ACL : Access control List
Les listes de contrôle d’accès
C’est un ensemble de conditions séquentielles
ü
-Condition 1
ü
-Condition 2
ü
ü
ü
ü -
Condition n
Définition de l’ACL au niveau du routeur
Affectation de l’ACL à une interface IN ou OUT.
Il y a toujours un jugement soit un refus DENY ou une
autorisation PERMIT
Il y a des ACL standards et d’autres étendues.
ACL standards (1-99) :
ü
-Test : @ IP d’origine
ü
-Position : le plus proche de la
destination
ACL étendue
(100-199) :
ü
-Test : @ IP d’origine,
@ IP de destination…
ü
-Position : le plus proche de la source
Routeur (conf)# acces-list 1 permit ou deny
Interf
fa0/0
(Config-if
)#ip acces-group 1 in/out
Remarque:
De la condition la plus précise à la condition la plus
générale.
0.0.0.255 -> masque générique = ! Masque réseau
// pour permettre la connexion a tout le monde
ACL 2 PERMIT 0.0.0.0 255.255.255.255
ACL 2 DENY 172.16.1.1 0.0.0.0 // refuser l’accès a l’adresse
IP
ACL 2 DENY HOST 172.16.1.1 // pour spécifier que c’est une machine et non pas un réseau
ACL 2
PERMIT ANY ANY
Router#
Router#conf t
Enter configuration commands, one per
line. End with CNTL/Z.
Router(config)#hostna
Router(config)#hostname router2
router2(config)#ser
router2(config)#service pas
router2(config)#enable secret
router2(config)#enable secret cisco
router2(config)#
router2(config)#line con 0
router2(config-line)#p
router2(config-line)#pas
router2(config-line)#password cisco
router2(config-line)#login
router2(config-line)#exit
router2(config)#line vty 0 4
router2(config-line)#p
router2(config-line)#pass
router2(config-line)#password cisco
router2(config-line)#
router2(config-line)#login
router2(config-line)#exit
router2(config)#ser
router2(config)#service pass
router2(config)#service password-encryption
router2(config)#enable sec
router2(config)#enable secret cisco
router2(config)#exit
%SYS-5-CONFIG_I: Configured from console by
console
router2#exit
router2 con0 is now available
Press RETURN to get started.
User Access Verification
Password:
router2>enable
Password:
router2#conf t
Enter configuration commands, one per
line. End with CNTL/Z.
router2(config)#enterf
router2(config)#conf t
%Invalid hex value
router2(config)#interfa
router2(config)#interface f0/0
router2(config-if)#ip add
router2(config-if)#ip address 192.168.14.1
255.255.255.0
router2(config-if)#no sh
router2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0,
changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
router2(config-if)#exit
router2(config)#inter
router2(config)#interface s2/0
router2(config-if)#ip
router2(config-if)#ip add
router2(config-if)#ip address 192.168.100.1
255.255.255.252
router2(config-if)#clo
router2(config-if)#clock ra
router2(config-if)#clock rate 128000
router2(config-if)#no sh
router2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial2/0, changed
state to down
router2(config-if)#ip dhcp poo
router2(config-if)#exit
router2(config)#ip
router2(config)#ip dh
router2(config)#ip dhcp p
router2(config)#ip dhcp pool lan1
router2(dhcp-config)#netw
router2(dhcp-config)#network 192.168.14.0
255.255.255.0
router2(dhcp-config)#default
router2(dhcp-config)#default-router
192.168.14.1
router2(dhcp-config)#end
%SYS-5-CONFIG_I: Configured from console by
console
router2#wr
Destination filename [startup-config]?
Building configuration...
