神州数码交换机路由器命令汇总(最简输入版)

1、青岛开发区职业中专神州数码交换机路由器命令汇总(部分)2016年3月23日星期三修改_注：本文档命令为最简命令，如不懂请在机器上实验注：交换机版本信息：DCRS-5650-28(R4) Device, Compiled on Aug 12 10:58:26 2013sysLocation ChinaCPU Mac 00:03:0f:24:a2:a7Vlan MAC 00:03:0f:24:a2:a6SoftWare Version 7.0.3.1(B0043.0003)BootRom Version 7.1.103HardWare Version 2.0.1CPLD Version N/ASe

2、rial No.:1Copyright (C) 2001-2013 by Digital China Networks Limited.All rights reservedLast reboot is warm reset.Uptime is 0 weeks, 0 days, 1 hours, 42 minutes路由器版本信息：Digital China Networks Limited Internetwork Operating System SoftwareDCR-2659 Series Software, Version 1.3.3H (MIDDLE), RELEASE SOFTW

3、ARECopyright 2012 by Digital China Networks(BeiJing) LimitedCompiled: 2012-06-07 11:58:07 by system, Image text-base: 0x6004ROM: System Bootstrap, Version 0.4.2Serial num:8IRTJ610CA15000001, ID num:201404System image file is "DCR-2659_1.3.3H.bin"Digital China-DCR-2659 (PowerPC) Processor65

4、536K bytes of memory,16384K bytes of flashRouter uptime is 0:00:44:44, The current time: 2002-01-01 00:44:44Slot 0: SCC Slot Port 0: 10/100Mbps full-duplex Ethernet Port 1: 2M full-duplex Serial Port 2: 2M full-duplex Serial Port 3: 1000Mbps full-duplex Ethernet Port 4: 1000Mbps full-duplex Ethernet

5、 Port 5: 1000Mbps full-duplex Ethernet Port 6: 1000Mbps full-duplex Ethernet一、交换机配置命令1.基本配置switch > en （enable）进入特权用户模式switch # con (config) 进入全局配置模式switch (config)# ho switch (hostname) 配置交换机名称switch (config)# in e1/0/1 进入接口配置模式switch (config-if-ethernet1/0/1)# exswitch (config)# in vl 1 进入VLAN配

6、置模式switch (config-if-vlan1)# ipad 192.168.1.252255.255.255.0输入这条命令会出现: Invalid ENCRYPTED password! Please input the ENCRYPTED password with length 32 密码位数不够32位switch (config-if-vlan1)# exswitch (config)# ena p 1234 配置交换机密码(不加密)switch (config)# ena p 7 1234 配置交换机密码（加密）switch (config)# vl 10 创建vlanswi

7、tch (config-vlan10)#exswitch (config)# in vl 10switch (config-if-vlan10)# ip ad 172.16.10.1 255.255.255.0 配置VLAN地址2.生成树技术switch (config)# sp (spanning-tree) 启用全局生成树（默认mstp生成树技术）switch (config)# sp mo stp/rstp /mstp (生成树/快速生成树/多生成树技术)switch (config)# sp ms 0 p 4096 设置交换机的优先级 默认32768switch (config)# s

8、h sp (show spanning-tree) 查看生成树3.交换机Web管理switch (config)# ip ht serswitch (config)# usern admin pa 1234 用户名和密码4.交换机Telnet管理switch (config)# telnet-s e (telnet enable) 开启telnet服务switch (config)# usern admin pa 1234 用户名和密码5.链路聚合(不需启动生成树)第 8 页 共 8 页switchA (config)# port-g 1 (prot-group)switchA (config

9、)# in e1/0/1-2switchA (config-port-range)# po 1 m on/activeswitchA (config-port-range)# exswitchA (config)# no port-g 1 删除组1switchB (config)# port-g 2switchB (config)# in e1/0/3-4switchB (config-port-range)# po 2 m on/activeswitchB (config-port-range)# exswitchB (config)# no port-g 2 删除组26.交换机MAC与IP

10、绑定switch (config)# am e (am enable) 启用全局am功能 switch (config)# in e1/0/1switch (config_if_ethernet1/0/1)# am p (am port) 打开端口am功能switch (config_if_ethernet1/0/1)# am m (mac-ip-pool) 00-A0-D1-D1-07-FF 192.168.1.101switch (config_if_ethernet1/0/1)# exswitch (config)# in e1/0/2switch (config_if_ethernet

11、1/0/2)# no am p 解锁端口7.交换机MAC与IP绑定静态绑定switch (config)# in e1/0/1switch (config_if_ethernet1/0/1)# sw p (port-security) 开启绑定功能switch (config_if_ethernet1/0/1)# sw p mac 00-a0-d1- d1-07-ff 添加静态MAC地址switch (config_if_ethernet1/0/1)# sw p max 4 绑定MAC地址的个数（默认为1）动态绑定 (实验中交换机没有动态绑定命令)switch (config)# in e1/

