3550资料堆叠3550 配置向导定义主机名:cat2-3550(config)#hostname 登陆Banner:Cat1-3550(config)#banner login # Authorized Users elab Only #端口说明:cat2-3550(config)#int fa0/1cat2-3550(config-if)#description To 100M激活portfast:cat2-3550(config-if)#spanning cat2-3550(config-if)#spanning-tree portfast设置双工:cat2-3550(config)#int fa0/1cat2-3550(config-if)#duplex half设置端口速率:cat2-3550(config)#int fa0/1cat2-3550(config-if)#speed 10设置DNS:cat2-3550(config)#ip name-server 4.1.1.1设置 VTP Domaincat2-3550(config)#vtp domain hellocat2-3550(config)#vtp mode transparent创建VLAN:SW1(vlan)#vlan 10 name REDSW1(vlan)#vlan 20 name BLUESW1(vlan)#exit设置VLAN优先级:SW1#config tSW1(config)#interface vlan 20SW1(config)#spanning-tree vlan 20 priority 20SW1(config-subif)#ip addr 1.1.1.1 255.255.255.0TRUNK设置:interface FastEthernet0/24switchport trunk encapsulation isl switchport trunk allowed vlan 1,2,4,5,10,12-14,1002-1005 switchport mode trunk no ip address显示trunk信息:cat2-3550#show interface trunkSPAN-TREE配置:Cat1-3550(config)#spanning-tree vlan 101 priority 0定义网关:SW1(config)#ip default-gateway 1.1.1.2创建etherchannel:First Switch:SW1(config)#int port-channel 1SW1(config-if)#switchport trunk encapsulation isl SW1(config-if)#switchport mode trunkSW1(config)#int fa 0/23SW1(config-if)#switchport trunk encap isl SW1(config-if)#switchport mode trunk SW1(config-if)#channel-group 1 mode autoSW1(config)#int fa 0/24SW1(config-if)#switchport trunk encap isl SW1(config-if)#switchport mode trunk SW1(config-if)#channel-group 1 mode autoSecond Switch:SW2(config)#int port-channel 1SW2(config-if)#switchport trunk encapsulation isl SW2(config-if)#switchport mode trunkSW2(config)#int fa 0/23SW2(config-if)#switchport trunk encap islSW2(config-if)#switchport mode trunkSW2(config-if)#channel-group 1 mode autoSW2(config)#int fa 0/24SW2(config-if)#switchport trunk encap islSW2(config-if)#switchport mode trunkSW2(config-if)#channel-group 1 mode auto端口上划分VLAN:SW1(config)#int fastEthernet 0/2SW1(config-if)#switchport access vlan 20SW1(config-if)#no shutdownSW1(config)#interface fastEthernet 0/3SW1(config-if)#switchport access vlan 10SW1(config-if)#no shutdown封装TRUNK:SW1(config)#int fa 0/1SW1(config-if)#switchport trunk encap isl SW1(config-if)#switchport mode trunk分配Ether Channel 到接口:SW1(config)#interface fa0/23SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW1(config-if)#channel-group 1 mode auto (other side use desirable)SW1(config)#interface fa0/24SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW1(config-if)#channel-group 1 mode auto (other side use desirable)配置SPAN:SW2#config tSW2(config)#no monitor session 1SW2(config)#monitor session 1 source interface fa0/3SW2(config)#monitor session 1 destination interface fa0/11 SW2(config)#end在VLAN接口上配置SPAN:SW2#config tSW2(config)#no monitor session 1SW2(config)#monitor session 1 source vlan 10SW2(config)#monitor session 1 destination interface fa0/11 (any encap here) SW2(config)#endSW2#sh monitor session 1 Session 1---------Source Ports:RX Only: NoneTX Only: NoneBoth: Fa0/3Source VLANs:RX Only: NoneTX Only: NoneBoth: NoneDestination Ports: Fa0/11Encapsulation: NativeFilter VLANs: NoneTime Stamp Debug 和Log Messages with Absolute Time:service timestamps debug datetimeservice timestamps log datetime关闭 DNS Lookup:no ip domain-lookupDisable HTTP Server:no ip http server能够 Syslog:logging history informational (这里设置syslog级别logging facility local6logging source-interface Loopback0logging 150.50.111.100定义SNMP:snmp-server community hello RO 12snmp-server community hellorw RW 13access-list 12 permit 150.50.0.0 0.0.255.255access-list 13 permit 150.50.16.0 0.0.0.255access-list 13 permit 150.50.111.0 0.0.0.255禁止 TCP 和UDP small server:R1(config)#no service tcp-small-serversR1(config)#no service