[OK]
router1(config)#router rip
router1(config-router)#ver
router1(config-router)#version 2
router1(config-router)#networ
router1(config-router)#network 192.168.15.0
router1(config-router)#network 192.168.100.0
router1(config-router)#?
auto-summary Enter Address
Family command mode
default-information Control
distribution of default information
distance Define an
administrative distance
exit Exit from
routing protocol configuration mode
network Enable
routing on an IP network
no Negate a command or set its
defaults
passive-interface Suppress
routing updates on an interface
timers Adjust
routing timers
version Set routing
protocol version
router1(config-router)#au
router1(config-router)#auto-summary
router1(config-router)#pas
router1(config-router)#passive-interface
f0/0
router1(config-router)#end
%SYS-5-CONFIG_I: Configured from console by
console
router1#wr
Destination filename [startup-config]?
Building configuration...
[OK]
router1#conf t
Enter configuration commands, one per
line. End with CNTL/Z.
router1(config)#acc
router1(config)#access-list 20 de
router1(config)#access-list 20 deny ho
router1(config)#access-list 20 deny host
192.168.14.2
router1(config)#access-list 20 permit any
router1(config)#inter
router1(config)#interface f0/0
router1(config-if)#ip acc
router1(config-if)#ip access-group 20 ou
router1(config-if)#ip access-group 20 out
router1(config-if)#end
%SYS-5-CONFIG_I: Configured from console by
console
router1#wr
Destination filename [startup-config]?
Building configuration...
[OK]
router1#
router1#conf t
Enter configuration commands, one per
line. End with CNTL/Z.
router1(config)#acc
router1(config)#access-list 20 de
router1(config)#access-list 20 deny ho
router1(config)#access-list 20 deny host
192.168.14.2
router1(config)#access-list 20 permit any
router1(config)#inter
router1(config)#interface f0/0
router1(config-if)#ip acc
router1(config-if)#ip access-group 20 ou
router1(config-if)#ip access-group 20 out
router1(config-if)#end
%SYS-5-CONFIG_I: Configured from console by
console
router1#wr
Destination filename [startup-config]?
Building configuration...
[OK]
router1#
// pour
éliminer l’accès liste
bat#conf t
Enter configuration commands, one per
line. End with CNTL/Z.
router2(config)#no acc
router2(config)#inte
router2(config)#interface f0/0
router2(config-if)#no a
router2(config-if)#no acc
router2(config-if)#no acc
router2(config-if)#no acce
router2(config-if)#no ip ac
router2(config-if)#no ip access-group 30 out
router2(config-if)#no ip access-group 30 out
router2(config-if)#no acc
router2(config-if)#exit
router2(config)#no a
router2(config)#no access-list 30
router2(config)#end
%SYS-5-CONFIG_I: Configured from console by
console
router2#wr
Destination filename [startup-config]?
Building configuration...
[OK]
router2#
// ACL 40
qui autorise le trafic venant uniquement des machines ayant une @IP paire
2 :0000 0010
3 :0000 0011
4 :0000 0100
192.168.14.0
0.0.0.254
router1# conf t
router1(config)#access-list 40 permit
192.168.14.0 0.0.0.254
router1(config)#end
router1#wr
router1#conf t
router1(config)#interface f0/0
router1(config-if)#ip access-group 40 out
router1(config-if)#end
router1#wr
// ACL 50
qui autorise le trafic venant uniquement des machines ayant une @IP impaire
router1#conf t
router1(config)#access-list 50 permit
192.168.14.1 0.0.0.254
router1(config)#inter f0/0
router1(config-if)#ip acc
router1(config-if)#ip access-group 50 out
router1(config-if)#end
// ACL qui autorise la connexion des paires avec les
impaires et refuse la connexion des mêmes types (étendue)
Acces –list 114 permit tcp 192.168.14.0 0.0.0.254 192.168.15.1 0.0.0.254
Acces –list 114 permit tcp 192.168.14.1 0.0.0.254 192.168.15.0 0.0.0.254
router1(config)#no access-list 40
router1(config)#exit
router1#wr
router1#conf t
router1(config)#access-list 114 permit tcp
192.168.15.0 0.0.0.254 192.168.14.1 0.0.0.25
router1(config)#access-list 114 permit tcp
192.168.15.1 0.0.0.254 192.168.14.0 0.0.0.25
router1(config)#inter f0/0
router1(config-if)#ip access-group 114 in
router1(config-if)#end
router1#wr
// ACL qui autorise la connexion des hosts du
département formation au serveur
formation seulement et les hosts du département commercial au serveur
commercial
router2(config)#access-list 120 d
router2(config)#access-list 120 deny ip
192.168.14.0 0.0.0.255 host 192.168.16.3
router2(config)#access-list 120 permit ip any
any
router2(config)#interf f0/0
router2(config-if)#ip
router2(config-if)#ip acc
router2(config-if)#ip access-group 120 in
router2(config-if)#end
router2#wr
// ACL nommée
router3(config)#ip access-list ex
router3(config)#ip access-list extended server
router3(config-ext-nacl)#deny ip host
192.168.16.2 192.168.15.0 0.0.0.255
router3(config-ext-nacl)#deny ip host
192.168.16.3 192.168.14.0 0.0.0.255
router3(config-ext-nacl)#permit ip any any
router3(config-ext-nacl)#exit
router3(config)#interf f0/0
router3(config-if)#ip a
router3(config-if)#ip acc
router3(config-if)#ip access-group server
% Incomplete command.
