Cisco高档路由器故障排除一例

故障现象及处理
　　某单位以Cisco7513路由器作为广域网骨干路由器，采用标准配置，IOS的版本为11.1。一日发现该路由器的2M主干出口线路协议处于down状态，从而使与之相联的网络中断，用“show running-config”命令检查所有运行参数，没有发现错误；
　　又用“show interfaces serial”命令检查串口，发现某些端口状态up，而线路协议是 down，并且出现这种情况的串口均在同一个串口板（A板）上，其它各模块工作正常。经查所有物理线路也都正常，从而排除了线路故障的可能性。然而在一般情况下同一个串口板上的串口同时出现线路故障的可能性也并不大。至此可以初步确定可能A板出了问题。当进入全局配置模式后，再想进入A板上串口的端口配置模式时却发现无法实现，每次键入“interface serial串口号”时，总是报错，但是同样的命令却可以进入其它串口的端口配置模式。这时，可以初步判断IOS本身出现了某种软件故障，用reload命令重启路由器后系统进入ROMmonitor模式，提示符为“rommon>”，键入命令“boot”可启动路由器但故障依然存在，且所有A板串口的配置语句全都报错。

　　再将路由器关电然后加电时观察到：路由器的交流（或直流）OK LED灯为绿色，这说明系统的供电子系统工作正常，风扇旋转正常且输出错误LED灯未亮，这说明冷却子系统工作正常，路由交换处理器（RSP）的LED灯为绿色，这也表示系统工作正常。各接口的Enable LED灯为绿色，表示RSP已完成了接口处理器的初始化。但A板的LED灯全闪了一下就灭了，执行“reset”命令再用“boot”引导系统后所有A板串口的配置语句全部消失了。
　　进一步检查A板时发现其型号为VIP2，其上的两个子模块中只安装了一个四串口子模块，因此A板上只有四个串（可扩充至8个），其中三个串口已使用，一个空闲。正常时三个使用的串口的LED灯应亮，而未使用的串口的LED灯应为黄色，但目前却是四个串口的LED都不亮。系统启动后，用命令“show version”可以发现系统已找到了A板并识别出该板的型号为VIP2，只是没有详细信息。为进一步压缩故障，将A板调换插槽安装，故障依然存在；将A板安装在另一台无故障的机器上时，则一切正常。

　　 通过以上的步骤，将故障压缩到路由器配置参数上了。再用“show version”命令，在显示信息的最后一行，发现路由器配置寄存器数值为0x0，将其修改为0x2102后，重新引导路由器，将备份配置从tftpserver上拷入running-config后，路由器工作恢复正常，至此排除了这一貌似硬件接口损坏而实为软件参数设置错误的故障。

......
显示全文...

Service Assurance Agent (SAA)

在CISCO系统中是原来"响应时间报告器Response Time Reporter (RTR)"的新名称。

RTR允许用户监视网络性能，网络资源和通过衡量响应时间来判断应用程序性能，利用这个特征可以进行故障排除，问题通告，问题分析等操作。要验证是否似乎用了RTR responder，可使用如下命令验证：

Router>show rtr responder
RTR Responder is: Enabled
Number of control messages received: 0 Number of errors: 0
Recent sources:
Recent error sources:




Service Assurance Agent (SAA) is embedded software within Cisco IOS devices that performs active monitoring. Active monitoring is the generation and analysis of traffic to measure performance between Cisco IOS devices or between Cisco IOS devices and network application servers. Active monitoring provides a unique set of performance measurements: network delay or latency, packet loss, network delay variation (jitter), availability, one-way latency, website download time, as well as other network statistics. SAA can be used to measure network health, verify service level agreements, assist with network troubleshooting, and plan network infrastructure. SAA is supported on almost all Cisco IOS devices. Enterprises and service providers routinely deploy SAA for network performance statistics and within IP networks that utilize quality of service (QoS), Voice over IP, security, Virtual Private Network (VPNs), and Multiprotocol Label Switching (MPLS). SAA provides a scalable and cost effective solution for IP service level monitoring and eliminates the deployment of dedicated active monitoring devices by including the "probe" capabilities within Cisco IOS.

The SAA product has changed name to Cisco IOS IP SLAs


......
显示全文...

cisco 交换机3560与6509做汇聚的时候碰到的问题

其中一个接口成功做成了汇聚，但是其中另一个就是不亮！问题描述如下：


swb:

swb#show run int fa0/2
Building configuration...

Current configuration : 121 bytes
!
interface FastEthernet0/2
switchport access vlan 100
switchport mode dynamic desirable
channel-group 1 mode on
end



swb#show run int fa0/11
Building configuration...

Current configuration : 100 bytes
!
interface FastEthernet0/11
switchport access vlan 100
duplex full
channel-group 1 mode on
end


interface Port-channel1
switchport access vlan 100
end

swb#show etherchannel 1 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/2(P) Fa0/11(D)



swb#show etherchannel 1 detail
Group state = L2
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Fa0/2
------------

Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -

Age of the port in the current state: 0d:00h:08m:45s

Port: Fa0/11
------------

Port state = Down Not-in-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = null GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -

Age of the port in the current state: 0d:00h:03m:44s

Port-channels in the group:
---------------------------

Port-channel: Po1
------------

Age of the Port-channel = 0d:00h:16m:23s
Logical slot/port = 2/1 Number of ports = 1
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/2 On 0

Time since last port bundled: 0d:00h:03m:45s Fa0/11
Time since last port Un-bundled: 0d:00h:03m:45s Fa0/11

swb#









swa:


swa#show run int fa0/1
Building configuration...

Current configuration : 172 bytes
!
interface FastEthernet0/1
switchport access vlan 100
switchport trunk encapsulation dot1q
switchport mode access
speed 100
duplex full
channel-group 1 mode on
end

swa#show run int fa0/2
Building configuration...

Current configuration : 110 bytes
!
interface FastEthernet0/2
switchport access vlan 100
switchport mode access
channel-group 1 mode on
end

swa#


swa#show run int port-ch
swa#show run int port-channel 1
Building configuration...

Current configuration : 83 bytes
!
interface Port-channel1
switchport access vlan 100
switchport mode access
end

swa#


swa#show etherchannel 1 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/1(D) Fa0/2(P)

swa#


swa#show etherchannel 1 detail
Group state = L2
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Fa0/1
------------

Port state = Down Not-in-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = null GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -

Age of the port in the current state: 0d:00h:09m:01s

Port: Fa0/2
------------

Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -

Age of the port in the current state: 0d:00h:11m:12s

Port-channels in the group:
---------------------------

Port-channel: Po1
------------

Age of the Port-channel = 0d:00h:19m:06s
Logical slot/port = 2/1 Number of ports = 1
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/2 On 0

Time since last port bundled: 0d:00h:09m:02s Fa0/1
Time since last port Un-bundled: 0d:00h:06m:49s Fa0/1

swa#
swa#
swa#

FastEthernet0/1 is down, line protocol is down (notconnect)
Hardware is Fast Ethernet, address is 001e.14cf.0883 (bia 001e.14cf.0883)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:08, output 00:00:13, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
159 packets input, 21834 bytes, 0 no buffer
Received 1 broadcasts (96 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 96 multicast, 0 pause input
0 input packets with dribble condition detected
436 packets output, 41811 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out




swa#show int fa0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 001e.14cf.0883 (bia 001e.14cf.0883)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
155 packets input, 21548 bytes, 0 no buffer
Received 1 broadcasts (94 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 94 multicast, 0 pause input
0 input packets with dribble condition detected
434 packets output, 41683 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
swa#conf t



总之一句话，speed 100不能打进去，一打进去，接口的灯就直接灭了。。。
做汇聚，几个有用的故障排除命令：


show etherch 1 summary
show etherch 1 detail

如果是绑定两一个接口，一个已经绑定成功，另一个没有的话，可以通过命令，可以直接查看到原因的！


//不是很正式，随便写写。。。


好像最近总在这种似乎很简单的事情上卡壳，郁闷的说！
......
显示全文...

cisco SDM配置及一个常见错误的解决方法

Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues.

Cisco SDM supports a wide range of Cisco IOS Software releases and is available free of charge on Cisco router models from Cisco 830 Series to Cisco 7301. It ships preinstalled on all new Cisco 850 Series, Cisco 870 Series, Cisco 1800 Series, Cisco 2800 Series, and Cisco 3800 Series integrated services routers.

Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS.


Reduce Total Cost of Ownership
Cisco customers can reduce the total cost of ownership (TCO) of their Cisco routers by relying on Cisco SDM-generated configurations already approved by the Cisco TAC. Configuration checks built into Cisco SDM reduce errors. SDM also helps customers avoid potential network issues by proactively monitoring router performance statistics, system logs, and firewall logs in real time.

Cisco SDM offers smart wizards and advanced configuration support for LAN and WAN interfaces, Network Address Translation (NAT), stateful and application firewall policy, IPS, IPSec VPN, QoS, and NAC policy features. The firewall wizard allows a single-step deployment of high, medium, or low firewall policy settings. Cisco SDM also offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration based on ICSA Labs and Cisco TAC recommendations.

Cisco SDM is a valuable productivity-enhancing tool for businesses and channel partners and allows them to implement router security and network configurations with reduced cost and increased confidence and ease.



在cisco路由器上的配置：

user deng privi 15 sec dengdoor

ip http server

ip http authenti local

ip http secure-server(此时提示下载数字证书) 为可选的https访问

ip http timeout-policy idle 600 lifetime 86400 request 1000 可选的超时值

为远程telnet ssh准备的配置：

line con 0

login local

line vty 0 4

privi level 15

login local

transport input telnet ssh

PC上的运行：

1、安装SDM软件

2、配置PC与路由器F0口在同一网段IP地址

3、启动，此时打开HTTP（S）窗口，会提示15级访问用户验证，内置为cisco/cisco,可能出现JAVA源码的情况：

会跳出一个页面，类似如下：

runAPP.shtml * * Copyright (c) 2004 by Cisco Systems, Inc. All rights reserved. 

很长的一段代码。。。

则：点菜单“工具”->“Internet选项”->"高级"中，将"允许活动内容在我的计算机上的文件中运行"前面的框中打上勾，就应该可以了。这个以前从没用过，第一次碰到这种问题。

目前Cisco 的大部分中低端路由器包括8xx, 17xx, 18xx, 26xx(XM), 28xx, 36xx, 37xx, 38xx, 72xx, 73xx等型号都已经可以支持SDM。

......
显示全文...

h3c 交换机接口下做相同配置时与思科交换机的命令举例

我们在思科的交换机的接口上做相同的配置，通常是是用interface range 的形式，刚开始接触H3C是没有这个相似的命令，很不习惯，还特意打厂家的800，得到答复是没有相关命令，有四十几个接口的情况下，只能做机械运动，无意中看到命令手册里有个命令：
copy configuration
想想配置N多个接口的时候，一下就觉的前途光明了，留之以记之。


【命令】
copy configuration source { interface-type interface-number
aggregation-group source-agg-id } destination { interface-list
[ aggregation-group destination-agg-id ] aggregation-group
destination-agg-id }
【视图】
系统视图
【参数】
interface-type：端口类型。
interface-number：端口号。
source-agg-id：源聚合组号，取值范围为1～26。系统将以该聚合组中端口号最小
的端口作为源端口。
interface-list：目的端口列表。interface-list = { interface-type interface-number } [ to
interface-type interface-number ] &<1-10>。&<1-10>表示前面的参数最多可以输入
10 次。
destination-agg-id：目的聚合组号，取值范围为1～26。
【描述】
copy configuration 命令用来将指定端口的配置拷贝到其它端口，以实现端口配置
的一致。
说明：
如果将拷贝的源配置为聚合组ID，系统将以该聚合组中端口号最小的端口为源。
如果将拷贝的目的地配置为聚合组ID，则该聚合组内所有端口的配置都将改变为与
源一致。
【举例】
# 将聚合组1 的配置拷贝到聚合组2 中的所有端口。
system-view
System View: return to User View with Ctrl+Z.
[H3C] copy configuration source aggregation-group 1 destination
aggregation-group 2......
显示全文...

Cisco 的根据VLAN的HSRP配置实例[转]

hsrp根据vlan做，spanning-tree推荐使用MST
sh run
Building configuration...

