态路由技术，实现子网间的路由转发；

以上三个要求即分别对应以下三个技术：

1：交换机端口聚合

2：VTP

3： 端口安全

5：交换机路由器静态路由配置

2:拓扑结构图

3:配置代码

S1:
En
Conf t
Host s1
Vlan 2
Exit
Vlan 3
Exit
Vlan 4
Exit
Vlan 5
Exit
Int vlan 2
Ip address 192.168.1.253 255.255.255.0
Int vlan 3
Ip address 192.168.2.254 255.255.255.0
Int vlan 4
Ip address 192.168.3.254 255.255.255.0
Int vlan 5
Ip address 192.168.4.254 255.255.255.0
Int range f0/1-3
Switchport mode access
Switchport mode trunk
Ip routing	
Int range f0/1-2
Channel-group 2 mode desirable//trunk链路聚合，聚合前端口类型要变为trunk
End
Show etherchannel summary//查看链路聚合
Conf t
Vtp mode transparent//VTP虚拟主干协议，因为是transparent类型，所以不用设置域名和密码，传输VTP的所有交换机端口类型要变为trunk
Exit
Show vtp status
Show vlan
Conf t
Int f0/4
No switchport
Ip address 192.168.8.2 255.255.255.252
Ip route 192.168.5.0 255.255.255.0 192.168.8.1
End
Show ip route static//查看静态路由表
Copy run start




S2:
En
Conf t
Host s2
Vlan 2
Exit
Vlan 3
Exit
Vlan 4
Exit
Vlan 5
Exit
Int vlan 2
Ip address 192.168.1.254 255.255.255.0
Int vlan 3
Ip address 192.168.2.254 255.255.255.0
Int vlan 4
Ip address 192.168.3.254 255.255.255.0
Int vlan 5
Ip address 192.168.4.254 255.255.255.0
Int range f0/1-3
Switchport mode access
Switchport mode trunk
Int range f0/4-5
Switchport access vlan 5
Ip routing
Int range f0/1-2
Channel-group 2 mode desirable//trunk链路聚合，聚合前端口类型要变为trunk
End
Show etherchannel summary
Conf t
Vtp domain sspu
Vtp password cisco123
Vtp mode server//VTP虚拟主干协议，传输VTP的所有交换机端口类型要变为trunk
Exit
Show vtp status
Show vlan
Conf t
Int f0/6
No switchport
Ip address 192.168.7.2 255.255.255.252
Ip route 192.168.5.0 255.255.255.0 192.168.7.1//静态路由配置
Ip route 192.168.6.0 255.255.255.252 192.168.7.1
End
Show ip route static
Copy run start




S3:
En
Conf t
Host s3
Vlan 2
Exit
Vlan 3
Exit
Int range f0/1
Switchport access vlan 2
Int range f0/2
Switchport access vlan 3
Exit
Vtp domain sspu
Vtp password cisco123
Vtp mode client//VTP虚拟主干协议，传输VTP的所有交换机端口类型要变为trunk
Exit
Show vtp status
Show vlan
Conf t
int f0/1
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 00D0.BC0A.6C00
switchport port-security violation shutdown//端口安全设置
int f0/2
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 0005.5EEE.1831
switchport port-security violation shutdown
end
show port-security//查看端口安全类型
Copy run start




S4:
En
Conf t
Host s4
Vlan 2
Exit
Vlan 4
Exit
Int range f0/1
Switchport access vlan 2
Int range f0/2
Switchport access vlan 4
Exit
Vtp domain sspu
Vtp password cisco123
Vtp mode client
Exit
Show vtp status
Show vlan
Conf t
int f0/1
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 00D0.FFA1.5D87
switchport port-security violation restrict
int f0/2
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 0001.C7E7.103D
switchport port-security violation restrict
end
show port-security
Copy run start




R1:
En
Conf t
Host r1
No ip domain lookup
Int g0/0
No shut
Ip address 192.168.8.1 255.255.255.252
Int g0/1
No shut
Ip address 192.168.6.1 255.255.255.252
Int g0/2
No shut
Ip address 192.168.5.254 255.255.255.0
Ip route 192.168.1.0 255.255.255.0 192.168.8.2
Ip route 192.168.2.0 255.255.255.0 192.168.8.2
Ip route 192.168.7.0 255.255.255.252 192.168.6.2
Ip route 192.168.1.0 255.255.255.0 192.168.6.2
Ip route 192.168.3.0 255.255.255.0 192.168.6.2
Ip route 192.168.4.0 255.255.255.0 192.168.6.2//设置静态路由
End
Show ip route static//查看静态路由表
Copy run start




R2:
En
Conf t
Host r2
No ip domain lookup
Int g0/0
No shut
Ip address 192.168.7.1 255.255.255.252
Int g0/1
No shut
Ip address 192.168.6.2 255.255.255.252
Ip route 192.168.5.0 255.255.255.0 192.168.6.1
Ip route 192.168.1.0 255.255.255.0 192.168.7.2
Ip route 192.168.3.0 255.255.255.0 192.168.7.2
Ip route 192.168.4.0 255.255.255.0 192.168.7.2//设置静态路由
End
Show ip route static//查看静态路由表
Copy run start

4:配置结果

链路聚合：

s1:

s2:

端口安全：

S3:

s4:

VTP:

S2:

s1:

s3:

s4:

PC机：

PC5：

Tracert：

PC1：

Tracert：

PC2：

Tracert：

PC3：

Server1：

Tracert: