2022年Cisco交换机安装配置 .pdf

Cisco2950 交换机安装配置、故障排除手册网络配置 2008-09-12 16:45 阅读 121 评论 0 字号：大大中中小小目录第一部分交换机安装 . 2 1.1 安装前相关考虑. 2 1.2 在机架上固定交换机. 2 1.3 安装 GBIC 模块 . 4 1.4 安装连接线缆. 5 第二部分交换机基本配置. 8 2.1 加电后首次配置. 8 2.2 通过浏览器配置交换机. 9 2.3 通过 CONSOLE 口进入命令行配置. 11 第三部分高级配置 . 20 第四部分安全配置 . 22 第五部分故障排除 . 27 5.1 检查设备状态指示灯. 27 5.2 检查配置及相关信息. 29 5.3 已知的问题及解决方式. 33 第六部分常见问题 . 35 第一部分交换机安装1.1 安装前相关考虑Warning ： To prevent the switch from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of 113xb0 F (45xb0 C). To prevent airflow restriction, allow at least 3 inches (7.6 cm) of clearance around the ventilation openings。Warning：When installing the unit, the ground connection must always be made first And disconnected last. 1.2 在机架上固定交换机l Attaching Brackets (Front Panel Forward) l Attaching Brackets (Rear Panel Forward) l Mounting the Switch in a Rack l Attaching the Optional Cable Guide 1.3 安装 GBIC 模块名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 1 页，共 22 页 - - - - - - - - - l Installing a 1000BASE-X GBIC Module in the Switch l Installing a 1000BASE-T GBIC Module in the Switch l Installing a GigaStack GBIC Module in the Switch 1.4 安装连接线缆注意：交换机端口速率、双工的设置? Let the ports autonegotiate both speed and duplex. ? Set the port speed and duplex parameters on both ends of the connection. When connecting to workstations, servers, routers, and Cisco IP Phones, connect a straight-through Category 5 cable to an RJ-45 connector on the front panel. When connecting to switches or repeaters, use a crossover Category 5 cable。l Connecting to a 10/100/1000 Switch Port The port LED is amber while Spanning Tree Protocol (STP) discovers the topology and searches for loops. This takes about 30 seconds, and then the port LED turns green. If the port LED does not come on, the device at the other end might not be turned on, or there might be a cable problem or a problem with the adapter installed in the attached device. l Connecting to a 1000BASE-X Port Caution ： Do not remove the rubber plugs from the fiber-optic port or the rubber caps from the fiber-optic cable until you are ready to connect the cable. The plugs and caps protect the fiber-optic port and cable from contamination and ambient light. l Connecting to a 1000BASE-T Port l Connecting to a GigaStack Port l Connecting to the Console Port Attach the supplied RJ-45-to-DB-9 female DTE adapter to a PC, or attach an appropriate adapter to the terminal. Insert the other end of the supplied rollover cable in the attached adapter. Boot the terminal-emulation program if you are using a PC or terminal. 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 2 页，共 22 页 - - - - - - - - - 第二部分交换机基本配置CISCO2950-24/48 EI 交换机配置涉及到加电后首次配置、通过浏览器进行配置以及通常的基于 CLI 命令行配置等方面。2.1 加电后首次配置Use the supplied rollover cable and DB-9 adapter to connect a PC to the switch console port. If you want to connect the switch console port to a terminal, you need to provide a RJ-45-to-DB-25 female DTE adapter.The PC or terminal must support VT100 terminal emulation. The terminal-emulation softwarefrequently a PC application such as Hyperterminal or Procomm Plusmakes communication between the switch and your PC or terminal possible during the setup program. Configure the baud rate and character format of the PC or terminal to match these console port default characteristics: ? 9600 baud ? 8 data bits ? 1 stop bit ? No parity Using the supplied rollover cable, insert the RJ-45 connector into the console port。Note：If the switch will be a cluster member managed through the IP address of the command switch, it is not necessary to assign IP information or a password. If you are configuring the switch as a standalone switch or as a command switch, you must assign IP information. Would you like to enter the initial configuration dialog? yes/no: yes Would you like to enter basic management setup? yes/no: yes Enter host name Switch: xxxx On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch. Enter enable secret: xxxx The password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, allows spaces, but ignores leading spaces Enter enable secret: xxxx Enter virtual terminal password: xxxx Enter interface name used to connect to the management network from the above interface summary: vlan 1 Configuring interface vlan 1: Configure IP on this interface? yes: yes IP address for this interface: xxxx Subnet mask for this interface 255.0.0.0: xxxx Would you like to enable as a cluster command switch? yes/no: 视具体情况定，一般，一个堆叠中仅有一台交换机需要配置为命令交换机Enter cluster name: xxxx 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 3 页，共 22 页 - - - - - - - - - The cluster name can be 1 to 31 alphanumeric characters, dashes, or underscores. 