网络拓扑:
Cisco端口聚合、VTP、ACL实例
****************基本配置****************
SW1>en;进入特权模式
SW1#conft;进入全局配置模式
SW1(config)#hostnameSW1;设置交换机的主机名
SW1(config)#enablesecretcisco;设置特权加密口令
SW1(config)#enablepasswordcisco;设置特权非密口令
SW1(config)#lineconsole0;进入控制台口
SW1(config-line)#login;允许登录
SW1(config-line)#passwordcisco1;设置登录口令xx
SW1(config)#linevty04;进入虚拟终端
SW1(config-line)#login;允许登录
SW1(config-line)#passwordcisco2;设置登录口令xx
SW1#exit;返回命令

****************链路聚合****************
SW1:2960
interfacePort-channel1
descriptionChannelgroupmemberf0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/1-2
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group1modedesirable
switchporttrunkallowedvlanall
SW2:2960
interfacePort-channel2
descriptionChannelgroupmemberf0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/3-4
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group2modedesirable
switchporttrunkallowedvlanall
SW3:2960
interfacePort-channel3
descriptionChannelgroupmemberf0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/5-6
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group3modedesirable
switchporttrunkallowedvlanall
SW4:2960
interfacePort-channel4
descriptionChannelgroupmemberf0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW5onportf0/7-8
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group4modedesirable
switchporttrunkallowedvlanall

SW5:3560
interfacePort-channel1
descriptionChannelgroupmemberSW1f0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/1-2
descriptionConnecttoSW1onportf0/1-2
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group1modeauto
switchporttrunkallowedvlanall
interfacePort-channel2
descriptionChannelgroupmemberSW2f0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/3-4
descriptionConnecttoSW2onportf0/1-2
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group2modeauto
switchporttrunkallowedvlanall
interfacePort-channel3
descriptionChannelgroupmemberSW3f0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/5-6
descriptionConnecttoSW3onportf0/1-2
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group3modeauto
switchporttrunkallowedvlanall
interfacePort-channel4
descriptionChannelgroupmemberSW4f0/1-2
switchport
switchporttrunkencapsulationdot1q
switchportmodetrunk
intranf0/7-8
descriptionConnecttoSW4onportf0/1-2
switchporttrunkencapsulationdot1q
switchportmodetrunk
channel-group4modeauto
switchporttrunkallowedvlanall

shipintbri

****************配置VTP****************
SW5:3560
SW5#vlandatabase
SW5(vlan)#vtpserver
DevicemodealreadyVTPSERVER.
SW5(vlan)#vtpdomaintianyu
ChangingVTPdomainnamefromNULLtotianyu
SW5(vlan)#vtppasswordcisco
SettingdeviceVLANdatabasepasswordtocisco
SW5(vlan)#exit
APPLYcompleted.
Exiting....
SW1:2960
SW1#vlandatabase
SW1(vlan)#vtpclient
SettingdevicetoVTPCLIENTmode.
SW1(vlan)#vtpdomaintianyu
Domainnamealreadysettotianyu.
SW1(vlan)#vtppasswordcisco
SettingdeviceVLANdatabasepasswordtocisco.
SW1(vlan)#vlan3namedb
SW1(vlan)#vlan4nameplatform
SW1(vlan)#vlan5nameweb
SW1(vlan)#end
SW1(config)#intrangef0/3-8
SW1(config-if-range)#switchportmodeaccess
SW1(config-if-range)#switchportaccessvlan3
SW1(config-if-range)#nosh
SW1(config-if-range)#exit
SW1(config)#intranf0/9-14
SW1(config-if-range)#switchportmodeaccess
SW1(config-if-range)#switchportaccessvlan4
SW1(config-if-range)#nosh
SW1(config-if-range)#exit
SW1(config)#intranf0/15-24
SW1(config-if-range)#switchportmodeaccess
SW1(config-if-range)#switchportaccessvlan5
SW1(config-if-range)#nosh
SW1(config-if-range)#exit
SW2:2960
SW2#vlandatabase
SW2(vlan)#vtpclient
SettingdevicetoVTPCLIENTmode.
SW2(vlan)#vtpdomaintianyu
Domainnamealreadysettotianyu.
SW2(vlan)#vtppasswordcisco
SettingdeviceVLANdatabasepasswordtocisco.
SW2(config)#intrangef0/3-8
SW2(config-if-range)#switchportmodeaccess
SW2(config-if-range)#switchportaccessvlan3
SW2(config-if-range)#nosh
SW2(config-if-range)#exit
SW2(config)#intranf0/9-14
SW2(config-if-range)#switchportmodeaccess
SW2(config-if-range)#switchportaccessvlan4
SW2(config-if-range)#nosh
SW2(config-if-range)#exit
SW2(config)#intranf0/15-24
SW2(config-if-range)#switchportmodeaccess
SW2(config-if-range)#switchportaccessvlan5
SW2(config-if-range)#nosh
SW2(config-if-range)#exit
/*SW3、SW4也类似的配置*/
SW5:3560
SW5(config)#iprouting
SW5(config)#intvlan3
SW5(config-if)#ipadd192.168.3.1255.255.255.0
SW5(config-if)#nosh
SW5(config-if)#exit
SW5(config)#intvlan4
SW5(config-if)#ipadd192.168.4.1255.255.255.0
SW5(config-if)#nosh
SW5(config-if)#exit
SW5(config)#intvlan5
SW5(config-if)#ipadd192.168.5.1255.255.255.0
SW5(config-if)#nosh
SW5(config-if)#exit

shiproute
shvtpstat
shvlanbri
shinttr

****************配置ACL****************
/*vlan3与vlan5之间互访,vlan4与vlan5之间互访,禁止vlan3与vlan4之间互访*/
SW5(config)#access-list101permitip192.168.3.00.0.0.255192.168.5.00.0.0.255
SW5(config)#access-list102permitip192.168.4.00.0.0.255192.168.5.00.0.0.255
SW5(config)#access-list103permitip192.168.5.00.0.0.2550.0.0.0255.255.255.255
****************应用ACL至VLAN端口****************
SW5(config)#intvlan3
SW5(config-if)#ipaccess-group101in
SW5(config)#intvlan4
SW5(config-if)#ipaccess-group102in
SW5(config)#intf0/24
SW5(config-if)#ipaccess-group103in

****************端口镜像:3560****************
监听指定vlan
SW5#showmonitor检查是否已存在镜像的配置
SW5#conft进入全局模式
SW5(config)#nomonitorsession1
SW5(config)#monitorsession1sourcevlan3-5both监控vlan3-5
SW5(config)#monitorsession1destinationintf0/23把信息复制到f0/23
SW5(config)#end返回
SW5#showmonitor
监听指定端口
SW5#showmonitor检查是否已存在镜像的配置
SW5#conft进入全局模式
SW5(config)#nomonitorsession1
SW5(config)#monitorsession2sourceintf0/24both监控端口f0/24
SW5(config)#monitorsession2destinationintf0/23把信息复制到f0/23
SW5(config)#end返回
SW5#showmonitorsession2

经过以上配置后,就可以用sinffer进行抓包了!