1．   利用接入层交换机端口ACL对一些特殊需求进行限制：可以利用port acl 进行同网段不通机器间通信限制；也可以限制某网段内某些机器不能访问某种资源，而别的机器可以。具体配置同普通ACL，将其应用在接入层交换机某个端口上即可。2．   CISCO的ACL对分片数据的处理行为：对于分片的TCP数据，CISCO按以下方式处理：如果是permit条目，对于分片的数据只检查3层中的内容。如果是deny条目，则永远也不会匹配分片数据。...

DHCP Snooping DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database, also referred to as a DHCP snooping binding table. For more i...

VAN10,VLAN20,VLAN30要求 VLAN20,30都能访问VLAN10,但20,30之间不能相互访问.1.用策略路由控制,让去往VLAN10的被路由到正确接口,其他的都被送到丢弃口access-list 100 permit ip any 192.168.10.0 0.0.0.255route-map tovlan1 permit 10match address 100set default interface f 0/0.10route-map tovlan1 permit 20s...

Usage Guidelines Each Ethernet switch port and Ethernet repeater group belong to only one VLAN. Trunk ports can be on multiple VLANs. If you shut down a VLAN using the state suspend or the state active command, these values appear in the Status field...

Note: This section is only applicable for 10/100/1000 Mbps (1000BASE-T) NICs, and not 1000BASE-X NICs.Table 1—Autonegotiation Valid Configuration Table Configuration NIC (Speed/Duplex) ...

http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080094b55.shtml看原始文档,内容较多...

Background InformationWhen troubleshooting multicast routing, the primary concern is the source address. Multicast has a concept of Reverse Path Forwarding check (RPF check). When a multicast packet arrives on an interface, the RPF process checks to ...

Software SwitchingSoftware switching occurs when traffic cannot be processed in hardware. The following types of exception packets are processed in software at a much slower rate: Packets that use IP header options ...

本来是看一个题目觉得奇怪的,于是去查CISCO 文档,结果发现那个题目就是CISCO 文档上的东西.只是这个文档本来是发布IOS  bug的一个通告,下面是关键内容.Loopback Test: Test for a spanning-tree BPDU error. A crossover cable should be connected between two unused access ports. In this case, FastEthernet0/1 and FastE...

Configuring Authentication Authentication verifies users before they are allowed access to the network and network services. The Cisco IOS software implementation of authentication is divided into two main categories: • AAA Authentication M...

Understanding Voice VLAN The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. The switch can connect to a Cisco 7960 IP Phone and carry IP voice traffic. Because the sound quality of an IP phone call can deteri...

人邮讲的太晦涩,看了CISCO 的文档,大概理解翻译了下,有错的请至正.另外,关于他们之间交换BPDU的过程我还不是十分很了解.望战友帮助讲解.先解释一些名词,不然下面就乱了:1.       IST: IST是一个MST区域的生成树,它维护和计算机这个MST 区域内的SPT,MST实例0就是一个特殊的MST实例,这个实例就叫 IST. 也就是说可以把IST看成是每个MST区域的外界表现2.    ...

To determine the best path is the primary function of routing protocols, and this can be aCPU-intensive process. Thus, there is a significant performance increase with the offloadof a portion of this function to switching hardware. This performance i...

Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(4)EA1 Index Preface Product Overview Using the Command-Line Interface Getting Started with CMS Assigning the Swi...

Catalyst 6500 Series Cisco IOS Command Reference, 12.1 E show spanning-tree To display information about the spanning tree state, use the show spanning-tree command. show spanning-tree [bridge-group | active | backbonefast | {bridge [id]}| detail | i...

POST是Power On Self Test， 也就是加电自检。 Cisco的2900系列交换机在POST阶段会执行8个不同的测试来分别检测交换机里最重要的一些元件是否正常工作。正常情况下， 当POST开始的时候， 每个端口上的LED灯都是黄的并持续2秒钟， 然后都变绿。 每通过一个测试， 就有一个端口上的绿灯熄掉（从端口1开始）。 所以当8个测试都成功结束的时候， 交换机上的前8个端口上的灯应该都会熄掉。 如果某个测试失败， 对应的那个端口上的灯就会变黄， 而且最左边的“Syst...

实验1 交换机的启动及基本配置:1924交换机上配置：sw1924_b#delete nvram----------全部清除交换机的所有配置sw1924_b#reload----------------重新启动交换机（初始提示符为> )sw1924_b<config>#hostname sw1924---------------------------设置交换机的主机名>sw1924_b<config>#enable secret cisco---------...