router3(config-if)#ip access-group server in
router3(config-if)#end
%SYS-5-CONFIG_I: Configured from console by
console
router3#wr
Switching
Interface vlan1 est une interface
de gestion
//créer
des vlan
Et leur atrribuer les interfaces
suivantes :
·
Vlan 10 : fa0/1,
fa0/2, fa0/3
·
Vlan 20 : fa0/4,
fa0/5, fa0/6
·
Vlan 30 : fa0/7,
fa0/8, fa0/9
Switch>hos
Switch>enable
Switch>enable
Switch#conf
t
Enter
configuration commands, one per line.
End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname
sw_a
sw_a(config)#enable
secret cisco
sw_a(config)#line
con 0
sw_a(config-line)#pas
sw_a(config-line)#password
cisco
sw_a(config-line)#login
sw_a(config-line)#exit
sw_a(config)#line
vty O 4
^
% Invalid
input detected at '^' marker.
sw_a(config)#line
vty O 15
^
% Invalid
input detected at '^' marker.
sw_a(config)#line?
line
sw_a(config)#line
vty?
vty
sw_a(config)#line
vty 0 15
sw_a(config-line)#pas
sw_a(config-line)#password
cisco
sw_a(config-line)#login
sw_a(config-line)#exit
sw_a(config)#se
sw_a(config)#service
pass
sw_a(config)#service
password-encryption
sw_a(config)#ip
sw_a(config)#ip
add
sw_a(config)#?
Configure
commands:
banner Define a login banner
boot Boot Commands
cdp Global CDP configuration
subcommands
clock Configure time-of-day clock
enable Modify enable password parameters
end Exit from configure mode
exit Exit from configure mode
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration
subcommands
line Configure a terminal line
mac-address-table Configure the MAC address table
no Negate a command or set its
defaults
service Modify use of network based
services
spanning-tree Spanning Tree Subsystem
vlan Vlan commands
vtp Configure global VTP state
sw_a(config)#vlan
sw_a(config)#in
sw_a(config)#interface
?
Ethernet IEEE 802.3
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Vlan Catalyst Vlans
sw_a(config)#interface
vl
sw_a(config)#interface
vlan1
sw_a(config-if)#ip
add
sw_a(config-if)#ip
address 192.168.1.1 255.255.255.0
sw_a(config-if)#no
sw_a(config-if)#no
sh
sw_a(config-if)#no
shutdown
%LINK-5-CHANGED:
Interface Vlan1, changed state to up
sw_a(config-if)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building
configuration...
[OK]
sw_a#
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Vlan1, changed state to up
sw_a#
sw_a#
sw_a#show
ru
sw_a#show
running-config
Building
configuration...
Current
configuration : 1002 bytes
!
version
12.1
service
password-encryption
!
hostname
sw_a
!
enable
secret 5 $1$13Vp$bAX2FK3JRWJhJ7wz.IET//
!
