常用网络文档基础知识.docx

《常用网络文档基础知识.docx》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、交换机的mac/vlanACL和VLANMAP(2009-10-1700:28:31)转载macaccess-listextendedmatchvlanfiltermapvlan-list杂谈分类：cisco路由器和交换机置SWITCH特冇的macacl,匹配桢,不是匹配包ipcefmisqosmacaccess-listextendedmaclistlpermit0001.0000.00010.0.00002.0000.00010.0.0掩码permit0001.0000.00020.0.00002.0000.00020.0.0aa

2、rp匹配对从主机0001.0000.0001到0002.0000.0001的流量。显然这是SW的ACL,如果在ROUTER上，H的MAC肯定是接口MAC地址class-mapmacclasslmatchaccess-groupmaclistlmatchvlan1020-3040i■policy-mapmacpolicylclassmacclassli•intfa0/24service-policyinputmacpolicylmacACL掩码"J换成host参数•mac打头•都是extendacl•最好采用host参数，或any参数,

3、mac的掩码非常麻烦Switch(config)#macaccess-listextendedmaclistlSwitch(config-ext-macl)#permithost0001.0000.0001host0002.0000.0001matchvlan(用于trunk口)class-mapmatch・allvian_classmatchvlan1020-3040intfa0/24service-policyinputtestmatchVLAN,10,20T030,40上的流量一看就是用在trunk口vlanmap是唯一过滤VL

4、AN内流量的工貝•VLANmap没有方向性•可以看出VLAN-MAP的优势,不管HOST连在哪个FE口上,只要属于VLAN20・22,都禁止。可以弥补接口ACL的缺陷(用户换口)将VLAN20-22中主机10.1.1.32到10.1.1.34的WWW流量都drop,其他的转发ipaccess-listextendedhttppermittcphost10.1.1.32host10.1.134eqwwwIvlanaccess-mapmap210matchipaddresshttpactiondropi■vlanaccess-mapmap

5、220actiontowardvlanfiltermapmap2vlan-list20-22交换机802.lx(2009-10-1700:11:01)转载标签：dotlxsystem-auth-controlport-controlauto杂谈分类：cisco路由器和交换机配置802.1X三大基本配置ipcefaaanew-modelradius-serverhost...radius-serverkey...aaaauthenticationdotlxdefaultgroupradiusdotlxsystem-auth-contro

6、l802.lx全局enableinterfacefastethernetO/1switchportmodeaccessswitchportaccessvlan5dotlxport-controlauto接口enabledotlxdotlxhost-modemulti-host允许一个端口认证多台host,指下联了HUBs不支持802.lx的client,就被放入dotlxguestvlaninterfacefastethernetO/1dotlxguest-vlan9把VLAN9设成guestvlan如果认证失败,client被放入d

7、otlxrestrictedvlaninterfacegigabitethernetO/1dotlxauth-failvlan2dotlxauth-failmax-attempts3认证失败3次，就被移入VLANarp表和mac表(2009-10-1623:36:39)转载标签：mac-address-tablesecurestatic杂谈分类：cisco路由器和交换机配置arpalias只冇当IP地址与MAC地址符合定义的，才会发送arp回应•CausesthesoftwaretorespondtoARPrequestsasifit

8、weretheownerofboththespecifiedIPaddressandhardwareaddress•Ifthealiaskeywordisnotspecifiedtheentryisjustastatic