《CISCO 6509 三层交换机基本配置.doc》由会员分享,可在线阅读,更多相关《CISCO 6509 三层交换机基本配置.doc(14页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、【精品文档】如有侵权,请联系网站删除,仅供学习与交流CISCO 6509 三层交换机基本配置.精品文档.CISCO 6509 三层交换机基本配置Cisco Catalyst 6500系列交换机提供3插槽、6插槽、9插槽和13插槽的机箱,以及多种集成式服务模块,包括数千兆位网络安全性、内容交换、语音和网络分析模块。 Catalyst 6500系列中的所有型号都使用了统一的模块和操作系统软件,形成了能够适应未来发展的体系结构,由于能提供操作一致性,因而能提高IT基础设施的利用率,并增加投资回报。从48端口到576端口的10/100/1000以太网布线室到能够支持192个1Gbps或32个10Gbp
2、s骨干端口,提供每秒数亿个数据包处理能力的网络核心,Cisco Catalyst 6500系列能够借助冗余路由与转发引擎之间的故障切换功能提高网络正常运行时间。提高网络正常运行时间,提高网络弹性。提供数据包丢失保护,能够从网络故障中快速恢复。能够在冗余控制引擎间实现快速的13秒状态故障切换。提供可选的高性能Cisco Catalyst 6500系列Supervisor Engine 720、无源背板、多引擎的冗余;并可利用Cisco EtherChannel?技术、IEEE 802.3ad链路汇聚、IEEE 802.1s/w和热备份路由器协议/虚拟路由器冗余协议(HSRP/VRRP)达到高可用
3、性 不需要部署外部设备,直接在6500机箱内部署集成式的千兆位的网络服务模块,以简化网络管理,降低网络的总体成本。这些网络服务模块包括:l 千兆位防火墙模块-提供接入保护l 高性能入侵检测系统(IDS)模块-提供入侵检测保护l 千兆位网络分析模块-提供可管理性更高的基础设施和全面的远程超级(RMON)支持l 高性能SSL模块-提供安全的高性能电子商务流量l 千兆位VPN和基于标准的IP Security(IPSec)模块-降低的互联网和内部专网的连接成本。 集成式内容交换模块(CSM)能够为Cisco Catalyst 6500系列提供功能丰富的高性能的服务器和防火墙网络负载平衡连接,以提高网
4、络基础设施的安全性、可管理性和强大控制基于网络的应用识别(NBAR)等软件特性可提供增强网络管理和QoS控制机制。 利用分布式Cisco Express Forwarding dCEF720平台提供400Mpps交换性能。支持多种Cisco Express Forwarding(CEF)实现方式和交换矩阵速率。多协议第3层路由支持满足了传统的网络要求,并能够为企业网络提供平滑的过渡机制。支持IPv6,并提供高性能的IPv6服务。提供MPLS及MPLS/VPN的支持,并具有丰富的MPLS服务。增强的数据、语音和视频服务提供10/100和10/100/1000接口模块,借助在接口模块内增加电源子卡
5、就可让这些接口模块提供在线的电源,提供IEEE 802.3af的支持,保护今天的投资。每台设备可提供576个支持语音的,具有在线电源的10/100/1000M铜线接口。提供192个GBIC千兆位以太网接口。可提供高密度的OC-3 POS接口的通道化的OC-48接口。2. 连接设备2.1. 从console连接第一次对6000交换机进行配置,必须从console进入。首先先将机器上架,按要求接好电源,然后用随机附带的Console线和转接头将交换机的console口与PC的串口相联,如下:Com口设置如下:9600 baud 8 data bits No parity 1 stop bits检查
6、电源无误后,开电,可能会出现类似下面的显示,按黑粗体字回答: System Bo otstrap, Version 7.7(1)Copyright (c) 19 94-20 03 by cisco Systems, Inc.Cat6k-Sup720/SP processor with 524288 Kbytes of main memoryAutoboot executing command: boot bootflash:Self decompressing the image : #OK Restricted Rights LegendUse, duplication, or disclo
7、sure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. cisco Systems, Inc
8、. 170 West Tasman Drive San Jose, California 95134-1706Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(17a)SX1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)TAC Support: Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Wed 29-Oct-03 08:20 by cm
9、ongImage text-base: 0x40020FBC, data-base: 0x40D3200000:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processorSystem Bo otstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)TAC Sup port: ht tp:/ /w w Copyright (c) 20 03 by cis
10、co Systems, Inc.Cat6k-Sup720/RP platform with 524288 Kbytes of main memoryDownload Start! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
11、! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
12、! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
13、! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !Download Completed! Booting the image
14、.Self decompressing the image : # OK Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in T
15、echnical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(17a)SX1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)TAC
16、 Support: Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Wed 29-Oct-03 08:16 by cmongImage text-base: 0x40008FBC, data-base: 0x41E50000This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cis
17、co cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If
18、 you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:If you require further assistance please contact us by sending email toexport.cisco WS-C6509 (R7000) processor (revision 3.0) with 458752K/