12、0/1switch (config_if_ethernet1/0/1)# sw p (port-security) 开启绑定功能switch (config_if_ethernet1/0/1)# sw port-security lock switch (config_if_ethernet1/0/1)# sw port-security convert 将动态学习到绑定MAC的进行绑定 switch # sh port-s add 查看绑定的地址8.交换机DHCP服务器配置switch (config)# service dhcp 启用DHCPswitch (config)# ip dh p

13、o poolA 定义地址池poolAswitch (dhcp-poolA- config)# netw (network-address) 192.168.1.0 24switch (dhcp-poolA- config)# de (default-router) 192.168.1.254 网关switch (dhcp-poolA- config)# dn 60.191.244.5 DNS服务器switch (dhcp-poolA- config)# le 3 租期3天switch (dhcp-poolA- config)# exswitch (config)# ip dh ex (excl

14、uded-add) 192.168.1.252 192.168.1.254 排除地址范围9.保留地址（一个地址池中只能配一个IP-MAC的绑定）switch (config)# ip dh po poolCswitch (dhcp-poolC- config)# ho 192.168.1.100 绑定的IP地址switch (dhcp-poolC- config)# ha (hardware-add) 00-a0-d1- d1-07-ff 绑定的MAC地址switch (dhcp-poolC- config)# de 192.168.1.254 网关10.ACL访问控制列表switchA (c

15、onfig)# ip ac s (standard) test 命名标准IP访问列表switchA (config-std-nacl-test)# d (deny) 192.168.100.0 0.0.0.255 反子网掩码 （路由器上为子网掩码）switchA (config-std-nacl-test)# d 192.168.200.0 0.0.0.255switchA (config-std-nacl-test)# p (permit) a (permit any) 允许所有switchA (config-std-nacl-test)# exswitchA (config)# fir e

16、 (firewall enable) 开启ACL功能switchA (config)# in e1/0/1 switchA (config-if-interface1/0/1)# ip ac (access-group) test in/out 进in出out （二层交换机上不支持out）11.配置时间范围switchA (config)# time-r worktime switchA (config-time-range)# p (periodic) weekd 9:0:0 to 18:0:012.VRRP虚拟路由器冗余协议 Master BackupswitchA (config)# r

17、outerv 1 switchB (config_router)# router v 1switchA (config_router)# v (virtual-ip) 192.168.1.254 switchB (config_router)# v 192.168.1.254switchA (config_router)# i v 1 (interface vlan 1) switchB (config_router)# i v 1switchA (config_router)# pri 110 switchB (config_router)# enaswitchA (config_route

18、r)# c (circuit-failover) v 10 20switchA (config_router)# ena13.DHCP中继DHCP_relay (config)# service dhcp 全局开启DHCP服务DHCP_relay (config)# ip fo u b (ip forward-protocol udp bootps) 全局开启转发DHCP_relay (config)# in vl 10DHCP_relay (config-if-vlan10)# ip h 172.16.1.1 转发到DHCP服务器地址14.DHCP侦听DHCP (config)# servi

19、ce dhcpDHCP (config)# ip dh sn e 开启DHCP侦听功能DHCP (config)# in e1/0/1DHCP (config-if-ethernet1/0/1)# ip d s t (ip dhcp snooping trust)设置上联口为信任口15.端口隔离Switch (config)# isgtestsie1/0/1-2 (isolate-port group test switchport interface e1/0/1-2)e1/0/1-2口不能互相通信，可以和其它端口通信。16.端口镜像Switch (config)# mos1sie1/0/1

20、 both/rx/tx/access-l (monitor session 1 source interface e1/0/1)Switch (config)# mos1die1/0/2 (monitor session 1 destination interface e1/0/2)Source为被镜像的地址 Destination为镜像到的地址 both为全部流量 rx为接收 tx为发送17.端口限速Switch (config)# in e1/0/1Switch (config-if-ethernet1/0/1)# ba c 10000 both/receive/transmit (ban

21、dwidth control)18.ARP攻击防护Switch (config)# in e1/0/1Switch (config-if-ethernet1/0/1)# ari192.168.1.254 (arp-guard ip) 绑定网关IPSwitch (config-if-ethernet1/0/1)# exSwitch (config)# an e (anti-arpscan enable) 开启防ARP扫描Switch (config)# an r e (anti-arpscan recovery enable) 开启自动恢复Switch (config)# an r t 3600

22、 (anti-arpscan recovery time) 设置自动恢复时间(单位:秒)Switch (config)# in e1/0/1Switch (config-if-ethernet1/0/1)# an t s (anti-arpscan trust supertrust-port) 设置上联口为超级信任端口19.QOS的PBRSwitch (config)# ip ac e routeSwitch (config-ip-ext-nacl-route)# p ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255Switch (config-ip

23、-ext-nacl-route)# exSwitch (config)# cla map (class-map map)Switch (config-classmap-map)# m a route (match access-group)Switch (config-classmap-map)# exSwitch (config)# pol map (policy-map)Switch (config-policymap-map)# c map (class)Switch (config-policymap-map-class-map)# se ip n 192.168.1.2 设置下一跳地