Current configuration : 18704 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname H4503ex-3B-B
!
enable secret 5 $1$YXms$vL/ft7Gv8YJvaUXP2BKRD1
!





ip subnet-zero
ip dhcp excluded-address 10.10.2.251 10.10.2.254
ip dhcp excluded-address 10.10.2.1 10.10.2.100
ip dhcp excluded-address 10.10.3.1 10.10.3.100
ip dhcp excluded-address 10.10.3.251 10.10.3.254
ip dhcp excluded-address 10.10.6.1 10.10.6.100
ip dhcp excluded-address 10.10.6.251 10.10.6.254
ip dhcp excluded-address 10.10.9.1 10.10.9.100
ip dhcp excluded-address 10.10.9.251 10.10.9.254
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp excluded-address 10.10.10.251 10.10.10.254
ip dhcp excluded-address 10.10.8.1 10.10.8.100
ip dhcp excluded-address 10.10.8.251 10.10.8.254
ip dhcp excluded-address 10.10.7.1 10.10.7.100
ip dhcp excluded-address 10.10.7.251 10.10.7.254
ip dhcp excluded-address 10.10.5.1 10.10.5.100
ip dhcp excluded-address 10.10.5.251 10.10.5.254
ip dhcp excluded-address 10.10.4.1 10.10.4.100
ip dhcp excluded-address 10.10.4.251 10.10.4.254
ip dhcp excluded-address 10.10.12.1 10.10.12.100
ip dhcp excluded-address 10.10.12.251 10.10.12.254
ip dhcp excluded-address 10.10.11.1 10.10.11.100
ip dhcp excluded-address 10.10.11.251 10.10.11.254
ip dhcp excluded-address 10.10.14.1 10.10.14.100
ip dhcp excluded-address 10.10.14.251 10.10.14.254
ip dhcp excluded-address 10.10.25.1 10.10.25.100
ip dhcp excluded-address 10.10.25.251 10.10.25.254
ip dhcp excluded-address 10.10.13.1 10.10.13.100
ip dhcp excluded-address 10.10.13.251 10.10.13.254
ip dhcp excluded-address 10.10.20.1 10.10.20.100
ip dhcp excluded-address 10.10.20.251 10.10.20.254
ip dhcp excluded-address 10.10.44.1 10.10.44.100
ip dhcp excluded-address 10.10.44.251 10.10.44.254
ip dhcp excluded-address 10.10.101.1 10.10.101.100
ip dhcp excluded-address 10.10.101.251 10.10.101.254
ip dhcp excluded-address 10.10.17.1 10.10.17.100
ip dhcp excluded-address 10.10.17.251 10.10.17.254
ip dhcp excluded-address 10.10.1.1 10.10.1.100
ip dhcp excluded-address 10.10.1.251 10.10.1.254
ip dhcp excluded-address 10.10.23.1 10.10.23.100
ip dhcp excluded-address 10.10.23.251 10.10.23.254
ip dhcp excluded-address 10.10.108.1 10.10.108.100
ip dhcp excluded-address 10.10.108.251 10.10.108.254
ip dhcp excluded-address 10.10.21.1 10.10.21.100
ip dhcp excluded-address 10.10.21.251 10.10.21.254
ip dhcp excluded-address 10.10.15.1 10.10.15.100
ip dhcp excluded-address 10.10.15.251 10.10.15.254
ip dhcp excluded-address 10.10.106.1 10.10.106.100
ip dhcp excluded-address 10.10.106.251 10.10.106.254
ip dhcp excluded-address 10.10.102.1 10.10.102.100
ip dhcp excluded-address 10.10.102.251 10.10.102.254
ip dhcp excluded-address 10.10.18.1 10.10.18.100
ip dhcp excluded-address 10.10.18.251 10.10.18.254
ip dhcp excluded-address 10.10.30.1 10.10.30.100
ip dhcp excluded-address 10.10.30.251 10.10.30.254
ip dhcp excluded-address 10.10.0.1 10.10.0.100
ip dhcp excluded-address 10.10.0.251 10.10.0.254
ip dhcp excluded-address 10.10.105.1 10.10.105.100
ip dhcp excluded-address 10.10.105.251 10.10.105.254
ip dhcp excluded-address 10.10.103.1 10.10.103.100
ip dhcp excluded-address 10.10.103.251 10.10.103.254
ip dhcp excluded-address 10.10.19.1 10.10.19.100
ip dhcp excluded-address 10.10.19.251 10.10.19.254
ip dhcp excluded-address 10.10.16.1 10.10.16.100
ip dhcp excluded-address 10.10.16.251 10.10.16.254
ip dhcp excluded-address 10.10.22.1 10.10.22.100
ip dhcp excluded-address 10.10.22.251 10.10.22.254
!
ip dhcp pool vlan2
network 10.10.2.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.2.254
lease 30
!
ip dhcp pool vlan3
network 10.10.3.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.3.254
lease 30
!
ip dhcp pool vlan4
network 10.10.6.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.6.254
lease 30
!
ip dhcp pool vlan5
network 10.10.9.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.9.254
lease 30
!
ip dhcp pool vlan6
network 10.10.10.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.10.254
lease 30
!
ip dhcp pool vlan7
network 10.10.8.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.8.254
lease 30
!
ip dhcp pool vlan8
network 10.10.7.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.7.254
lease 30
!
ip dhcp pool vlan9
network 10.10.5.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.5.254
lease 30
!
ip dhcp pool vlan10
network 10.10.4.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.4.254
lease 30
!
ip dhcp pool vlan11
network 10.10.12.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.12.254
lease 30
!
ip dhcp pool vlan12
network 10.10.11.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.11.254
lease 30
!
ip dhcp pool vlan13
network 10.10.14.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.14.254
lease 30
!
ip dhcp pool vlan14
network 10.10.25.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.25.254
lease 30
!
ip dhcp pool vlan15
network 10.10.13.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.13.254
lease 30
!
ip dhcp pool vlan16
network 10.10.20.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.20.254
lease 30
!
ip dhcp pool vlan17
network 10.10.44.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.44.254
lease 30
!
ip dhcp pool vlan18
network 10.10.101.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.101.254
lease 30
!
ip dhcp pool vlan19
network 10.10.17.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.17.254
lease 30
!
ip dhcp pool vlan20
network 10.10.1.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.1.254
lease 30
!
ip dhcp pool vlan21
network 10.10.23.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.23.254
lease 30
!
ip dhcp pool vlan22
network 10.10.108.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.108.254
lease 30
!
ip dhcp pool vlan23
network 10.10.21.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.21.254
lease 30
!
ip dhcp pool vlan24
network 10.10.15.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.15.254
lease 30
!
ip dhcp pool vlan26
network 10.10.106.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.106.254
lease 30
!
ip dhcp pool vlan27
network 10.10.102.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.102.254
lease 30
!
ip dhcp pool vlan28
network 10.10.18.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.18.254
lease 30
!
ip dhcp pool vlan30
network 10.10.30.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.30.254
lease 30
!
ip dhcp pool vlan31
network 10.10.0.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.0.254
lease 30
!
ip dhcp pool vlan33
network 10.10.105.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.105.254
lease 30
!
ip dhcp pool vlan34
network 10.10.103.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.103.254
lease 30
!
ip dhcp pool vlan35
network 10.10.19.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.19.254
lease 30
!
ip dhcp pool vlan36
network 10.10.16.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.16.254
lease 30
!
ip dhcp pool vlan37
network 10.10.22.0 255.255.255.0
dns-server 10.62.1.9
default-router 10.10.22.254
lease 30
!
ip dhcp pool vlan25
lease 30
!
ip dhcp pool vlan29
lease 30
!
ip dhcp pool vlan32
lease 30
!
ip dhcp snooping
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-37 priority 8192
power redundancy-mode redundant
!
!
!
!
interface GigabitEthernet1/1
description link to H3550-4A
switchport trunk encapsulation dot1q
switchport mode trunk
speed nonegotiate
!
interface GigabitEthernet1/2
description link to H3550-26B
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/1
description link to 3B-SW1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/2
description link to 3B-SW2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/3
description link to 3B-SW3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/4