19、65536K bytes of memory.Processor board ID SAL0743NKW8SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 CacheLast reset from power-onX.25 software, Version 3.0.0.Bridging software.1 Virtual Ethernet/IEEE 802.3interface(s)48 FastEthernet/IEEE 802.3 interface(s)36 Gigabit Ethernet/IEEE 802
20、.3 interface(s)1917K bytes of non-volatile configuration memory.8192K bytes of packet buffer memory.65536K bytes of Flash internal SIMM (Sector size 512K).Logging of %SNMP-3-AUTHFAIL is enabledPress RETURN to get started!- System Configuration Dialog - Would you like to enter the initial dialog? yes
21、: no回答:NO,进入手工配置,在router;下,输入enable回车,进入全局模式2.2. 远程telnet连接当完成交换机配置,并起给交换机配置了管理地址,就可以直接采用远程telnet登陆进入交换机了,但是必须先配置line vty的密码和enable密码才能允许远程登陆。配置telnet登陆命令如下:#conf t#line vty 0 4#login ;控制vty接口是否能够telnet#password switch3. 基本信息配置3.1. 交换机软件版本Cisco的65xx交换机支持两种版本的系统软件,分别称为Natvie IOS版本和Cat OS版本的系统软件,CatOS
22、版本的软件是为了兼容之前的65xx系列交换机的命令而沿袭下来的。Native IOS版本软件是Cisco公司为了统一其交换机及路由器的软件风格而研发出来的新一代IOS系统软件,Cisco所有的交换机版本都在整体向Native IOS版本过渡,目前来说,Native IOS版本的软件功能和CatOS版本的软件功能相差不多,但是今后都会向Native IOS版本软件。本项目中所使用的6509交换机采用的是Native IOS版本。3.2. 查看交换机基本配置show version ;查看系统版本,内存配置,寄存器等基本信息show module all ;查看交换机配置模块show cataly
23、st6000 chassis-mac-address ;查看交换机MAC地址#show version输出信息如下: Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(17a)SX1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)TAC Support: Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Wed 29-Oct-03 08:16
24、 by cmongImage text-base: 0x40008FBC, data-base: 0x41E50000ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)BOOTLDR: s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(17a)SX1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)Router uptime is 29 minutesTime since Router switched to active is
25、 29 minutesSystem returned to ROM by power-on (SP by power-on)System restarted at 12:57:08 PST Sat Jan 31 2004System image file is sup-bootflash:s72033-pk9s-mz.122-17a.SX1.binThis product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export,
26、transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with app
27、licable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:If you require further assistance please contact us by sending email toexport.cisco WS-C6509 (R7000) proces
28、sor (revision 3.0) with 458752K/65536K bytes of memory.Processor board ID SAL0743NKW8SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 CacheLast reset from power-onX.25 software, Version 3.0.0.Bridging software.1 Virtual Ethernet/IEEE 802.3interface(s)48 FastEthernet/IEEE 802.3 interfac
29、e(s)36 Gigabit Ethernet/IEEE 802.3 interface(s)1917K bytes of non-volatile configuration memory.8192K bytes of packet buffer memory.65536K bytes of Flash internal SIMM (Sector size 512K).Standby is upStandby has 458752K/65536K bytes of memory.Configuration register is 0x2102Router#sho module allMod
30、Ports Card Type Model Serial No.- - - - -2 1616 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0750QNJP3 1616 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0750QNFV5 2Supervisor Engine 720 (Active) WS-SUP720-BASE SAD075000YF6 2Supervisor Engine 720 (Warm) WS-SUP720-BASE SAD075109SZ7 4848 port 10/100 mb RJ4
31、5 WS-X6348-RJ-45 SAL0752R3E6Mod MAC addresses Hw Fw Sw Status- - - - - -2000e.8442.4850 to 000e.8442.485f 2.5 5.4(2) 8.2(0.56)TET Ok3000e.8442.48f0 to 000e.8442.48ff 2.5 5.4(2) 8.2(0.56)TET Ok5000d.290f.fd08 to 000d.290f.fd0b 3.0 7.7(1) 12.2(17a)SX1 Ok6000e.3838.1a8c to 000e.3838.1a8f 3.0 7.7(1) 12.