2.2 通过浏览器配置交换机例如，通过CMS 可以方便的配置集群，方便全网连入集群的交换机的管理。For the browser to use CMS, a Java plug-in is required 。Configuring Microsoft Internet Explorer (4.01) Follow these steps to configure Microsoft Internet Explorer 4.01: Step 1 Start Internet Explorer. Step 2 From the menu bar, select View Internet Options. Step 3 In the Internet Options window, click the Advanced tab. a. Scroll through the list of options until you see Java VM. Check the Java logging enabled and Java JIT compiler enabled check boxes. b. Click Apply. Step 4 In the Internet Options window, click the General tab. a. In the Temporary Internet Files section, click Settings. b. In the Settings window, select Every visit to the page, and click OK. Configuring Microsoft Internet Explorer (5.0) Note： During the installation of this browser, make sure to check the Install Minimal or Customize Your Browser check box. In the Component Options window in the Internet Explorer 5 section, make sure to check the Microsoft Virtual Machine check box to display applets written in Java。Follow these steps to configure Microsoft Internet Explorer 5.0: Step 1 Start Internet Explorer. Step 2 From the menu bar, select Tools Internet Options. Step 3 In the Internet Options window, click the Advanced tab. a. Scroll through the list of options until you see Java VM. Check the Java logging enabled and JIT compiler for virtual machine enabled check boxes. b. Click Apply. Step 4 In the Internet Options window, click the General tab. a. In the Temporary Internet Files section, click Settings. b. In the Settings window, select Every visit to the page, and click OK. If you are using Microsoft Internet Explorer 5.0 to make configuration changes to the switch, note that this browser does not automatically reflect the latest configuration changes. Make sure that you click Refresh for every configuration change. Displaying the CMS Access Page After the browser is configured, display the CMS access page: Step 1 Enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), and press Return. Step 2 Enter your username and password when prompted. The password provides level 15 access. The Cisco Systems Access page appears. 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 4 页，共 22 页 - - - - - - - - - Step 3 Click Web Console to launch the CMS applet. If you access CMS from a standalone or a cluster-member switch, Device Manager appears. 然后通过相应菜单，按照配置提示进行相关配置即可2.3 通过 CONSOLE 口进入命令行配置常见的命令行主要有以下模式：l User EXEC mode l Privileged EXEC mode l VLAN configuration mode l Global configuration mode l Interface configuration mode l Line configuration mode Command Mode Access Method Prompt Exit or Access Next Mode User EXEC This is the first level of access. (For the switch) Change terminal settings, perform basic tasks, and list system information. Switch Enter the logout command. To enter privileged EXEC mode, enter the enable command. Privileged EXEC From user EXEC mode, enter the enable command. Switch# To exit to user EXEC mode, enter the disable command. To enter global configuration mode, enter the configure command. VLAN configuration From privileged EXEC mode, enter the vlan database command. Switch(vlan)# To exit to privileged EXEC mode, enter the exit command. Global configuration From privileged EXEC mode, enter the configure command. Switch(config)# To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z. To enter interface configuration mode, enter the interface configuration command. Interface configuration From global configuration mode, specify an interface by entering the interface command. Switch(config-if)# To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z. To exit to global 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 5 页，共 22 页 - - - - - - - - - configuration mode, enter the exit command. Line configuration From global configuration mode, specify a line by entering the line command. Switch(config-line)# To exit to