description link to 3B-SW4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/5
description link to 3B-SW5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/6
description link to 3B-SW6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/7
description link to 4B-SW1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/8
description link to 4B-SW2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/10
description link to 4B-SW4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/11
description link to 4B-SW5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/17
description link_to_26ceng
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/21
switchport access vlan 31
switchport mode access
!
interface GigabitEthernet3/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/23
description link to H650ex-Core-B
no switchport
ip address 10.103.1.2 255.255.255.252
speed 1000
duplex full
!
interface GigabitEthernet3/24
description link to H4503ex-4B-A
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 10.10.254.101 255.255.255.0
!
interface Vlan2
ip address 10.10.2.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 2 ip 10.10.2.254
standby 2 priority 120
standby 2 preempt
!
interface Vlan3
ip address 10.10.3.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 3 ip 10.10.3.254
standby 3 priority 120
standby 3 preempt
!
interface Vlan4
ip address 10.10.6.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 4 ip 10.10.6.254
standby 4 priority 120
standby 4 preempt
!
interface Vlan5
ip address 10.10.9.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 5 ip 10.10.9.254
standby 5 priority 120
standby 5 preempt
!
interface Vlan6
ip address 10.10.10.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 6 ip 10.10.10.254
standby 6 priority 120
standby 6 preempt
!
interface Vlan7
ip address 10.10.8.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 7 ip 10.10.8.254
standby 7 priority 120
standby 7 preempt
!
interface Vlan8
ip address 10.10.7.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 8 ip 10.10.7.254
standby 8 priority 120
standby 8 preempt
!
interface Vlan9
ip address 10.10.5.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 9 ip 10.10.5.254
standby 9 priority 120
standby 9 preempt
!
interface Vlan10
ip address 10.10.4.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 10 ip 10.10.4.254
standby 10 priority 120
standby 10 preempt
!
interface Vlan11
ip address 10.10.12.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 11 ip 10.10.12.254
standby 11 priority 120
standby 11 preempt
!
interface Vlan12
ip address 10.10.11.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 12 ip 10.10.11.254
standby 12 priority 120
standby 12 preempt
!
interface Vlan13
ip address 10.10.14.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 13 ip 10.10.14.254
standby 13 priority 120
standby 13 preempt
!
interface Vlan14
ip address 10.10.25.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 14 ip 10.10.25.254
standby 14 priority 120
standby 14 preempt
!
interface Vlan15
ip address 10.10.13.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 15 ip 10.10.13.254
standby 15 priority 120
standby 15 preempt
!
interface Vlan16
ip address 10.10.20.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 16 ip 10.10.20.254
standby 16 priority 120
standby 16 preempt
!
interface Vlan17
ip address 10.10.44.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 17 ip 10.10.44.254
standby 17 priority 120
standby 17 preempt
!
interface Vlan18
ip address 10.10.101.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 18 ip 10.10.101.254
standby 18 priority 120
standby 18 preempt
!
interface Vlan19
ip address 10.10.17.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 19 ip 10.10.17.254
standby 19 priority 120
standby 19 preempt
!
interface Vlan20
ip address 10.10.1.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 20 ip 10.10.1.254
standby 20 priority 120
standby 20 preempt
!
interface Vlan21
ip address 10.10.23.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 21 ip 10.10.23.254
standby 21 priority 120
standby 21 preempt
!
interface Vlan22
ip address 10.10.108.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 22 ip 10.10.108.254
standby 22 priority 120
standby 22 preempt
!
interface Vlan23
ip address 10.10.21.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 23 ip 10.10.21.254
standby 23 priority 120
standby 23 preempt
!
interface Vlan24
ip address 10.10.15.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 24 ip 10.10.15.254
standby 24 priority 120
standby 24 preempt
!
interface Vlan25
no ip address
ip access-group 100 in
ip access-group 100 out
standby 25 priority 120
standby 25 preempt
!
interface Vlan26
ip address 10.10.106.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 26 ip 10.10.106.254
standby 26 priority 120
standby 26 preempt
!
interface Vlan27
ip address 10.10.102.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 27 ip 10.10.102.254
standby 27 priority 120
standby 27 preempt
!
interface Vlan28
ip address 10.10.18.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 28 ip 10.10.18.254
standby 28 priority 120
standby 28 preempt
!
interface Vlan29
no ip address
ip access-group 100 in
ip access-group 100 out
standby 29 ip
standby 29 priority 120
standby 29 preempt
!
interface Vlan30
ip address 10.10.30.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 30 ip 10.10.30.254
standby 30 priority 120
standby 30 preempt
!
interface Vlan31
ip address 10.10.0.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 31 ip 10.10.0.254
standby 31 priority 120
standby 31 preempt
!
interface Vlan32
no ip address
ip access-group 100 in
ip access-group 100 out
standby 32 priority 120
standby 32 preempt
!
interface Vlan33
ip address 10.10.105.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 33 ip 10.10.105.254
standby 33 priority 120
standby 33 preempt
!
interface Vlan34
ip address 10.10.103.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 34 ip 10.10.103.254
standby 34 priority 120
standby 34 preempt
!
interface Vlan35
ip address 10.10.19.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 35 ip 10.10.19.254
standby 35 priority 120
standby 35 preempt
!
interface Vlan36
ip address 10.10.16.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 36 ip 10.10.16.254
standby 36 priority 120
standby 36 preempt
!
interface Vlan37
ip address 10.10.22.253 255.255.255.0
ip access-group 100 in
ip access-group 100 out
standby 37 ip 10.10.22.254
standby 37 priority 120
standby 37 preempt
!
interface Vlan1000
ip address 10.200.10.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 10.103.1.1
ip route 0.0.0.0 0.0.0.0 10.200.10.1 20
ip route 10.103.2.0 255.255.255.252 Vlan1000
no ip http server
!
!
!
access-list 100 deny tcp any any eq 135
access-list 100 deny tcp any any eq 136
access-list 100 deny tcp any any eq 137
access-list 100 deny tcp any any eq 138
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 136
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny udp any any eq netbios-ss
access-list 100 deny tcp any any eq 445
access-list 100 deny udp any any eq 445
access-list 100 deny tcp any any eq 4444
access-list 100 deny udp any any eq 389
access-list 100 deny udp any any eq 1434
access-list 100 deny udp any any eq 1433
access-list 100 deny tcp any any eq 1068
access-list 100 deny udp any any eq 1068
access-list 100 deny tcp any any eq 5554
access-list 100 deny udp any any eq 5554
access-list 100 deny tcp any any eq 9996
access-list 100 deny udp any any eq 9996
access-list 100 deny tcp any any eq 1023
access-list 100 deny udp any any eq 1023
access-list 100 deny tcp any any eq 593
access-list 100 permit ip any any
!
!
line con 0
stopbits 1
line vty 0 4
exec-timeout 360 0
password 123
login
!
end

