可使用clear interface 或 clear line 命令来清除或重置某一端口或串口,在大部分情况下并不需要这样做: Switch# clear interface fastethernet0/5
3.5.3 关闭和打开端口 命令 目的
Step 1 configure terminal 进入配置状态
Step 2 interface {vlan vlan-id} | {{fastethernet | gigabitethernet} interface-id} | {port-channel port-channel-number} 选择要关闭的端口 Step 3 Shutdown 关闭 Step 4 End 退出
Step 5 show running-config 验证 使用 no shutdown 命令重新打开端口. 举例如下:
Switch# configure terminal
Switch(config)# interface fastethernet0/5 Switch(config-if)# shutdown Switch(config-if)#
*Sep 30 08:33:47: %LINK-5-CHANGED: Interface FastEthernet0/5, changed state to a administratively down
Switch# configure terminal
Switch(config)# interface fastethernet0/5 Switch(config-if)# no shutdown Switch(config-if)#
*Sep 30 08:36:00: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up
3.6 交换机端口镜像配置 『端口镜像的数据流程』
基于端口的镜像是把被镜像端口的进出数据报文完全拷贝一份到镜像端口,这样来进行流量观测或者故障定位。
Figure 27-1 Example of Local SPAN Configuration on a Single Switch
3.6.1 创建一个本地SPAN会话
Beginning in privileged EXEC mode, follow these steps to create a SPAN session and specify the source (monitored) ports or VLANs and the destination (monitoring) ports: Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 no monitor session {session_number | all | local | remote} Remove any existing SPAN configuration for the session. For session_number, the range is 1 to 66. Specify all to remove all SPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Step 3 monitor session session_number source {interface interface-id | vlan vlan-id} [, | -] [both | rx | tx] Specify the SPAN session and the source port (monitored port). For session_number, the range is 1 to 66. For interface-id, specify the source port or source VLAN to monitor. ? For source interface-id, specify the source port to monitor. Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). Valid port-channel numbers are 1 to 48. ? For vlan-id, specify the source VLAN to monitor. The range is 1 to 4094 (excluding the RSPAN VLAN). Note A single session can include multiple sources (ports or VLANs), defined in a series of commands, but you cannot combine source ports and source VLANs in one session. (Optional) [, | -] Specify a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen. (Optional) Specify the direction of traffic to monitor. If you do not specify a traffic direction, the SPAN monitors both sent and received traffic. ? both—Monitor both received and sent traffic. This is the default. ? rx—Monitor received traffic. ? tx—Monitor sent traffic. Note You can use the monitor session session_number source command multiple times to configure multiple source ports.
Step 4 monitor session session_number destination {interface interface-id [, | -] [encapsulation
replicate]} Specify the SPAN session and the destination port (monitoring port). For session_number, specify the session number entered in step 3. Note For local SPAN, you must use the same session number for the source and destination interfaces. For interface-id, specify the destination port. The destination interface must be a physical port; it cannot be an EtherChannel, and it cannot be a VLAN. (Optional) [, | -] Specify a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen. (Optional) Enter encapsulation replicate to specify that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged). Note You can use monitor session session_number destination command multiple times to configure multiple destination ports. Step 5 end Return to privileged EXEC mode.
Step 6 show monitor [session session_number] show running-config Verify the configuration.
Step 7 copy running-config startup-config (Optional) Save the configuration in the configuration file.