udp-small-servers在接口上打开 Storm Control on :cat1-3550(config)#int fa0/6cat1-3550(config-if)#storm-control broadcast level 50cat1-3550(config-if)#storm-control multicast level 25cat1-3550(config-if)#storm-control un3550 ACL配置举例Switch(config)# access-list 2 permit 36.48.0.3Switch(config)# access-list 2 deny 36.48.0.0 0.0.255.255Switch(config)# access-list 2 permit 36.0.0.0 0.255.255.255Switch(config)# interface gigabitethernet0/1Switch(config-if)# ip access-group 2 inSwitch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25 Switch(config)# access-list 102 permit icmp any anySwitch(config)# interface gigabitethernet0/1Switch(config-if)# ip access-group 102 in3550 配置 SSH举例首先确认crypto imagecrypto key generate rsa接下来设置SSHSwitch(config)# username bob password xxxSwitch(config)# line vty 0 4Switch(config)# login local (Required if you want to do local authentication) Switch(config)# transport input ssh (If you want to only allow SSH)3550 emi 配置DHCP SERVER相关配置命令:config)#ip dhcp pool [地址池名](config)#ip dhcp excluded-address [不分配的地址](dhcp-config)#network [要分配的地址] [掩码](dhcp-config)#lease [租约](dhcp-config)#default-router [默认网关](dhcp-config)#dns-server[dns 服务器]然后要对自动获取地址的vlan进行设置(config)#ip helper-address [交换机地址]再将端口划分到vlan 里show config:ip dhcp excluded-address 10.0.199.200 10.0.199.254!ip dhcp pool testnetwork 10.0.199.0 255.255.255.0default-router 10.0.199.1dns-server 10.0.199.252lease 0 0 5nterface Vlan199ip address 10.0.199.1 255.255.255.0ip helper-address 10.0.1.13550之DHCP服务器的详尽配置实例作DHCP服务器,因为当时在配置3550作为DHCP中继代理时顺便测试了一把将3550配置为DHCP服务器并获通过,因此这里将配置过程写出来,供大家参考.网络环境:一台3550EMI交换机,划分三个vlan,vlan2 为服务器所在网络,命名为server,IP地址段为192.168.2.0,子网掩码:255.255.255.0,网关:192.168.2.1,域服务器为windows 2000 advance server,同时兼作DNS服务器,IP地址为192.168.2.10,vlan3为客户机1所在网络,IP 地址段为192.168.3.0,子网掩码:255.255.255.0,网关:192.168.3.1命名为work01,vlan4为客户机2所在网络,命名为work02,IP地址段为192.168.4.0,子网掩码:255.255.255.0,网关:192.168.4.1,3550作DHCP服务器,端口1-8划到VLAN 2,端口9-16划分到VLAN 3,端口17-24划分到VLAN 4.DHCP服务器实现功能:各VLAN保留2-10的IP地址不分配置,例如:192.168.2.0的网段,保留192.168.2.2至192.168.2.10的IP地址段不分配.安全要求:VLAN 3和VLAN 4 不允许互相访问,但都可以访问服务器所在的VLAN 2, 默认访问控制列表的规则是拒绝所有包.配置命令及步骤如下:第一步:创建VLAN:Switch>enSwitch#Vlan DatabaseSwitch(Vlan)>Vlan 2 Name serverSwitch(Vlan)>Vlan 3 Name work01Switch(vlan)>Vlan 4 Name work02第二步:设置VLAN IP地址:Switch#Config TSwitch(Config)>Int Vlan 2Switch(Config-vlan)Ip Address 192.168.2.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 3Switch(Config-vlan)Ip Address 192.168.3.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 4Switch(Config-vlan)Ip Address 192.168.4.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)Exit/*注意:由于此时没有将端口分配置到VLAN2,3,4,所以各VLAN会DOWN 掉,待将端口分配到各VLAN后,VLAN会起来*/第三步:设置端口全局参数Switch(Config)Interface Range Fa 0/1 - 24Switch(Config-if-range)Switchport Mode AccessSwitch(Config-if-range)Spanning-tree Portfast第四步:将端口添加到VLAN2,3,4中/*将端口1-8添加到VLAN 2*/Switch(Config)Interface Range Fa 0/1 - 8Switch(Config-if-range)Switchport Access Vlan 2/*将端口9-16添加到VLAN 3*/Switch(Config)Interface Range Fa 0/9 - 16Switch(Config-if-range)Switchport Access Vlan 3/*将端口17-24添加到VLAN 4*/Switch(Config)Interface Range Fa 0/17 - 24Switch(Config-if-range)Switchport Access Vlan 4Switch(Config-if-range)Exit/*经过这一步后,各VLAN会起来*/第?*剑号渲?550作为DHCP服务器/*VLAN 2可用地址池和相应参数的配置,有几个VLAN要设几个地址池*/ Switch(Config)Ip Dhcp Pool Test01/*设置可分配的子网*/Switch(Config-pool)Network 192.168.2.0 255.255.255.0/*设置DNS服务器*/Switch(Config-pool)Dns-server 192.168.2.10/*设置该子网的网关*/Switch(Config-pool)Default-router 192.168.2.1/*配置VLAN 3所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test02Switch(Config-pool)Network 192.168.3.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.3.1/*配置VLAN 4所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test03Switch(Config-pool)Network 192.168.4.