H4503ex-3B-B#sh span
H4503ex-3B-B#sh spanning-tree ?
active Report on active interfaces only
backbonefast Show spanning tree backbonefast status
blockedports Show blocked ports
bridge Status and configuration of this bridge
detail Detailed information
inconsistentports Show inconsistent ports
interface Spanning Tree interface status and configuration
mst Multiple spanning trees
pathcost Show Spanning pathcost options
root Status and configuration of the root bridge
summary Summary of port states
uplinkfast Show spanning tree uplinkfast status
vlan VLAN Switch Spanning Trees
Output modifiers


H4503ex-3B-B#sh spanning-tree su

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 8193
Address 0014.f282.4d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8193 (priority 8192 sys-id-ext 1)
Address 0014.f282.4d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1 Desg FWD 4 128.1 P2p Peer(STP)
Gi3/1 Desg FWD 19 128.129 P2p Peer(STP)
Gi3/2 Desg FWD 19 128.130 P2p Peer(STP)
Gi3/3 Desg FWD 4 128.131 P2p Peer(STP)
Gi3/4 Desg FWD 19 128.132 P2p Peer(STP)
Gi3/5 Desg FWD 19 128.133 P2p Peer(STP)
Gi3/6 Desg FWD 19 128.134 P2p Peer(STP)
Gi3/7 Desg FWD 4 128.135 P2p
Gi3/8 Desg FWD 4 128.136 P2p Peer(STP)
Gi3/17 Desg FWD 19 128.145 P2p Peer(STP)
Gi3/22 Desg FWD 19 128.150 P2p Peer(STP)
Gi3/24 Desg FWD 4 128.152 P2p


VLAN0002
Spanning tree enabled protocol rstp
Root ID Priority 8194
Address 0014.f282.4d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8194 (priority 8192 sys-id-ext 2)
Address 0014.f282.4d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1 Desg FWD 4 128.1 P2p Peer(STP)
Gi3/1 Desg FWD 19 128.129 P2p Peer(STP)
Gi3/2 Desg FWD 19 128.130 P2p Peer(STP)
Gi3/3 Desg FWD 4 128.131 P2p Peer(STP)
Gi3/4 Desg FWD 19 128.132 P2p Peer(STP)
Gi3/5 Desg FWD 19 128.133 P2p Peer(STP)
Gi3/6 Desg FWD 19 128.134 P2p Peer(STP)
Gi3/7 Desg FWD 4 128.135 P2p
Gi3/8 Desg FWD 4 128.136 P2p Peer(STP)
Gi3/17 Desg FWD 19 128.145 P2p Peer(STP)
Gi3/22 Desg FWD 19 128.150 P2p Peer(STP)
Gi3/24 Desg FWD 4 128.152 P2p

--More--  
VLAN0003
Spanning tree enabled protocol rstp
Root ID Priority 8195
Address 0014.f282.4d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8195 (priority 8192 sys-id-ext 3)
Address 0014.f282.4d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1 Desg FWD 4 128.1 P2p Peer(STP)
Gi3/1 Desg FWD 19 128.129 P2p Peer(STP)
Gi3/2 Desg FWD 19 128.130 P2p Peer(STP)
Gi3/3 Desg FWD 4 128.131 P2p Peer(STP)
Gi3/4 Desg FWD 19 128.132 P2p Peer(STP)
Gi3/5 Desg FWD 19 128.133 P2p Peer(STP)
Gi3/6 Desg FWD 19 128.134 P2p Peer(STP)
Gi3/7 Desg FWD 4 128.135 P2p
Gi3/8 Desg FWD 4 128.136 P2p Peer(STP)
Gi3/17 Desg FWD 19 128.145 P2p Peer(STP)
Gi3/22 Desg FWD 19 128.150 P2p Peer(STP)
Gi3/24 Desg FWD 4 128.152 P2p

--More--  
VLAN0004
Spanning tree enabled protocol rstp
Root ID Priority 8196
Address 0014.f282.4d80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8196 (priority 8192 sys-id-ext 4)
Address 0014.f282.4d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1 Desg FWD 4 128.1 P2p Peer(STP)
Gi3/1 Desg FWD 19 128.129 P2p Peer(STP)
Gi3/2 Desg FWD 19 128.130 P2p Peer(STP)
Gi3/3 Desg FWD 4 128.131 P2p Peer(STP)
Gi3/4 Desg FWD 19 128.132 P2p Peer(STP)
Gi3/5 Desg FWD 19 128.133 P2p Peer(STP)
Gi3/6 Desg FWD 19 128.134 P2p Peer(STP)
Gi3/7 Desg FWD 4 128.135 P2p
Gi3/8 Desg FWD 4 128.136 P2p Peer(STP)
Gi3/17 Desg FWD 19 128.145 P2p Peer(STP)
Gi3/22 Desg FWD 19 128.150 P2p Peer(STP)
Gi3/24 Desg FWD 4 128.152 P2p

--More--  
H4503ex-3B-B#sh spanning-tree summ
H4503ex-3B-B#sh spanning-tree summary ?
totals Only show totals
Output modifiers