举例:通过交换机的第2号口监控第1号口的流量
Switch(config)# monitor session 1 source interface gigabitethernet0/1 Switch(config)# monitor session 1 destination interface gigabitethernet0/2 Switch(config)# end
删除一个span会话:
Switch(config)# no monitor session 1 source interface gigabitethernet0/1 Switch(config)# end
3.7 以太通道端口组(Ethernet Port Groups)
以太通道端口组提供把多个交换机端口像一个交换端口对待。这些端口组为交换机之间或交换机和服务器之间提供一条单独的高带宽连接的逻辑端口。以太通道在一个通道中提供穿越链路的负载平衡。如果以太通道中的一个链路失效,流量会自动从失效链路转移到被用链路。你可以把多干道端口加到一个逻辑的干道端口;把多访问端口加到一个逻辑访问端口;或者多隧道端口加到一个逻辑的隧道接口。绝大多数的协
议能够在单独或是集合的接口上运行,并且不会意识到在端口组中的物理端口。除了DTP、CDP和PAgP,这些协议只能在物理接口上运行。
当你配置一个以太通道,你创建一个端口通道逻辑接口,并且指派一个接口给以太通道。对于三层接口,你人工创建该逻辑接口:
Figure 33-1 Typical EtherChannel Configuration
举例:把交换机A,B的1,2号口添加到同一个组5里面 SwitchA# configure terminal
SwitchA (config)# interface range gigabitethernet0/1 -2 SwitchA (config-if-range)# switchport mode access SwitchA (config-if-range)# switchport access vlan 10 SwitchA (config-if-range)# channel-group 5 mode ON Switch(config-if-range)# end SwitchB# configure terminal
SwitchB(config)# interface range gigabitethernet0/1 -2 SwitchB(config-if-range)# switchport mode access SwitchB(config-if-range)# switchport access vlan 10 SwitchB(config-if-range)# channel-group 5 mode ON SwitchB(config-if-range)# end
第4章 配置VLAN 4.1 简介
VLAN(Virtual Local Area Network),是一种通过将局域网内的设备逻辑地而不是物理地划分成一个个网段从而实现虚拟工作组的技术。IEEE于1999年颁布了用以标准化VLAN实现方案的IEEE 802.1Q协议标准草案。
VLAN技术允许网络管理者将一个物理的LAN逻辑地划分成不同的广播域(或称虚拟LAN,即VLAN),每一个VLAN都包含一组有着相同需求的计算机,由于VLAN是逻辑地而不是物理地划分,所以同一个VLAN内的各个计算机无须被放置在同一个物理空间里,即这些计算机不一定属于同一个物理LAN网段。
VLAN的优势在于VLAN内部的广播和单播流量不会被转发到其它VLAN中,从而有助于控制网络流量、减少设备投资、简化网络管理、提高网络安全性。 4.2 可支持的VLAN
Catalyst 3560交换机支持1005个 VLAN,可以分别是VTP client, server, 及 transparent modes. VLAN号可以从1到4094. VLAN号1002到1005保留给令牌环及FDDI VLAN. VTP只能学习到普通范围的VLAN, 即从VLAN到1到1005; VLAN号大于1005属于扩展VLAN,不存在VLAN数据庫中。 交换机必须配置成VTP透明模式当需要生成VLAN 号从1006到4094.
本交换机支持基于每一VLAN的生成树(PVST),最多支持128个生成树。本交换机支持ISL及IEEE 802.1Q trunk二种封装。
4.3 配置正常范围的VLAN
VLAN号1, 1002到1005是自动生成的不能被去掉。
VLAN号1到1005的配置被写到文件vlan.dat 中, 可以用show vlan 命令查看, vlan.dat 文件存放在NVRAM中.
命令 目的
Step 1 configure terminal 进入配置状态
Step 2 vlan vlan-id 输入一个VLAN号, 然后进入vlan配置状态,可以输入一个新的VLAN号或旧的来进行修改。
Step 3 name vlan-name (可选)输入一个VLAN名,如果没有配置VLAN名,缺省的名字是VLAN号前面用0填满的4位数,如VLAN0004是VLAN4的缺省名字 Step 4 mtu mtu-size (可选) 改变MTU大小 Step 5 end 退出
Step 6 show vlan {name vlan-name | id vlan-id} 验证 Step 7 copy running-config startup config (可选) 保存配置 用no vlan name 或 no vlan mtu 退回到缺省的vlan配置状态 举例如下:
Switch# configure terminal
Switch(config)# vlan 20