32、2(17a)SX1 Ok7000e.84c8.54f0 to 000e.84c8.551f 6.8 5.4(2) 8.2(0.56)TET OkMod Sub-Module Model Serial Hw Status - - - - - -5 Policy Feature Card 3 WS-F6K-PFC3A SAD0752009D 2.0 Ok5 MSFC3 Daughterboard WS-SUP720 SAD075109HX 2.0 Ok6 Policy Feature Card 3 WS-F6K-PFC3A SAD0751085J 2.0 Ok6 MSFC3 Daughterboa
33、rd WS-SUP720 SAD0751077C 2.0 Ok7 Inline Power Module WS-F6K-PWR 0.0 OkMod Online Diag Status - -2 Pass3 Pass5 Pass6 Pass7 Pass3.3. 配置机器名、telnet、密码在全局模式下,用conf t,进入配置模式,进行以下配置:#conf t#clock timezone GMT 8 ;配置时区#clock set 13:30:21 31 JAN 2004 ;配置交换机时间#clock calendar-valid ;使能硬件时钟同步#service timestamps
34、debug datetime localtime ;配置系统debug记录时间格式#service timestamps log datetime localtime ;配置系统日志记录时间格式#service password-encryption ;配置使用加密服务,主要针对口令加密#hostname xxxx ;配置交换机名称#enable secret0 xxxxx ;配置enable口令#copy run start ;将配置信息保存到NVRAM中,重启动不会丢失#line vty 0 4 ;配置telnet#exec-timeout 30 0#password 0xxxx#logi
35、n3.4. 配置snmp#conf t#snmp-server community cisco ro(只读) ;配置只读通信字符串#snmp-server community secret rw(读写) ;配置读写通信字符串#snmp-server enable traps ;配置网关SNMP TRAP#snmp-server host 10.254.190.1 rw ;配置网关工作站地址3.5. 启动三层功能#ip routing ;启动路由功能3.6. 查看和配置系统环境变量使用show bootvar命令查看系统启动环境变量,包括BOOT, BOOTLDR, and CONFIG_FIL
36、E参数:Router# show bootvarBOOT variable = slot0:c6sup22-jsv-mz.121-5c.EX.bin,1;CONFIG_FILE variable does not existBOOTLDR variable = bootflash:c6msfc2-boot-mz.121-3a.E4Configuration register is 0x2Router#改变BOOT,、BOOTLDR、CONFIG_FILE 这三个环境变量使用命令:BOOT #boot systemBOOTLDR #boot bootldrCONFIG_FILE #boot co
37、nfig4. 端口设置4.1. 端口基本设置 Cisco 65xx系列交换机的端口缺省都是路由模式,一般都会配置为交换端口使用,进入端口配置模式:对于单一端口,在配置模式下输入:interface Ethernet,Fast Ethernet,Gigabit Ethernet x/y, x为槽位号,y为端口号。对于一组端口,可以使用以下的命令进入,例如:Router(config)# interface range fastethernet 5/1 - 5 或:Router(config-if)# interface range gigabitethernet 2/1 - 2, gigabit
38、ethernet 3/1 - 2进行端口配置模式后,可以shutdown,或no shutdown端口,并可以对端口进行配置,快速以太端口有全双工、半双工和自动协商模式,如果知道对端连接的设备是采用何种方式,最好采用手工设置方式固定端口的模式和速率。缺省是自动协商模式。快速以太端口的速率可以设置为100M,也可以设置为10M和自动协商。缺省是自动协商方式。如:Router(config-if)#speed 10 | 100 | auto(速度)Router(config-if)# duplex auto | full | half(双工)或添加注释,如:Router(config-if)# d
39、escription Channel-group to Marketing4.2. 配置二层交换接口(以fastethernet为例,gigabitethernet一样)Router(config)# interface fastethernet x/y Router(config-if)# shutdown Router(config-if)# switchport ;6500上缺省端口为路由端口,需要写switchport将端口设置为交换端口Router(config-if)# switchport mode access Router(config-if)# switchport acc
40、ess vlan x Router(config-if)# no shutdown Router(config-if)# end清除二层接口配置(以fastethernet为例,gigabitethernet一样)Router(config)# interface fastethernet x/y Router(config-if)# no switchport Router(config-if)# end注:使用default interface ethernet | fastethernet | gigabitethernet slot/port,使端口回到原来的缺省配置。4.3. 配置三
41、层路由端口6500的端口缺省就是具有三层交换的端口,用来跟其他设备的连接,当将一个端口配置成三层端口之后,就可以在此端口上分配IP地址了。Router(config)# interface fastethernet x/yRouter(config)# ip add x.x.x.x x.x.x.xRouter(config)# no shutdown4.4. 配置端口Trunk 将一个二层端口配置为Trunk模式:Router(config)# interface fastethernet x/y (以fastethernet为例,gigabitethernet一样)Router(config-if)# shutdown Router(config-if)# switchport Router(config-if)# switchport trunk encapsulation dot1q Router(config-if)# switchport mode trunkRouter(config-if)# no shutdown Router(config-if)# end Router# exit4.5. Ethernaet ChannelRouter(config)# inter