global configuration mode, enter the exit command. To return to privileged EXEC mode, enter the end command, or press Ctrl-Z. l 在基于 IOS 的交换机上设置主机名/系统名 : switch(config)# hostname hostname 或者Switch# config ter Switch(config)# prompt xxxx l 配置默认网关Switch# configure terminal Switch(config)# ip default-gateway xxxx l 在基于 IOS 的交换机上设置远程访问: switch(config)# interface vlan 1 switch(config-if)# ip address ip-address netmask switch(config-if)# ip default-gateway ip-address l 在基于 IOS 的交换机上启用和浏览CDP 信息 : switch(config-if)# cdp enable switch(config-if)# no cdp enable 为了查看 Cisco 邻接设备的CDP 通告信息 : switch# show cdp interface type modle/port switch# show cdp neighbors type module/port detail l 基于 IOS 的交换机的端口描述: switch(config-if)# description description-string l 在基于 IOS 的交换机上设置端口速度: switch(config-if)# speed10|100|auto l 在基于 IOS 的交换机上设置以太网的链路模式: switch(config-if)# duplex auto|full|half l 在基于 IOS 的交换机上配置静态VLAN: switch# vlan database switch(vlan)# vlan vlan-num name vla 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 6 页，共 22 页 - - - - - - - - - switch(vlan)# exit switch# configure teriminal switch(config)# interface interface module/number switch(config-if)# switchport mode access switch(config-if)# switchport access vlan vlan-num switch(config-if)# end A Virtual LAN (VLAN) is a switched network that is logically segmented by function, team, or application, without regard to the physical location of the users.Packets received on a port are forwarded only to ports that belong to the same VLAN as the receiving port. Network devices in different VLANs cannot communicate with one another without a Layer 3 device to route traffic between the VLANs. VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. l 在基于 IOS 的交换机上配置VLAN中继线 : switch(config)# interface interface mod/port switch(config-if)# switchport mode trunk switch(config-if)# switchport trunk encapsulation isl|dotlq switch(config-if)# switchport trunk allowed vlan remove vlan-list switch(config-if)# switchport trunk allowed vlan add vlan-list 在基于 IOS 的交换机上配置VTP 管理域 : switch# vlan database switch(vlan)# vtp domain domain-name VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Note: Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. Otherwise, the switch cannot receive any VTP advertisements Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches. A switch can be in only one VTP domain. When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements on all of its trunk links. l 在基于 IOS 的交换机上配置VTP 模式 : switch# vlan database switch(vlan)# vtp domain domain-name 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 7 页，共 22 页 - - - - - - - - - switch(vlan)# vtp sever|cilent|transparent switch(vlan)# vtp password password A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link, and you can extend VLANs across an entire network. Gigabit Ethernet trunks carry traffic for multiple VLANs over a single link. Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation isl Switch(config-if)# switchport trunk allowed vlan remove xxxx l 在基于 IOS 的交换机上配置VTP 版本 : switch# vlan database switch(vlan)# vtp v2-mode Caution : VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2. 在基于 IOS 的交换机上启动VTP 剪裁 : switch# vlan database switch(vlan)# vtp pruning Switch# configure terminal Switch(config)# interface interface-id Switch(config-if)# switchport trunk pruning vlan (add | except | none | remove) vlan-list ,vlan,vlan, Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the destination devices. You enable VTP pruning on a switch in VTP server mode. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. l 在基于 IOS 的交换机上配置以太信道: switch(config-if)# port group group-number distribution source|destination l 在基于 IOS 的交换机上调整根路径成本: 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 8 页，共 22 页 - - - - - - - - - switch(config-if)# spanning-tree vlan vlan-list cost cost l 在基于 IOS 的交换机上调整端口ID: switch(config-if)# spanning-treevlan vlan-listport-priority port-priority l 在基于 IOS 的交换机上修改STP 时钟 : switch(config)# spanning-tree vlan vlan-list hello-time seconds switch(config)# spanning-tree vlan vlan-list forward-time seconds switch(config)# spanning-tree vlan vlan-list max-age seconds l 在基于 IOS 的交换机端口上启用或禁用Port Fast 特征 : switch(config-if)#spanning-tree portfast l 在基于 IOS 的交换机端口上启用或禁用UplinkFast 特征 : switch(config)# spanning