!
!
interface
FastEthernet0/1
!
interface
FastEthernet0/2
!
interface
FastEthernet0/3
!
interface
FastEthernet0/4
!
interface
FastEthernet0/5
!
interface
FastEthernet0/6
!
interface
FastEthernet0/7
!
interface
FastEthernet0/8
!
interface
FastEthernet0/9
!
interface
FastEthernet0/10
!
interface
FastEthernet0/11
!
interface
FastEthernet0/12
!
interface
FastEthernet0/13
!
interface
FastEthernet0/14
!
interface
FastEthernet0/15
!
interface
FastEthernet0/16
!
interface
FastEthernet0/17
!
interface
FastEthernet0/18
!
interface
FastEthernet0/19
!
interface
FastEthernet0/20
!
interface
FastEthernet0/21
!
interface
FastEthernet0/22
!
interface
FastEthernet0/23
!
interface
FastEthernet0/24
!
interface
Vlan1
ip address 192.168.1.1 255.255.255.0
!
line con 0
password 7 104D000A0618
login
!
line vty 0
4
password 7 104D000A0618
login
line vty 5
15
password 7 104D000A0618
login
!
!
end
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#line
vty 0 15
sw_a(config-line)#pass
sw_a(config-line)#password
cisco
sw_a(config-line)#login
sw_a(config-line)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building
configuration...
[OK]
sw_a#
sw_a#
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Vlan1, changed state to down
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Vlan1, changed state to up
sw_a#exit
sw_a con0
is now available
Press
RETURN to get started.
User Access
Verification
Password:
%
Password: timeout expired!
Password:
sw_a>cisco
Translating
"cisco"...domain server (255.255.255.255) % Name lookup aborted
sw_a>enable
Password:
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#
%LINK-5-CHANGED:
Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/2, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/3, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/5, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/5, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/5, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/5, changed state to down
%LINK-5-CHANGED:
Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/4, changed state to down
%LINK-5-CHANGED:
Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/5, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/5, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/6, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/6, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/7, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/7, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/8, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/8, changed state to up
%LINK-5-CHANGED:
Interface FastEthernet0/9, changed state to up
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/9, changed state to up
sw_a#show
vl
sw_a#show
vlan
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23,
Fa0/24
1002
fddi-default
active
1003
token-ring-default
active
1004
fddinet-default
active
1005
trnet-default
active
VLAN
Type SAID MTU
Parent RingNo BridgeNo Stp
BrdgMode Trans1 Trans2
---- -----
---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet
100001 1500 -
- - -
- 0 0
1002
enet 101002 1500
- - -
- - 0
0
1003
enet 101003 1500
- - -
- - 0
0
1004
enet 101004 1500
- - -
- - 0
0
1005
enet 101005 1500
- - -
- - 0
0
sw_a#show
vlan brief
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23,
Fa0/24
1002
fddi-default
active
1003
token-ring-default
active
1004
fddinet-default
active
1005
trnet-default
active
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#exit
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#show ?
arp Arp table
cdp CDP information
clock Display the system clock
dtp DTP information
flash: display information about flash:
file system
history Display the session command history
hosts IP domain-name, lookup style,
nameservers, and host table
interfaces Interface status and configuration
ip IP information
mac-address-table MAC forwarding table
port-security Show secure port information
running-config Current operating configuration
sessions Information about Telnet connections
spanning-tree Spanning Tree Topology
startup-config Contents of startup configuration
tcp Status of TCP connections
users Display information about
terminal lines
version System hardware and software status
vlan
VTP VLAN status
vtp VTP information
sw_a#show
flash
Directory
of flash:/
1
-rw- 3058048 <no date> c2950-i6q4l2-mz.121-22.EA4.bin
32514048
bytes total (29456000 bytes free)
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#vlan
10
sw_a(config-vlan)#vlan
20
sw_a(config-vlan)#vlan
30
sw_a(config-vlan)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building
configuration...
