网络安全笔记.docx
《网络安全笔记.docx》由会员分享,可在线阅读,更多相关《网络安全笔记.docx(31页珍藏版)》请在冰豆网上搜索。
网络安全笔记
第一节
察看当前正确的配置信息
showrunning-config
查看交换机线路Showipinterfacebrief
查看路由表Showiproute
显示vlan信息
showvlan
noswitchport不是交换端口
switchport二层交换端口noswitchport三层交换端口
删除vlan:
nointerfacevlan____
删除vlanip:
novlan_____
?
帮助
1.>用户模式
下输入enable14进入特权模式密码stu不显示
2.#特权模式
3.configureterminal全局配置
exit回到上一级命令
特权模式下输入show?
(显示借口名称)
4.接口模式#$
showinterfacs
进入接口模式showinterface接口名称0/0....(FastEthernet)0/1)
第二节
使用二层交换机完成相同vlan的通信
在二层交换机RG-S2026G-1telnet下输入以下命令
1.端口类型accesstrunk(802.1q)
access只能属于一个vlan
trunk可以使用多个vlan
2.全局配置configureterminal
输入vlan10数字(1-4094)
namestu
exit
输入vlan20数字(1-4094)
namestud
exit
3.将物理端口进入vlan
全局配置下输入
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/4
switchportmodeaccess
switchportaccessvlan20
exit
针对两个端口进行操作interfacerangefastethernet0/1-2,0/3-4(连续用-不连续用,但是不连续必须加上模块号)
然后机柜连线:
六根网线
最后测试ping
第三节
实验1:
Ip:
设置为:
192.168.1.1-6
跨交换机加相同vlan的通信
第一个交换机下输入(RG-S2026G-1)
全局配置下:
configureterminal
输入vlan10数字(1-4094)
namestu
exit
输入vlan20数字(1-4094)
namestud
exit
将物理端口进入vlan
全局配置下输入
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet0/4
switchportmodetrunk(noswitchportmode删除)
exit
第二个交换机下输入(RG-S2026G-2)
全局配置:
configureterminal
输入vlan10数字(1-4094)
namestu
exit
输入vlan20数字(1-4094)
namestud
exit
将物理端口进入vlan
全局配置下输入
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan20(noswitchportaccessvlan删除原有的vlan)
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet0/4
switchportmodetrunk
exit
然后机柜连线:
七根网线
最后测试ping
实验2:
借助一个三层交换机连通两个二层交换机
第一个交换机下(RG-S2026G-1)输入
全局配置下:
configureterminal
输入vlan10数字(1-4094)
namestu
exit
输入vlan20数字(1-4094)
namestud
exit
将物理端口进入vlan
全局配置下输入
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet0/4
switchportmodetrunk(noswitchportmode删除)
exit
第二个交换机下(RG-S2026G-2)输入
全局配置:
configureterminal
输入vlan10数字(1-4094)
namestu
exit
输入vlan20数字(1-4094)
namestud
exit
将物理端口进入vlan
全局配置下输入
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan20(noswitchportaccessvlan删除原有的vlan)
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet0/4
switchportmodetrunk
exit
第三个交换机(RG-S3750G-1)下输入
全局配置:
Enable14
Password:
stu
Configureterminal
全局配置下输入:
vlan10数字(1-4094)
namestu
exit
vlan20数字(1-4094)
namestud
exit
interfacerangefastethernet0/1-2
swicthportmodetrunk
后期用到:
switchporttrunkallowedvlan
例:
switchporttrunkallowedvlanremove1-9,15-4094
规划管理vlan需求是什么端口ID:
switchporttrunknativevlan(id)
第四节
管理交换网络中的冗余链路
Spanning-tree
Spanning-treemodestp/rstp
修改交换机优先级:
Spanning-treepriority优先级
修改端口优先级
Spanning-treeport-priority优先级
BPDU(rootid;portid;costofpath)
二层交换机下RG-S2026G-1输入
全局配置:
Enable14
Password:
stu
Configureterminal
全局配置下输入
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet0/3
switchportmodetrunk
exit
interfacefastethernet0/4
switchportmodetrunk
exit
启用树:
Spanning-tree
Spanning-treemodestp/rstp
Exit
二层交换机下RG-S2026G-2输入
全局配置:
Enable14
Password:
stu
Configureterminal
全局配置下输入
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet0/3
switchportmodetrunk
exit
interfacefastethernet0/4
switchportmodetrunk
exit
启用树:
Spanning-tree
Spanning-treemodestp/rstp
Exit
第五节
交换机聚合端口的建立
1.创建
Interfaceaggregateport1
Switchportmodetrunk
Exit
2.将物理端口加入到聚合端口
Interfacerangefastethernet0/3-4
Port-group1
Exit
二层交换机下RG-S2026G-1输入
全局配置:
Enable14
Password:
stu
Configureterminal
全局配置下输入
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet0/3
switchportmodetrunk