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.4.1第六步:设置DHCP保留不分配的地址Switch(Config)Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10Switch(Config)Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10Switch(Config)Ip Dhcp Excluded-address 192.168.4.2 192.168.4.10第七步:启用路由/*路由启用后,各VLAN间主机可互相访问*/Switch(Config)Ip Routing第八步:配置访问控制列表Switch(Config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255Switch(Config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 103 permit udp any any eq bootpcSwitch(Config)access-list 103 permit udp any any eq tftpSwitch(Config)access-list 103 permit udp any eq bootpc anySwitch(Config)access-list 103 permit udp any eq tftp anySwitch(Config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255Switch(Config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 104 permit udp any eq tftp anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq tftp any第九步:应用访问控制列表/*将访问控制列表应用到VLAN 3和VLAN 4,VLAN 2不需要*/Switch(Config)Int Vlan 3Switch(Config-vlan)ip access-group 103 outSwitch(Config-vlan)Int Vlan 4Switch(Config-vlan)ip access-group 104 out第十步:结束并保存配置Switch(Config-vlan)EndSwitch#Copy Run Start3550 学习Basicsip address ip-address subnet-maskip default-gateway ip-addresshostname stringprompt string?CDPDefault CDP ConfigurationCDP global state EnabledCDP interface state EnabledCDP timer (packet update frequency) 60 secondsCDP holdtime (before discarding) 180 secondsCDP version-2 advertisements Enabledcdp timer seconds (Optional)Set the transmission frequency of CDP updates in seconds.The range is from 5 to 254; the default is 60 seconds.cdp holdtime seconds (Optional)Specify the amount of time a receiving device should hold the information sent byyour device before discarding it.The range is from 10 to 255 seconds; the default is 180 seconds.cdp advertise-v2 (Optional)Configure CDP to send version-2 advertisements. This is the default state.?DNSip name-server server-address1ip domain-name nameip domain-lookup?SNMPsnmp-server host host-addr {traps | informs} {version {1 | 2c}} community-string notification-typerecipient of the trap message.snmp-server enable traps mac-notificationsend MAC address traps tosnmp-server enable traps mac-notificationEnable the switch to send MAC address trapsmac-address-table notificationEnable the MAC address notification feature.mac-address-table notification [interval value] | [history-size value]Enter the trap interval time and the history table size.snmp trap mac-notification {added | removed}Enable the MAC address notification trap.Switch(config)# snmp-server host 172.20.10.10 traps privateSwitch(config)# snmp-server enable traps mac-notificationSwitch(config)# mac-address-table notificationSwitch(config)# mac-address-table notification interval 60Switch(config)# mac-address-table notification history-size 100Switch(config)# interface fastethernet0/4Switch(config-if)# snmp trap mac-notification addedmac-address-table static mac-addr vlan vlan-id interface interface-id Add a static address to the MAC address table.show mac-address-table addressDisplays MAC address table information for the specified MAC address.show mac-address-table aging-timeDisplays the aging time in all VLANs or the specified VLAN.show mac-address-table countDisplays the number of addresses present in all VLANs or the specified VLAN.show mac-address-table dynamicDisplays dynamic MAC address table entries only.show mac-address-table interfaceDisplays the MAC address table information for the specified interface.show mac-address-table multicastDisplays the Layer 2 multicast entries for all VLANs or the specified VLAN.show mac-address-table staticDisplays static MAC address table entries