[OK]
sw_a#show
vlan brief
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5,
Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23,
Fa0/24
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
1002
fddi-default
active
1003
token-ring-default
active
1004
fddinet-default
active
1005
trnet-default
active
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#vlan
10
sw_a(config-vlan)#?
VLAN
configuration commands:
exit
Apply changes, bump revision number, and exit mode
name
Ascii name of the VLAN
no
Negate a command or set its defaults
sw_a(config-vlan)#name
formation
sw_a(config-vlan)#vlan
20
sw_a(config-vlan)#name
commercial
sw_a(config-vlan)#vlan
30
sw_a(config-vlan)#name
production
sw_a(config-vlan)#exit
sw_a(config)#sh
sw_a(config)#show
sw_a(config)#showexit
^
% Invalid
input detected at '^' marker.
sw_a(config)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#show
vlan br
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 formation active
20 commercial active
30 production active
1002
fddi-default
active
1003
token-ring-default
active
1004
fddinet-default
active
1005
trnet-default active
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#interface
f0/1
sw_a(config-if)#?
cdp
Global CDP configuration subcommands
description
Interface specific description
duplex
Configure duplex operation.
exit
Exit from interface configuration mode
mac-address
Manually set interface MAC address
no
Negate a command or set its defaults
shutdown
Shutdown the selected interface
speed
Configure speed operation.
switchport
Set switching mode characteristics
sw_a(config-if)#sw
sw_a(config-if)#switchport
mo
sw_a(config-if)#switchport
mode acce
sw_a(config-if)#switchport
mode access
sw_a(config-if)#SW
sw_a(config-if)#SWitchport
ac
sw_a(config-if)#SWitchport
access v
sw_a(config-if)#SWitchport
access vlan 10
sw_a(config-if)#interf
f0/2
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan
%
Incomplete command.
sw_a(config-if)#switchport
access vlan 10
sw_a(config-if)#interf
f0/3
sw_a(config-if)#siwtchport
mode access
^
% Invalid
input detected at '^' marker.
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 10
sw_a(config-if)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building
configuration...
[OK]
sw_a#show
vlan br
sw_a#show
vlan brief
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active
30 production active
1002
fddi-default
active
1003
token-ring-default
active
1004
fddinet-default
active
1005
trnet-default
active
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#vl
sw_a(config)#vlan
20
sw_a(config-vlan)#interf
f0/4
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 20
sw_a(config-if)#interf
f0/5
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 20
sw_a(config-if)#interf
f0/6
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 20
sw_a(config-if)#exit
sw_a(config)#exit
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building
configuration...
[OK]
sw_a#show
vlan br
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005
trnet-default active
sw_a#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
sw_a(config)#vlan
30
sw_a(config-vlan)#interf
f0/5
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
mode vlan 30
^
% Invalid
input detected at '^' marker.
sw_a(config-if)#switchport
access vlan 30
sw_a(config-if)#vlan
20
sw_a(config-vlan)#interf
f0/5
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 20
sw_a(config-if)#exit
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#show
vlan br
sw_a#show
vlan brief
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005
trnet-default
active
sw_a#conf t
Enter
configuration commands, one per line. End
with CNTL/Z.
sw_a(config)#vlan
30
sw_a(config-vlan)#interf
f0/7
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 30
sw_a(config-if)#interf
f0/8
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 30
sw_a(config-if)#interf
f0/8
sw_a(config-if)#interf
f0/9
sw_a(config-if)#switchport
mode access
sw_a(config-if)#switchport
access vlan 30
sw_a(config-if)#end
%SYS-5-CONFIG_I:
Configured from console by console
sw_a#wr
Destination
filename [startup-config]?
Building configuration...
[OK]
sw_a#show
vlan brief
VLAN
Name
Status Ports
----
-------------------------------- --------- -------------------------------
1 default active Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active Fa0/7, Fa0/8, Fa0/9
1002 fddi-default active
1003
token-ring-default
active
1004
fddinet-default
active
1005 trnet-default active
0 commentaires:
Enregistrer un commentaire