H4503ex-3B-B#sh spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001-VLAN0037
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 12 12
VLAN0002 0 0 0 12 12
VLAN0003 0 0 0 12 12
VLAN0004 0 0 0 12 12
VLAN0005 0 0 0 12 12
VLAN0006 0 0 0 12 12
VLAN0007 0 0 0 12 12
VLAN0008 0 0 0 12 12
VLAN0009 0 0 0 12 12
VLAN0010 0 0 0 12 12
VLAN0011 0 0 0 12 12
VLAN0012 0 0 0 12 12
VLAN0013 0 0 0 12 12
VLAN0014 0 0 0 12 12
VLAN0015 0 0 0 12 12
VLAN0016 0 0 0 12 12
VLAN0017 0 0 0 12 12
VLAN0018 0 0 0 12 12
VLAN0019 0 0 0 12 12
VLAN0020 0 0 0 12 12
VLAN0021 0 0 0 12 12
VLAN0022 0 0 0 12 12
VLAN0023 0 0 0 12 12
VLAN0024 0 0 0 12 12
VLAN0025 0 0 0 12 12
VLAN0026 0 0 0 12 12
VLAN0027 0 0 0 12 12
VLAN0028 0 0 0 12 12
VLAN0029 0 0 0 12 12
VLAN0030 0 0 0 12 12
VLAN0031 0 0 0 12 12
VLAN0032 0 0 0 12 12
VLAN0033 0 0 0 12 12
VLAN0034 0 0 0 12 12
VLAN0035 0 0 0 12 12
VLAN0036 0 0 0 12 12
VLAN0037 0 0 0 12 12
VLAN0100 0 0 0 12 12
VLAN1000 0 0 0 12 12
---------------------- -------- --------- -------- ---------- ----------
39 vlans 0 0 0 468 468
H4503ex-3B-B#sh spanning-tree summary         bri
H4503ex-3B-B#sh spanning-tree bridge

Hello Max Fwd
Vlan Bridge ID Time Age Dly Protocol
---------------- --------------------------------- ----- --- --- --------
VLAN0001 8193 ( 8192, 1) 0014.f282.4d80 2 20 15 rstp
VLAN0002 8194 ( 8192, 2) 0014.f282.4d80 2 20 15 rstp
VLAN0003 8195 ( 8192, 3) 0014.f282.4d80 2 20 15 rstp
VLAN0004 8196 ( 8192, 4) 0014.f282.4d80 2 20 15 rstp
VLAN0005 8197 ( 8192, 5) 0014.f282.4d80 2 20 15 rstp
VLAN0006 8198 ( 8192, 6) 0014.f282.4d80 2 20 15 rstp
VLAN0007 8199 ( 8192, 7) 0014.f282.4d80 2 20 15 rstp
VLAN0008 8200 ( 8192, 8) 0014.f282.4d80 2 20 15 rstp
VLAN0009 8201 ( 8192, 9) 0014.f282.4d80 2 20 15 rstp
VLAN0010 8202 ( 8192, 10) 0014.f282.4d80 2 20 15 rstp
VLAN0011 8203 ( 8192, 11) 0014.f282.4d80 2 20 15 rstp
VLAN0012 8204 ( 8192, 12) 0014.f282.4d80 2 20 15 rstp
VLAN0013 8205 ( 8192, 13) 0014.f282.4d80 2 20 15 rstp
VLAN0014 8206 ( 8192, 14) 0014.f282.4d80 2 20 15 rstp
VLAN0015 8207 ( 8192, 15) 0014.f282.4d80 2 20 15 rstp
VLAN0016 8208 ( 8192, 16) 0014.f282.4d80 2 20 15 rstp
VLAN0017 8209 ( 8192, 17) 0014.f282.4d80 2 20 15 rstp
VLAN0018 8210 ( 8192, 18) 0014.f282.4d80 2 20 15 rstp
VLAN0019 8211 ( 8192, 19) 0014.f282.4d80 2 20 15 rstp
VLAN0020 8212 ( 8192, 20) 0014.f282.4d80 2 20 15 rstp
VLAN0021 8213 ( 8192, 21) 0014.f282.4d80 2 20 15 rstp
VLAN0022 8214 ( 8192, 22) 0014.f282.4d80 2 20 15 rstp
VLAN0023 8215 ( 8192, 23) 0014.f282.4d80 2 20 15 rstp
VLAN0024 8216 ( 8192, 24) 0014.f282.4d80 2 20 15 rstp
VLAN0025 8217 ( 8192, 25) 0014.f282.4d80 2 20 15 rstp
VLAN0026 8218 ( 8192, 26) 0014.f282.4d80 2 20 15 rstp
VLAN0027 8219 ( 8192, 27) 0014.f282.4d80 2 20 15 rstp
VLAN0028 8220 ( 8192, 28) 0014.f282.4d80 2 20 15 rstp
VLAN0029 8221 ( 8192, 29) 0014.f282.4d80 2 20 15 rstp
VLAN0030 8222 ( 8192, 30) 0014.f282.4d80 2 20 15 rstp
VLAN0031 8223 ( 8192, 31) 0014.f282.4d80 2 20 15 rstp
VLAN0032 8224 ( 8192, 32) 0014.f282.4d80 2 20 15 rstp
VLAN0033 8225 ( 8192, 33) 0014.f282.4d80 2 20 15 rstp
VLAN0034 8226 ( 8192, 34) 0014.f282.4d80 2 20 15 rstp
VLAN0035 8227 ( 8192, 35) 0014.f282.4d80 2 20 15 rstp
VLAN0036 8228 ( 8192, 36) 0014.f282.4d80 2 20 15 rstp
VLAN0037 8229 ( 8192, 37) 0014.f282.4d80 2 20 15 rstp
VLAN0100 32868 (32768, 100) 0014.f282.4d80 2 20 15 rstp
VLAN1000 33768 (32768,1000) 0014.f282.4d80 2 20 15 rstp
H4503ex-3B-B#sh vlan ?
access-map Vlan access-map
brief VTP all VLAN status in brief
dot1q Display dot1q parameters
filter VLAN filter information
id VTP VLAN status by VLAN id
ifindex SNMP ifIndex
internal VLAN internal usage
mtu VLAN MTU information
name VTP VLAN status by VLAN name
private-vlan Private VLAN information
remote-span Remote SPAN VLANs
summary VLAN summary information
Output modifiers


H4503ex-3B-B#sh vlan ?
access-map Vlan access-map
brief VTP all VLAN status in brief
dot1q Display dot1q parameters
filter VLAN filter information
id VTP VLAN status by VLAN id
ifindex SNMP ifIndex
internal VLAN internal usage
mtu VLAN MTU information
name VTP VLAN status by VLAN name
private-vlan Private VLAN information
remote-span Remote SPAN VLANs
summary VLAN summary information
Output modifiers