only.show mac-address-table vlanDisplays the MAC address table information for the specified VLAN.snmp-server community private RWsnmp-server community public ROsnmp-server community private@es0 RWsnmp-server community public@es0 ROsnmp-server chassis-id 0x12?NTPConfigure the switch to synchronize only to devices providing authentication key 42in the device抯 NTP packets:Switch(config)# ntp authenticateSwitch(config)# ntp authentication-key 42 md5 aNiceKeySwitch(config)# ntp trusted-key 42An NTP association can be a peer association (this switch can either synchronize tothe other device or allow the other device to synchronize to it), or it can be aserver association (meaning that only this switch synchronizes to the other device,and not the other way around).ntp peer ip-address [version number] [key keyid] [source interface] [prefer]ntp server ip-address [version number] [key keyid] [source interface] [prefer]ntp broadcast clientntp broadcastdelay microsecondsntp broadcast [version number] [key keyid] [destination-address]ntp access-group {query-only | serve-only | serve | peer} access-list-numberNTP services are enabled on all interfaces by default.ntp disablentp source type number?SDMBy using Switch Database Management (SDM) templates, you can configure memoryresources in the switch to optimize support for specific features, depending on howthe switch is used in your network.The four templates prioritize system memory to optimize support for these types of features:?QoS and security ACEshe access template might typically be used in an access switch at the network edge where the route table sizes might not be substantial. Filtering and QoS might be more important because an accessswitch is the entry to the whole network.?Routing he routing template maximizes system resources for unicast routing,typically required for a router or aggregator in the center of a network.VLANs he VLAN template disables routing and supports the maximum number ofunicast MAC addresses. It would typically be selected for a Catalyst 3550used as a Layer 2 switch.?Default桾he default template gives balance to all functionalities (QoS, ACLs, unicast routing, multicast routing, VLANs and MAC addresses).sdm prefer {access | routing | vlan}1.1. Vlan's?Normal VLAN'sTo configure normal-range VLANs (VLAN IDs 1 to 1005), use the vlan vlan-id globalconfiguration command to enter config-vlan mode or the vlan databaseprivileged EXEC command to enter VLAN configuration mode.Add ports to a VLAN by using the switchport interface configuration commands: Normal-range VLANs are identified with a number between 1 and 1001.vlan databasevlan vlan-id name vlan-nameAssign a port to a VLAN in the VLANinterface interface-idswitchport mode accessswitchport access vlan vlan-id?Extended VLAN'sThe VLAN configurations for VLAN IDs 1 to 1005 are saved in the VLAN database.To configure extended-range VLANs (VLAN IDs 1006 to 4094), you must use config-vlanmode with V3550的启动过程3550#reloadProceed with reload? [confirm]01:20:36: %SYS-5-RELOAD: Reload requestedBase ethernet MAC Address: 00:05:dd:c0:c7:00Xmodem file system is available.The password-recovery mechanism is enabled.Initializing Flash...flashfs[0]: 24 files, 6 directoriesflashfs[0]: 0 orphaned files, 0 orphaned directoriesflashfs[0]: Total bytes: 16128000flashfs[0]: Bytes used: 5199360flashfs[0]: Bytes available: 10928640flashfs[0]: flashfs fsck took 15 seconds....done Initializing Flash.Boot Sector Filesystem (bs installed, fsid: 3Loading"flash:/c3550-i5q3l2-mz.121-9.EA1/c3550-i5q3l2-mz.121-9.EA1.bin"...