神州数码交换机路由器命令汇总(部分)2016年3月23日星期三修改_________________________________________________________________________注：本文档命令为最简命令，如不懂请在机器上实验注：交换机版本信息：DCRS-5650-28(R4) Device, Compiled on Aug 12 10:58:26 2013sysLocation ChinaCPU Mac 00:03:0f:24:a2:a7Vlan MAC 00:03:0f:24:a2:a6SoftWare Version 7.0.3.1(B0043.0003)BootRom Version 7.1.103HardWare Version 2.0.1CPLD Version N/ASerial No.:1Copyright (C) 2001-2013 by Digital China Networks Limited.All rights reservedLast reboot is warm reset.Uptime is 0 weeks, 0 days, 1 hours, 42 minutes路由器版本信息：Digital China Networks Limited Internetwork Operating System SoftwareDCR-2659 Series Software, Version 1.3.3H (MIDDLE), RELEASE SOFTWARECopyright 2012 by Digital China Networks(BeiJing) LimitedCompiled: 2012-06-07 11:58:07 by system, Image text-base: 0x6004ROM: System Bootstrap, Version 0.4.2Serial num:8IRTJ610CA15000001, ID num:201404System image file is "DCR-2659_1.3.3H.bin"Digital China-DCR-2659 (PowerPC) Processor65536K bytes of memory,16384K bytes of flashRouter uptime is 0:00:44:44, The current time: 2002-01-01 00:44:44Slot 0: SCC SlotPort 0: 10/100Mbps full-duplex EthernetPort 1: 2M full-duplex SerialPort 2: 2M full-duplex SerialPort 3: 1000Mbps full-duplex EthernetPort 4: 1000Mbps full-duplex EthernetPort 5: 1000Mbps full-duplex EthernetPort 6: 1000Mbps full-duplex Ethernet一、交换机配置命令1.基本配置switch > en （enable ）进入特权用户模式 switch # con (config) 进入全局配置模式switch (config)# ho switch (hostname) 配置交换机名称 switch (config)# in e1/0/1 进入接口配置模式 switch (config -if -ethernet1/0/1)# exswitch (config)# in vl 1 进入VLAN 配置模式switch (config -if -vlan1)# ip ad 192.168.1.252 255.255.255.0 switch (config -if -vlan1)# exswitch (config)# ena p 1234 配置交换机密码(不加密) switch (config)# ena p 7 1234 配置交换机密码（加密） switch (config)# vl 10 创建vlan switch (config -vlan10)#ex switch (config)# in vl 10switch (config -if -vlan10)# ip ad 172.16.10.1 255.255.255.0 配置VLAN 地址2.生成树技术switch (config)# sp (spanning -tree) 启用全局生成树（默认mstp 生成树技术） switch (config)# sp mo stp/rstp /mstp (生成树/快速生成树/多生成树技术) switch (config)# sp ms 0 p 4096 设置交换机的优先级 默认32768 switch (config)# sh sp (show spanning -tree) 查看生成树3.交换机Web 管理switch (config)# ip ht serswitch (config)# usern admin pa 1234 用户名和密码4.交换机Telnet 管理switch (config)# telnet -s e (telnet enable) 开启telnet 服务 switch (config)# usern admin pa 1234 用户名和密码5.链路聚合(不需启动生成树)switchA (config)# port -g 1 (prot -group) switchA (config)# in e1/0/1-2switchA (config -port -range)# po 1 m on/active switchA (config -port -range)# ex switchA (config)# no port -g 1 删除组1switchB (config)# port -g 2 switchB (config)# in e1/0/3-4switchB (config -port -range)# po 2 m on/active switchB (config -port -range)# ex switchB (config)# no port -g 2 删除组26.