H4503ex-3B-B#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/2, Gi3/9, Gi3/10, Gi3/11, Gi3/12
Gi3/13, Gi3/14, Gi3/15, Gi3/16
Gi3/18, Gi3/19, Gi3/20
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
5 VLAN0005 active
6 VLAN0006 active
7 VLAN0007 active
8 VLAN0008 active
9 VLAN0009 active
10 VLAN0010 active
11 VLAN0011 active
12 VLAN0012 active
13 VLAN0013 active
14 VLAN0014 active
15 VLAN0015 active
16 VLAN0016 active
17 VLAN0017 active
18 VLAN0018 active
19 VLAN0019 active
20 VLAN0020 active
21 VLAN0021 active
22 VLAN0022 active
23 VLAN0023 active
24 VLAN0024 active
25 VLAN0025 active
26 VLAN0026 active
27 VLAN0027 active
28 VLAN0028 active
29 VLAN0029 active
30 VLAN0030 active
31 VLAN0031 active Gi3/21
32 VLAN0032 active
33 VLAN0033 active
34 VLAN0034 active
35 VLAN0035 active
36 VLAN0036 active
37 VLAN0037 active
100 VLAN0100 active
1000 VLAN1000 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
--More--  
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0
9 enet 100009 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
13 enet 100013 1500 - - - - - 0 0
14 enet 100014 1500 - - - - - 0 0
15 enet 100015 1500 - - - - - 0 0
16 enet 100016 1500 - - - - - 0 0
17 enet 100017 1500 - - - - - 0 0
18 enet 100018 1500 - - - - - 0 0
19 enet 100019 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
21 enet 100021 1500 - - - - - 0 0
22 enet 100022 1500 - - - - - 0 0
23 enet 100023 1500 - - - - - 0 0
24 enet 100024 1500 - - - - - 0 0
25 enet 100025 1500 - - - - - 0 0
26 enet 100026 1500 - - - - - 0 0
27 enet 100027 1500 - - - - - 0 0
28 enet 100028 1500 - - - - - 0 0
29 enet 100029 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
31 enet 100031 1500 - - - - - 0 0
32 enet 100032 1500 - - - - - 0 0
33 enet 100033 1500 - - - - - 0 0
34 enet 100034 1500 - - - - - 0 0
35 enet 100035 1500 - - - - - 0 0
36 enet 100036 1500 - - - - - 0 0
37 enet 100037 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1000 enet 101000 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
--More--  
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
......
显示全文...

h3c 与 思科的光纤模块如何配对？

思科的光模块与h3c的光纤模块能不能配对？在施工现场我用了两个厂商的多模光纤模块，试过一次，不行，但是在思科官方论坛上，看到有成功的案子，


回答时间：Sep 21, 2007 5:08:15 PM
回答内容： 光接口模块类型不管是GBIC还是SFP，只要对端是1310 GE单模的，应该可以互通。
留言以记之，下次有机会再测一次，注意速度与波长的匹配！


......
显示全文...

Cisco 375 0交换机的堆叠

3750堆叠不同于3550，是真正的堆叠，Catalyst 3750系列使用StackWise技术，它是一种创新性的堆叠架构，提供了一个32Gbps的堆叠互联，连接多达9台交换机，并将它们整合为一个统一的、逻辑的、针对融合而优化的设备，从而让客户可以更加放心地部署语音、视频和数据应用，3750采用的是背板堆叠的方式，机器本身有堆叠口需专门的堆叠线可以达到32G带宽，交换机堆叠后，从逻辑上来说，它们属于同一个设备。这样，如果你想对这几台交换机进行设置，只要连接到任何一台设备上，就可看到堆叠中的其他交换机（3750做堆叠需要专用堆叠线缆，产品自带0.5米堆叠线缆）。
　　一、基本要求：

　　ios版本要一致（最好一致）、专用的堆叠模块和堆叠线缆、最大堆叠个数 9
二、堆叠的好处：

　　高密度端口、便于管理（配置时显示的是一台交换机，slot号不同）

　　三、堆叠实例：

　　1：物理连接好堆叠线缆，连接方法为master的stack1连接到slave的stack2上面。

　　2：开master，不作任何的配置。等完全启动后。

　　3：开slave的机器。

　　4：不作任何的配置。（线插好，开机自动堆叠选举，亮 master的就是主）

　　注：也可以先做堆叠配置：如IP地址、优先级等等

　　四、察看当前堆叠状态：

　　show platform stack-manager all 显示所有交换堆叠的信息

　　show switch 显示堆叠交换机的汇总信息

　　show switch 1 显示一号交换机的信息

　　show switch detail 显示堆叠成员明细的信息

　　show switch neighbors 显示堆叠邻居的完整信息

　　show switch stack-ports 显示堆叠交换机的完整端口信息

　　五、注意事项

　　1、 型号可以不同，但版本一定要想同

　　2、 最好断电下操作，但带电操作也可以

　　3、 3750不能与3550进行堆叠
......
显示全文...

CISCO NAT设置

CISCO 目前NAT一共有三种用法，
第一：是一个公有地址对应一个私有地址 。



第二： 几个私有地址对应几个公有地址。
（数量不需要相等，公有地址多的话，就不会做NAT转换了，还不如一个人直接给一个公有地址。这点别搞胡涂了。所以这个一般出现在一群私有地址对应几个公有IP地址情况）



第三种是：一个公有地址对应一大群私有地址（这个目前叶用地很多）



设置NAT功能的路由器至少要有一个内部端口（Inside），一个外部端口（Outside）。内部端口连接的网络用户使用的是内部IP地址。 内部端口可以为任意一个路由器端口。外部端口连接的是外部的网络，如Internet 。外部端口可以为路由器上的任意端口。
　　设置NAT功能的路由器的IOS应支持NAT功能(本文事例所用路由器为Ｃisco2501，其IOS为11.2版本以上支持NAT功能)。


