1.二层接口模板
undo shutdown //开启接口
arp broadcast enable //在子接口上开启广播
speed auto //速率自动协商
duplex full //全双工模式1.1.二层Access模板(接入PC,终端)
undo shutdown
port link-type access //交换机接口更改为Access介入模式
port default vlan 10 //将Access接口划入VLAN10,作为该接口默认接口
arp broadcast enable
speed auto
duplex full1.2.二层Trunk(交换机互联)
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20 30 //配置Trunk接口,使VLAN10,20,30带标签通过
port trunk pvid vlan 1 //所有交换机默认配置。设置Trunk接口的PVID
arp broadcast enable
speed auto
duplex full2.三层物理接口模板
undo shutdown
ip address 192.168.1.1 255.255.255.0 //给路由器/三交接口配置IP与子网掩码
arp broadcast enable
speed auto
duplex full2.1Vlanif三层虚接口(作网关)
interface Vlanif 10 //创建并进入Vlanif三层虚接口,给VLAN10配置网关
//三层交换机专用,二交无该功能
ip address 192.168.10.1 24
undo shutdown
arp broadcast enable注意,除去Vlanif之外,其他物理接口的shutdown都是默认关闭的,在Vlanif中,undo shutdown属于冗余指令
2.2.静态路由
ip route-static 目标网段 掩码 下一跳IP
ip route-static 0.0.0.0 0.0.0.0 下一跳IP # 默认路由2.3.OSPF
ospf 1 router-id 1.1.1.1 //启动PSPF进程1,手动指定本台路由器的OSPF身份ID
area 0
network 192.168.1.0 0.0.0.255 //将该网段加入OSPF进程,后米娜是反掩码,即24
network 环回口IP 0.0.0.0 //精确匹配回环单独主机4.GRE隧道接口
interface Tunnel0 //创建、进入Tunnel隧道虚接口,用来搭建GRE/IPSec隧道,实现公私网互联
source 本端公网IP
destination 对端公网IP
ip address 10.10.0.1 245.防火墙
5.1防火墙接口+区域模板
interface GigabitEthernet 0/0/1
ip address 192.168.1.1 24
undo shutdown
firewall zone trust //进入信任安全区域
add interface GigabitEthernet 0/0/15.2防火墙安全策略
security-policy //进入安全策略视图
rule name permit_all //创建命令安全策略规则
source-zone trust //流量源为信任区域
destination-zone untrust //流量目的为非新人区域
source-address any
destination-address any
service 协议 //放行协议类型
action permit