exit
interfacefastethernet0/4
switchportmodetrunk
exit
Interfaceaggregateport1(1-8)
Switchportmodetrunk
Exit
Interfacerangefastethernet0/3-4
Port-group1(1-8)
Exit
二层交换机下RG-S2026G-2输入
全局配置:
Enable14
Password:
stu
Configureterminal
全局配置下输入
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet0/3
switchportmodetrunk
exit
interfacefastethernet0/4
switchportmodetrunk
exit
Interfaceaggregateport1(1-8)
Switchportmodetrunk
Exit
Interfacerangefastethernet0/3-4
Port-group1(1-8)
Exit
第六节
192.168.2.1/30
路由器
192.168.2.2/30
0/0
PC1
R1
0/0
0/1
R2
PC2
0/1
192.168.1.254
192.168.3.254
192.168.3.1
192.168.1.1
查看路由表:
Showiproute
Iproute目标网络子网掩码(端口/下一个IP地址;permanent/distance)
路由器下RG-RSR20G-1输入
全局配置:
Enable14
Password:
stu
Configureterminal
Interfacefastethernet0/0
Ipaddress192.168.1.254255.255.255.0
Noshutdown
exit
interfacefastethernet0/1
ipaddress192.168.2.1255.255.255.252
Noshutdown
Exit
Iproute192.168.3.0255.255.255.00/0
路由器下RG-RSR20G-2输入
全局配置:
Enable14
Password:
stu
Configureterminal
Interfacefastethernet0/1
ipaddress192.168.3.254255.255.255.0
Noshutdown
exit
interfacefastethernet0/0
ipaddress192.168.2.2255.255.255.252
Noshutdown
Exit
Iproute192.168.1.0255.255.255.00/1
动态路由RIP
0/1
192.168.3.1
PC2
0/0
0/1
R2
0/0
PC1
R1
192.168.1.254
192.168.3.254
192.168.2.1/30
192.168.2.2/30
0/1
删除IP地址:
noiproute(ip地址子网掩码)
路由器下RG-RSR20G-1输入
全局配置:
Enable14
Password:
stu
Configureterminal
Interfacefastethernet0/0
Ipaddress192.168.1.254255.255.255.0
Noshutdown
exit
interfacefastethernet0/1
ipaddress192.168.2.1255.255.255.252
Noshutdown
Exit
Routerospf1234
Network本机直连IP地址段(192.68.1.254自动分配)area0
、、、
、、、
Version1或2(版本)
路由器下RG-RSR20G-2输入
全局配置:
Enable14
Password:
stu
Configureterminal
Interfacefastethernet0/1
ipaddress192.168.3.254255.255.255.0
Noshutdown
exit
interfacefastethernet0/0
ipaddress192.168.2.2255.255.255.252
Noshutdown
Exit
RouteRIP
Network本机直连IP地址段(192.68.1.254自动分配)area0
、、、
、、、
Version1或2(版本)
第八节
Vlan间通信(三层交换机)
Showiproute
Vlan10:
192.168.1.254
Vlan20:
192.168.2.254
Vlan30:
192.168.3.254
三层交换机:
Interfacevlan10
Ipaddress192.168.1.254255.255.255.0
Noshutdown
exit
;;;;;
;;;;;;
Interfacevlan30
二层交换机:
RG-S2026G-1
Enable14
Password:
stu
Configureterminal
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
Vlan30
Namest
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet模块号/端口号0/3
switchportmodeaccess
switchportaccessvlan30
exit
interfacefastethernet0/4
switchportmodetrunk
exit
Spanning-tree
Spanning-treemodestp/rstp
Exit
三层交换机:
RG-S3750G-1
Enable14
Password:
stu
Configureterminal
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
Vlan30
Namest
Exit
Interfacevlan10
Ipaddress192.168.1.254255.255.255.0
Noshutdown
exit
Interfacevlan20
Ipaddress192.168.2.254255.255.255.0
Noshutdown
exit
Interfacevlan30
Ipaddress192.168.3.254255.255.255.0
Noshutdown
Exit
interfacefastethernet0/4
switchportmodetrunk
exit
Spanning-tree
Spanning-treemodestp/rstp
Exit
实验二:
0/1
Vlan10:
192.168.1.254/24
Vlan20:
192.168.2.254/24
Vlan100:
192.168.4.1
二层交换机:
RG-S2026G-1
Enable14
Password:
stu
Configureterminal
Vlan10
Namest
Exit
Vlan20
Namestt
Exit
interfacefastethernet模块号/端口号0/1
switchportmodeaccess
switchportaccessvlan10
exit
interfacefastethernet模块号/端口号0/2
switchportmodeaccess
switchportaccessvlan20
exit
interfacefastethernet0/4
switchportmodetrunk
exit
Spanning-tree
Spanning-treemodestp/rstp
Ipdefault-gateway192.168.4.2
三层交换机:
R
升级会员 