########################################################################## ################################################################################ ################################################################################ ################################################################################ ############################################################################# File "flash:/c3550-i5q3l2-mz.121-9.EA1/c3550-i5q3l2-mz.121-9.EA1.bin" uncompressed and installed, entry point: 0x3000executing...Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.cisco Systems, Inc.170 West Tasman DriveSan Jose, California 95134-1706Cisco Internetwork Operating System SoftwareIOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(9)EA1, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Wed 24-Apr-02 06:35 by antoninoImage text-base: 0x00003000, data-base: 0x006848F4Initializing flashfs...flashfs[1]: 24 files, 6 directoriesflashfs[1]: 0 orphaned files, 0 orphaned directoriesflashfs[1]: Total bytes: 16128000flashfs[1]: Bytes used: 5199360flashfs[1]: Bytes available: 10928640flashfs[1]: flashfs fsck took 8 seconds.flashfs[1]: Initialization complete....done Initializing flashfs.POST: CPU Buffer Tests : BeginPOST: CPU Buffer Tests : End, Status PassedPOST: CPU Interface Tests : BeginPOST: CPU Interface Tests : End, Status PassedPOST: Switch Core Tests : BeginPOST: Switch Core Tests : End, Status PassedPOST: CAM Subsystem Tests : BeginPOST: CAM Subsystem Tests : End, Status PassedPOST: Ethernet Controller Tests : BeginPOST: Ethernet Controller Tests : End, Status PassedPOST: Loopback Tests : BeginPOST: Loopback Tests : End, Status Passedcisco WS-C3550-12T (PowerPC) processor (revision 04) with 65526K/8192K bytes ofmemory.Processor board ID FAA0520G054Last reset from warm-resetBridging software.Running Layer2/3 Switching ImageEthernet-controller 1 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 2 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 7 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 8 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 9 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 10 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 11 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 12 has 1 Gigabit Ethernet/IEEE 802.3 interface12 Gigabit Ethernet/IEEE 802.3 interface(s)The password-recovery mechanism is enabled.384K bytes of flash-simulated non-volatile configuration memory.Base ethernet MAC Address: 00:05D:C0:C7:00Motherboard assembly number: 73-5527-08Power supply part number: NONEMotherboard serial number: FAA05190DABPower supply serial number: DAB0549038FModel revision number: 04Model number: WS-C3550-12TSystem serial number: FAA0520G054--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]:00:01:02: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan00:01:07: %SYS-5-RESTART: System restarted --Cisco Internetwork Operating System SoftwareIOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(9)EA1, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Wed 24-Apr-02 06:35 by antonino00:01:13: %GIGASTACK-6-LOOP_DETECTED: Gigastack GBIC in Gi0/11 is selected as Master Loop Breaker.Link 2 of the Gigastack GBIC is disabled to break the loop.00:01:16: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to up00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/11, changed state to up00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up3550smi升级到emi1、购买两台3550分别是smi、emi2、将emi中的rom芯片从主板上取下用专用的设备将rom中的信息读出并保存3、将smi中的rom芯片从主板上取下,用专用的设备将smi芯片的内容擦除并将emi的软件写入芯片4、焊接到主板接电测试所有的smi如法炮制难度:较难设备:到中关村的中发市场咨询一下就能买到(要花不少银子)有了设备读取rom中的软件就比较容易芯片:同样到中关村可以找到,和取下的芯片一致就ok啦焊接:难度较高,最好请专业人士做此工作,否则会浪费不少的芯片(谁在烧我的银子!!