交换机MAC 与IP 绑定switch (config)# am e (am enable) 启用全局am 功能 switch (config)# in e1/0/1switch (config_if_ethernet1/0/1)# am p (am port) 打开端口am 功能switch (config_if_ethernet1/0/1)# am m (mac -ip -pool) 00-A0-D1-D1-07-FF 192.168.1.101 switch (config_if_ethernet1/0/1)# ex switch (config)# in e1/0/2输入这条命令会出现: Invalid ENCRYPTED password! Please input the ENCRYPTED password with length 32 密码位数不够32位switch (config_if_ethernet1/0/2)# no am p 解锁端口7.交换机MAC与IP绑定静态绑定switch (config)# in e1/0/1switch (config_if_ethernet1/0/1)# sw p (port-security) 开启绑定功能switch (config_if_ethernet1/0/1)# sw p mac 00-a0-d1- d1-07-ff 添加静态MAC地址switch (config_if_ethernet1/0/1)# sw p max 4 绑定MAC地址的个数（默认为1）动态绑定(实验中交换机没有动态绑定命令)switch (config)# in e1/0/1switch (config_if_ethernet1/0/1)# sw p (port-security) 开启绑定功能switch (config_if_ethernet1/0/1)# sw port-security lockswitch (config_if_ethernet1/0/1)# sw port-security convert 将动态学习到绑定MAC的进行绑定switch # sh port-s add 查看绑定的地址8.交换机DHCP服务器配置switch (config)# service dhcp 启用DHCPswitch (config)# ip dh po poolA定义地址池poolAswitch (dhcp-poolA- config)# netw (network-address) 192.168.1.0 24switch (dhcp-poolA- config)# de (default-router) 192.168.1.254网关switch (dhcp-poolA- config)# dn 60.191.244.5DNS服务器switch (dhcp-poolA- config)# le 3租期3天switch (dhcp-poolA- config)# exswitch (config)# ip dh ex (excluded-add) 192.168.1.252 192.168.1.254 排除地址范围9.保留地址（一个地址池中只能配一个IP-MAC的绑定）switch (config)# ip dh po poolCswitch (dhcp-poolC- config)# ho 192.168.1.100 绑定的IP地址switch (dhcp-poolC- config)# ha (hardware-add) 00-a0-d1- d1-07-ff 绑定的MAC地址switch (dhcp-poolC- config)# de 192.168.1.254 网关10.ACL访问控制列表switchA (config)# ip ac s (standard) test命名标准IP访问列表switchA (config-std-nacl-test)# d (deny) 192.168.100.0 0.0.0.255反子网掩码（路由器上为子网掩码）switchA (config-std-nacl-test)# d 192.168.200.0 0.0.0.255switchA (config-std-nacl-test)# p (permit) a (permit any) 允许所有switchA (config-std-nacl-test)# exswitchA (config)# fir e (firewall enable) 开启ACL功能switchA (config)# in e1/0/1switchA (config-if-interface1/0/1)# ip ac (access-group) test in/out 进in出out （二层交换机上不支持out）11.配置时间范围switchA (config)# time-r worktimeswitchA (config-time-range)# p (periodic) weekd 9:0:0 to 18:0:012.VRRP虚拟路由器冗余协议Master BackupswitchA (config)# router v 1 switchB (config_router)# router v 1switchA (config_router)# v (virtual-ip) 192.168.1.254 switchB (config_router)# v 192.168.1.254 switchA (config_router)# i v 1 (interface vlan 1) switchB (config_router)# i v 1switchA (config_router)# pri 110 switchB (config_router)# enaswitchA (config_router)# c (circuit-failover) v 10 20switchA (config_router)# ena13.DHCP中继DHCP_relay (config)# service dhcp 全局开启DHCP服务DHCP_relay (config)# ip fo u b (ip forward-protocol udp bootps) 全局开启转发DHCP_relay (config)# in vl 10DHCP_relay (config-if-vlan10)# ip h 172.16.1.1 转发到DHCP服务器地址14.DHCP侦听DHCP (config)# service dhcpDHCP (config)# ip dh sn e 开启DHCP侦听功能DHCP (config)# in e1/0/1DHCP (config-if-ethernet1/0/1)# ip d s t (ip dhcp snooping trust)设置上联口为信任口15.端口隔离Switch (config)# is g test s i e1/0/1-2 (isolate-port group test switchport interface e1/0/1-2)e1/0/1-2口不能互相通信，可以和其它端口通信。