四、关于NAT的几个概念：
　　内部本地地址（Inside local address）：分配给内部网络中的计算机的内部IP地址。
　　内部合法地址（Inside global address）：对外进入IP通信时，代表一个或多个内部本地地址的合法IP地址。需要申请才可取得的IP地址。
五、NAT的设置方法：
　　NAT设置可以分为静态地址转换、动态地址转换、复用动态地址转换。
　　1、静态地址转换适用的环境
静态地址转换将内部本地地址与内部合法地址进行一对一的转换，且需要指定和哪个合法地址进行转换。如果内部网络有E-mail服务器或FTP服务器等可以为外部用户提供的服务，这些服务器的IP地址必须采用静态地址转换，以便外部用户可以使用这些服务。
　　静态地址转换基本配置步骤：
　 （1）、在内部本地地址与内部合法地址之间建立静态地址转换。在全局设置状态下输入：
　　　　Ip nat inside source static 内部本地地址 内部合法地址
　　（2）、指定连接网络的内部端口 在端口设置状态下输入：
　　　　　ip nat inside
　　（3）、指定连接外部网络的外部端口 在端口设置状态下输入：
　　　　　ip nat outside
　　注：可以根据实际需要定义多个内部端口及多个外部端口。
实例1：
本实例实现静态NAT地址转换功能。将CISCO 2501的以太口作为内部端口，同步端口０作为外部端口。其中10.1.1.2，10.1.1.3，10.1.1.4的内部本地地址采用静态地址转换。其内部合法地址分别对应为192.1.1.2，192.1.1.3，192.1.1.4。
路由器2501的配置：
Current configuration：
version 11.3
no service password-encryption
hostname 2501
ip nat inside source static 10.1.1.2 192.1.1.2
ip nat inside source static 10.1.1.3 192.1.1.3
ip nat inside source static 10.1.1.4 192.1.1.4
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside
no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
line con 0
line aux 0
line vty 0 4
password cisco
end
配置完成后可以用以下语句进行查看：
show ip nat statistcs
show ip nat translations
　　2、动态地址转换适用的环境：
动态地址转换也是将本地地址与内部合法地址一对一的转换，但是动态地址转换是从内部合法地址池中动态地选择一个末使用的地址对内部本地地址进行转换。
　　动态地址转换基本配置步骤：
　　（1）、在全局设置模式下，定义内部合法地址池
　　　ip nat pool 地址池名称 起始IP地址 终止IP地址 子网掩码
　　　其中地址池名称可以任意设定。
　　（2）、在全局设置模式下，定义一个标准的access-list规则以允许哪些内部地址可以进行动态地址转换。
　　　Access-list 标号 permit 源地址 通配符
　　　其中标号为1-99之间的整数。
　　（3）、在全局设置模式下，将由access-list指定的内部本地地址与指定的内部合法地址池进行地址转换。
　　　ip nat inside source list 访问列表标号 pool内部合法地址池名字
　　（4）、指定与内部网络相连的内部端口在端口设置状态下：
　　　ip nat inside
　　（5）、指定与外部网络相连的外部端口
　　　Ip nat outside
实例2：
　　 本实例中硬件配置同上，运用了动态NAT地址转换功能。将2501的以太口作为内部端口，同步端口０作为外部端口。其中10.1.1.0网段采用动态地址转换。对应内部合法地址为192.1.1.2~192.1.1.10
Current configuration：
version 11.3
no service password-encryption
hostname 2501
ip nat pool aaa 192.1.1.2 192.1.1.10 netmask 255.255.255.0
ip nat inside source list 1 pool aaa
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside

no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
access-list 1 permit 10.1.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
password cisco
end
　　3、复用动态地址转换适用的环境：
　　复用动态地址转换首先是一种动态地址转换，但是它可以允许多个内部本地地址共用一个内部合法地址。只申请到少量IP地址但却经常同时有多于合法地址个数的用户上外部网络的情况，这种转换极为有用。
　　注意：当多个用户同时使用一个IP地址，外部网络通过路由器内部利用上层的如TCP或UDP端口号等唯一标识某台计算机。　　
　　复用动态地址转换配置步骤：
　　在全局设置模式下，定义内部合地址池
　　ip nat pool 地址池名字 起始IP地址 终止IP地址 子网掩码
　　其中地址池名字可以任意设定。
　　在全局设置模式下，定义一个标准的access-list规则以允许哪些内部本地地址可以进行动态地址转换。
　　access-list 标号 permit 源地址 通配符
　　其中标号为1－99之间的整数。
　　在全局设置模式下，设置在内部的本地地址与内部合法IP地址间建立复用动态地址转换。
　ip nat inside source list 访问列表标号 pool 内部合法地址池名字 overload
　　在端口设置状态下，指定与内部网络相连的内部端口
　　ip nat inside
　　在端口设置状态下，指定与外部网络相连的外部端口
　　ip nat outside
实例：应用了复用动态NAT地址转换功能。将2501的以太口作为内部端口，同步端口０作为外部端口。10.1.1.0网段采用复用动态地址转换。假设企业只申请了一个合法的IP地址192.1.1.1。
2501的配置
Current configuration：
version 11.3
no service password-encryption
hostname 2501
ip nat pool bbb 192.1.1.1 192.1.1.1 netmask 255.255.255.0
ip nat inside source list 1 pool bbb overload
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside
no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
access-list 1 permit 10.1.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
password cisco
end


......
显示全文...

Cisco设备做流量监控方法汇总

方法一：HUB（方法太简单。。。略）
方法二：TAP（太专业了。。还要另外投资）
方法三：SPAN（就是大家常说得Port Mirror或者Port Monitor）
1。Cat2900XL/3500XL
2900XL(config)#interface fastethernet 0/24 //进入接口配置模式下
2900XL(config)#port monitor fastethernet 0/1 //配置f0/1为被监视得端口
2900XL(config)#port monitor fastethernet 0/2 //配置f0/2为被监视得端口

通过上面得配置就可以把进出f0/1和f0/2两个端口得流量镜像到f0/24

通过
show port monitor可以参看交换机得SPAN配置情况

2。Cat2950/3550/3750
3550(config)#monitor session 1 source interface f0/1 - 3 rx
//指定SPAN session组号为1，源端口为f0/1-f0/3，对进这三个端口的流量
//rx-->指明是进端口得流量，tx-->出端口得流量 both 进出得流量
3550(config)#monitor session 1 destination interface f0/4
//指定监视端口为f0/4


3。Cat4000/6500 with CatOS
set span命令
cat4k#set span 1/2 1/3
//把1/2得流量镜像到1/3

4。Cat4500/6500 with IOS
同2--Cat2950/3550/3750

方法四:VACL
VACL=VLAN ACL=Security ACL
只能在Cat6500上使用

CatOS：
c6509 (enable) set security acl ip MyCap permit tcp any any eq 443
c6509 (enable) set security acl ip MyCap permit tcp any eq 443 any
c6509 (enable) set security acl ip MyCap permit ip any any capture
//排除所有访问443端口的流量，其他流量都是感兴趣的
c6509 (enable) commit security acl MyCap
//定义一个security ACL的name
c6509 (enable) set security acl map MyCap 100,101
//把security ACL应用到vlan 100和101上
c6509 (enable) set security acl capture-ports 3/1
//把capture的流量镜像到3/1端口上


IOS：

c6509(config)# access-list 100 permit ip any any
c6509(config)# vlan access-map MyCap 10
c6509(config-access-map)# match ip address 100
c6509(config-access-map)# action forward capture
c6509(config)# vlan filter MyCap vlan-list 200 , 201
c6509(config)# interface gi3/1
c6509(config-if)# switchport capture
......
显示全文...