我打……)做这件事一定要谨慎、谨慎、再谨慎,损坏芯片是小事,如果焊到主板上加电后把主板烧了那就是大事啦!3550-24 EMI做限速internet----firewall----(port1)3550emi(port2)---vlan103(192.168.103.0) (port3)---vlan104(192.168.104.0)Internet总出口速率为1M,为vlan103分配200Kbit/s的带宽,为vlan104分配400Kbit/s的带宽.mls qosclass-map match-all ipclass103match access-group 103class-map match-all ipclass104match access-group 104!!policy-map flow_internetclass ipclass103police 200000 8000 exceed-action dropclass ipclass104police 400000 8000 exceed-action drop!!spanning-tree extend system-id!!!interface FastEthernet0/1switchport access vlan 200switchport mode accessno ip addressflowcontrol receive onservice-policy input flow_internetaccess-list 103 permit ip any 192.168.103.0 0.0.0.255 access-list 104 permit ip any 192.168.104.0 0.0.0.255补充:interface vlan103ip address 192.168.103.1 255.255.255.0interface vlan104ip address 192.168.104.1 255.255.255.0再ip routing即可.access-list103和104是针对qos,与安全过滤无关.3550 EMI 限速试验报告拓扑:pc1-------default vlan 1--3550-24-emi--f0/24-------pc2配置:pc1:192.168.1.7 255.255.255.0 192.168.1.222vlan 1:192.168.1.222 255.255.255.0f0/24:192.168.2.1 255.255.255.0pc2:192.168.2.20 255.255.255.0 192.168.2.1交换机的情况:IOS版本:12.1.8EA1c EMI版Switch#sh runBuilding configuration...Current configuration : 1835 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!!ip subnet-zeroip routingmls qos!class-map match-all 64kmatch access-group 110!!policy-map yikaiclass 64kpolice 512000 32000 exceed-action drop!!spanning-tree extend system-id !!!interface FastEthernet0/1 switchport mode accessno ip addressservice-policy input yikai!interface FastEthernet0/2no ip address!interface FastEthernet0/3no ip address!interface FastEthernet0/4no ip address!interface FastEthernet0/5no ip address!interface FastEthernet0/6no ip address!interface FastEthernet0/7no ip address!interface FastEthernet0/8no ip address!interface FastEthernet0/9no ip address!interface FastEthernet0/10no ip address!interface FastEthernet0/11no ip address!interface FastEthernet0/12no ip address!interface FastEthernet0/13no ip addressinterface FastEthernet0/14no ip address!interface FastEthernet0/15no ip address!interface FastEthernet0/16no ip address!interface FastEthernet0/17no ip address!interface FastEthernet0/18no ip address!interface FastEthernet0/19no ip address!interface FastEthernet0/20no ip address!interface FastEthernet0/21no ip address!interface FastEthernet0/22no ip address!interface FastEthernet0/23no ip address!interface FastEthernet0/24no switchportip address 192.168.2.1 255.255.255.0 service-policy input yikai!interface GigabitEthernet0/1no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 192.168.1.222 255.255.255.0ip classlessip http server!access-list 110 permit ip host 192.168.2.20 anyaccess-list 110 permit ip any any!line con 0line vty 0 4loginline vty 5 15login!end此时在客户机pc2从pc1上拷贝文件,大约40M时间大约:12分钟Switch#sh mls qos interface f 0/1 staFastEthernet0/1Ingressdscp: incoming no_change classified policed dropped (in bytes) Others: 385021895 385021895 0 0 12197478Egressdscp: incoming no_change classified policed dropped (in bytes) Others: 9553871 n/a n/a 0 0Switch#sh mls qos interface f 0/1 staFastEthernet0/1Ingressdscp: incoming no_change classified policed dropped (in bytes) Others: 385369437 385369437 0 0 12259540Egressdscp: incoming no_change classified policed dropped (in bytes) Others: 9562103 n/a n/a 0 0从中发现有大量的dropped,且增加很快.如果在interface f 0/1no service-map input yikai则没有应用policy-map yikai ,此时同样的文件传速速度很快, 大约只需要3分钟.可见:{在3550emi上面可以实现端口限速,并且不局限在1M}关于Cat3550的接口类型路由接口:1 可路由物理接口——Switch# conf tSwitch(config)#int fa0/1Switch(config-if)# no switchportSwitch(config-if)# ip address 10.3.1.1 255.255.0.0Switch(config-if)#end如果需要运行某个路由协议ip routing全局命令是必须的,另外,你也必须同时输入你在路由器上面配置路由协议的时候所输入的那些命令,比如router ospf 64;net 10.0.0.0 0.0.0.255 area 0这些……2 可路由虚拟交换接口——要给某两个交换接口(二层接口)分配IP地址,你需要有一个独立的接口来扮演路由这两个交换接口的工作;这就是SVI的概念了。