24、址Switch (config-policymap-map-class-map)# exSwitch (config-policymap-map)# exSwitch (config)# in e1/0/1Switch (config-if-ethernet1/0/1)# ser input/output map 应用在接口下20.清空交换机配置Switch # set d (default)恢复出厂配置Switch # wr (write)保存配置Switch # rel (reload)重启交换机_二、路由器配置命令1.基本配置Router> ena 进入特权用户模式 Router#

25、 conf 进入全局配置模式Router_config# in f0/0 Router_config_f0/0# ip ad 10.1.1.1 255.255.255.0 配置路由器端口地址2.路由器之间的连接=默认HDLC封装RA_config# in s0/2 (DCE/V35FC)RA_config_s0/2# ip ad 192.168.1.1 255.255.255.0RA_config_s0/2# ph sp 64000 (physical-layer speed) 配置端口速率（只在DCE端）RB_config# in s0/1 (DTE/V35FC)RB_config_s0/1

26、# ip ad 192.168.1.2 255.255.255.0=PPP封装RA_config# in s0/2 (DCE/V35FC)RA_config_s0/2# ip ad 192.168.1.1 255.255.255.0RA_config_s0/2# enc p PPP封装RA_config_s0/2# ph sp 64000 配置端口速率（只在DCE端）RB_config# in s0/1 (DTE/V35FC)RB_config_s0/1# ip ad 192.168.1.2 255.255.255.0RB_config_s0/1# enc p PPP封装=PPP封装CHAP认

27、证RA_config# u userb pa 123456 (username password)对方用户名和密码RA_config# aa authe pp d local 本地认证 RA_config# in s0/2 (DCE/V35FC)RA_config_s0/2# ip ad 192.168.1.1 255.255.255.0RA_config_s0/2# enc p PPP封装RA_config_s0/2# pp authe c CHAP认证RA_config_s0/2# pp ch h usera 发送自己的用户名RA_config_s0/2# pp ch p 123456 发

28、送自己的密码RA_config_s0/2# ph sp 64000 配置端口速率（只在DCE端）RA发送的用户名和密码需与RB建立的用户名密码一致。RB_config# u usera pa 123456 对方用户名和密码RB_config# aa authe pp d local 本地认证 RB_config# in s0/1 (DTE/V35MT)RB_config_s0/1# ip ad 192.168.1.2 255.255.255.0RB_config_s0/1# enc p PPP封装RB_config_s0/1# pp authe c CHAP认证RB_config_s0/1#

29、pp ch h userb 发送自己的用户名RB_config_s0/1# pp ch p 123456 发送自己的密码=PPP封装PAP认证配置方法同CHAP认证RA_config_s0/2# enc p PPP封装RA_config_s0/2# pp authe p PAP认证RA_config_s0/2# pp pap s usera 123456 发送自己的用户名和密码RB_config_s0/1# enc pRB_config_s0/1# pp authe pRB_config_s0/1# pp pap s userb 123456=3.NAT地址转换RouterA_config#

30、ip ac s nat (ip access-list standard) 定义访问控制列表RouterA_config_std_nacl# p 192.168.0.0 255.255.255.0 定义允许转换的地址范围RouterA_config_std_nacl# exRouterA_config# ip n p poolA 192.168.1.10 192.168.1.20 255.255.255.0 定义转换地址池poolARouterA_config# ip n i s l nat p poolA o (ip nat inside source list nat pool poolA

31、 overload)地址转换RouterA_config# in f0/0RouterA_config_f0/0# ip n i 定义f0/0为内部接口RouterA_config_f0/0# in s0/1RouterA_config_s0/1# ip n o 定义s0/1为外部接口4.静态路由Router_config# ip route 10.1.2.0 (目标网段) 255.255.255.0（子网掩码） 10.1.1.2 （转发地址）Router_config# ip route 0.0.0.0 (目标网段) 0.0.0.0（子网掩码） 10.1.1.2（转发地址）默认静态路由5.R

32、IP动态路由Router_config# routerr 启用RIP路由Router_config_rip# ve 2RIP路由版本号 2Router_config_rip# no a (auto-summary) 关闭路由自动汇总功能Router_config_rip# net 10.1.1.0 255.255.255.0 Router_config_rip# net 10.1.2.0 255.255.255.0 与路由器相连的网段6.OSPF动态路由Router_config# routero1 启动ospf进程，进程号为1Router_config_ospf_1# router-1.1.

33、1.1 (router-id) 设置路由器router-idRouter_config_ospf1# net 10.1.1.0 255.255.255.0 a 0 网段、子网掩码和区域号Router_config_ospf1# net 10.1.2.0 255.255.255.0 a 0 第一个区域（即主干区域）区域号为 0Router_config_ospf1# Ctrl+z 退到特权模式快捷键 Ctrl+Z Router# sh ip ro 查看路由7.ACL访问控制列表标准访问控制列表Router_config# ip ac s accessRouter_config_std_nacl# den 192.168.1.0 255.255.255.0 (路由器为子网掩码)Router_config_std_n