控制台密码: (config)#line console 0
(config-line)#password 123
(config-line)#login
VYT密码: (config)#line vty 0 15
(config)#password 123
(config)#login
特权密码: (config)#enable password /secret 123
3、在配置文件中密码部分加密显示
(config)#service password-encrytion
配置VLAN
configure terminal
vlan 10
name 122.200.77.0
end
将端口加入vlan
configure terminal
interface gigabitEthernet 1/0/1 进入要分配的端口
switchport mod access 定义二层口
switchport access vlan 10 把端口分配给某一VLAN
end 退出
配置VLAN IP地址
conf t
int vlan 10
ip add 192.168.3.1 255.255.255.0
no sh
配置对联地址
conf t
int gig 1/0/9
ip add 192.168.1.122 255.255.255.0
exit
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.1
配置桥组
conf t
bridge irb
bridge 2 protocol vlan-bridge
end
int gigb 1/0/1
bri 2
封IP地址
access-list 1 deny 122.200.10.1
access-list 1 permit any
int vlan 10
ip access-group 1 in
ip access-group 1 out
arp攻击保护网关
arp access-list static-arp
permit ip host 122.101.1.1 mac host 0000.0000.0000.0000
ip arp inspection filter static-arp vlan 20
122.101.10.1 是网关地址 也就是vlan 20的MAC地址和IP地址
端口限速:
config t
mls qos
access-list 2 permit any
class-map match-all 2M-rate
match access-group 2 //绑定访问列表2,将符合列表2的流归为2M-rate这个类里
!
policy-map 2M-rate
class 2M-rate
police 2000000 200000 exceed-action drop //限速2M
interface GigabitEthernet1/0/9
description “2M-201100104″
service-policy input 2M-rate
转载注明(LINUXQQ)
