1. 以太網(wǎng)

1. 接口MTU和ip MTU

Switch(config-if)#mtu 1500

Switch(config-if)#ip mtu 1500

Switch#sh int s1/0

Switch#sh ip int s1/0

2. 管理MAC表

48位，點(diǎn)分十六進(jìn)制表示

Switch#show mac address-table

Switch#clear mac address-table

Switch(config)#mac address-table static aaaa.bbbb.cccc vlan 10 interface e0/0

2. 二層交換

1. Protected port

Switch(config-if)#switchport protected

2. Native Vlan

Switch(config-if)#switchport trunk native vlan 10

Switch(config)#vlan dot1q tag native

配置對native vlan也打標(biāo)簽

Vlan范圍：（dot1q）

3. Trunk配置

ISL:支持1-1005個(gè)vlan編號

DOT1Q:支持1-4094個(gè)vlan編號

Switch(config-if)#switchport mode access

將接口設(shè)置為access模式

Switch(config-if)#switchport trunk encapsulation {dot1q | ISL | negotiate }

Switch(config-if)#switchport mode {auto | desirable |trunk}

Switch#show interface f0/8 switchport

將接口設(shè)置為DTP動(dòng)態(tài)協(xié)商，可auto或desirable

Switch(config-if)#switchport nonegotiate

將接口設(shè)置為nonegotiate，不發(fā)送DTP幀，如果配置為非協(xié)商，那么必須手工配置接口模式為access或trunk

Switch(config-if)#switchport mode dynamic [auto | desirable]

配置接口為協(xié)商模式

Switch#show interface trunk 查看trunk狀態(tài)

Switch#show interfaces fa0/0 switchport 查看接口二層trunk信息

Switch(config-if)#switchport trunk allowed vlan {WORD | add | all | except | none | remove}

Switch1(config-if)#switchport trunk allowed vlan ?

WORD VLAN IDs of the allowed VLANs when this port is in trunking mode

add add VLANs to the current list

all all VLANs

except all VLANs except the following

none no VLANs

remove remove VLANs from the current list

Switch(config-if)#switchport trunk allowed vlan remove 20

Switch#show interface f0/8 switchport

查看接口trunk/vlan/private-vlan信息

4. VTP

1. VTP配置

Switch1(config)#vtp domain cisco

Switch1(config)#vtp mode {server | client |transparent}

Switch1(config)#vtp password 123456

Switch1#sh vtp password

2. VTP pruning

Switch1#sh vtp status

3. 查看trunk及allowed vlan狀態(tài)

Switch1#sh int trunk

4. VTP pruning

Switch2(config)#vtp pruning

開啟VTP修剪

Switch1#sh vtp status

查看VTP狀態(tài)

5. 私有VLAN（PVLAN）

1. 創(chuàng)建主VLAN：

Vlan 100

Private-vlan primary

2. 創(chuàng)建輔助VLAN

Vlan 101

Private-vlan community

Vlan 102

Private-vlan ioslate

3. 配置主VLAN，將二層輔助VLAN關(guān)聯(lián)到主VLAN

Vlan 100

Private-vlan association 101,102

4. 將輔助VLAN映射到主VLAN的SVI接口，從而允許PVLAN入口流量的三層交換。

Interface vlan 100

Private-vlan mapping add 101,102

5. 配置接口

Interface f0/1

Switchport mode private-vlan host

Switchport private-vlan host-association 100 101 //關(guān)聯(lián)主VLAN和輔助VLAN到接口

Interface f0/2

Switchport mode private-vlan host

Switchport mode private-vlan host-association 100 102

主機(jī)接口配置

Interface f0/3

Switchport mode private-vlan promiscuous

Switchport private-vlan mapping add 100 101 //將端口映射到PLAN

混雜端口配置

6. 查看及驗(yàn)證

Show pvlan mapping

PLAN配置示例

Sw(config)#vtp transparent

Sw(config)#vlan 201

Sw(config-vlan)#private-vlan isolated

Sw(config)#vlan 202

Sw(config-vlan)#private-vlan community

Sw(config)#vlan 100

Sw(config-vlan)#private-vlan primary

Sw(config-vlan)#private-vlan association 201,202

!

Sw(config)#interface fa0/24

Sw(config-if)#switchport mode private-vlan promiscuous

Sw(config-if)#switchport mode private-vlan mapping 100 201,202

Sw(config)#interface range fa 0/1 – 2

Sw(config-if)#switchport mode private-vlan host

Sw(config-if)#switchport private-vlan host-association 100 202

Sw(config)#interface range fa 0/3 – 4

Sw(config-if)#switchport mode private-vlan host

Sw(config-if)#switchport private-vlan host-association 100 201