寫寫筆記

目標: 讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing，並且可以互相存取資源與上網，另外再使用Windows Server 2012配發VLAN100,VLAN200的IP Firewall: 使用ASUS AP當Firewall，並設兩條Static Route Switch: Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200，VLAN10為預設的VLAN，VLAN100為Sales，VLAN200為RD Edge Switch為Cisco 3750與2950，其中2950為VLAN100，3750為VLAN200，如果要By Port切VLAN也可以，這裡只是為了方便說明，所以Edge Switch都直接設為單一VLAN Core Switch的設定 原本我只想Show Running-config其中比較重要的設定，後來想想還是全部列出，用紅色標記重要的設定 Gi 1/0/1接2950 Gi 1/0/2接3750 Gi 1/0/24接Router Core-3750#show running-config Building configuration... Current configuration : 2436 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Core-3750 ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model switch 1 provision ws-c3750g-24t system mtu routing 1546 ip routing no ip domain-lookup ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree portfas

設定系統密碼 使用SSH登入 關掉HTTP (no ip http server) 關掉不需要使用的Port 使用syslog 關掉CDP 增加Spanning的安全性(BPDU Guard,Root Guard...) 使用Port Security 使用802.1x驗證

目標： PC1為VLAN 66，PC2為VLAN 1，PC3為VLAN88 使用Router on a stick，讓VLAN裡的PC可以互通，同時也可以連到設在Switch VLAN1的IP ====Switch設定==== SW(config)#ip default-gateway 10.1.1.254 SW(config)#interface VLAN 1 SW(config-if)#ip address 10.1.1.1 255.255.255.0 SW(config-if)#no shutdown SW(config)#interface range fastEthernet 0/1-10 SW(config-if-range)#switchport access vlan 66 SW(config)#interface range fastEthernet 0/14-24 SW(config-if-range)#switchport access vlan 88 SW(config)#interface fastEthernet 0/12 SW(config-if)#switchport mode trunk SW(config-if)#^Z SW#show vlan brief VLAN Name                             Status    Ports ---- -------------------------------- --------- ------------------------------- 1    default                          active    Fa0/11, Fa0/13 66   VLAN0066                         active    Fa0/1, Fa0/2, Fa0/3, Fa0/4                                                 Fa0/5, Fa0/6, Fa0/7, Fa0/8                                                 Fa0/9, Fa0/10 88   VLAN0088       

密碼猜了半天也進不去 CISCO2811> enable Password: Password: Password: % Bad secrets Reload手動重開機，然後按下 Ctrl+Break 鍵，強迫進入Rom Monitor CISCO2811>enable Password: Password: Password: % Bad secrets program load complete, entry point: 0x8000f000, size: 0x3ed1338 Self decompressing the image : ############# monitor: command "boot" aborted due to user interrupt rommon 2 > confreg 0x2142 rommon 3 > reset System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. Initializing memory for ECC .. c2811 processor with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC enabled Readonly ROMMON initialized program load complete, entry point: 0x8000f000, size: 0xc940 program load complete, entry point: 0x8000f000, size: 0xc940 program load complete, entry point: 0x8000f000, size: 0x3ed1338 Self decompressing the image : ############################