Config Switch 2960
Inviato: gio 17 lug , 2008 4:03 pm
Salve a tutti,
devo configurare un 2960 con 3 vlan la cui utilità è quella semplicemente di tenere separate tre reti diverse e questo è quello che ho creato:
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname switch2960
!
enable secret xxxxxxxxxxxxxx
!
ip subnet-zero
!
vtp mode transparent
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1,4,100 priority 28672
!
!
!
!
vlan 10
name inside2
!
vlan 20
name inet
!
vlan 30
name server
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/9
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface GigabitEthernet0/1
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface GigabitEthernet0/2
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface Vlan 10
ip address 10.0.0.4 255.255.255.240
no ip route-cache
no shutdown
!
interface Vlan 20
no ip address
no ip route-cache
no shutdown
interface Vlan 30
no ip address
no ip route-cache
no shutdown
!
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
ip default-gateway 10.0.0.1
no ip http server
!
line con 0
line vty 0 4
password xxxxxxxxxxxxxx
login
line vty 5 15
login
!
!
end
la prima vlan va collegata alla inside di un pix e ci andranno collegati due server, mentre sulla seconda vlan ci andrà collegata la outside dello stesso pix e due cavi che vengono dal provider, mentre la terza l'ho lasciata diciamo di scorta e per il momento non ci andrà nulla.
Ho configurato come defualt gateway la inside del pix e ho dato alla vlan 10 un ip address in modo da poter raggiungere da remoto lo switch, sulla access-list ho semplicemente configurato gli ip che possono collegarsi allo switch.
Manca qualcosa o ho sbagliato qualcosa secondo voi?
devo configurare un 2960 con 3 vlan la cui utilità è quella semplicemente di tenere separate tre reti diverse e questo è quello che ho creato:
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname switch2960
!
enable secret xxxxxxxxxxxxxx
!
ip subnet-zero
!
vtp mode transparent
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1,4,100 priority 28672
!
!
!
!
vlan 10
name inside2
!
vlan 20
name inet
!
vlan 30
name server
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/9
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface GigabitEthernet0/1
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface GigabitEthernet0/2
switchport access vlan 30
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree guard root
no shutdown
!
interface Vlan 10
ip address 10.0.0.4 255.255.255.240
no ip route-cache
no shutdown
!
interface Vlan 20
no ip address
no ip route-cache
no shutdown
interface Vlan 30
no ip address
no ip route-cache
no shutdown
!
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxx
ip default-gateway 10.0.0.1
no ip http server
!
line con 0
line vty 0 4
password xxxxxxxxxxxxxx
login
line vty 5 15
login
!
!
end
la prima vlan va collegata alla inside di un pix e ci andranno collegati due server, mentre sulla seconda vlan ci andrà collegata la outside dello stesso pix e due cavi che vengono dal provider, mentre la terza l'ho lasciata diciamo di scorta e per il momento non ci andrà nulla.
Ho configurato come defualt gateway la inside del pix e ho dato alla vlan 10 un ip address in modo da poter raggiungere da remoto lo switch, sulla access-list ho semplicemente configurato gli ip che possono collegarsi allo switch.
Manca qualcosa o ho sbagliato qualcosa secondo voi?