Switch>enable

Switch#configure terminal
Switch(config)#hostname SW1
SW1(config)#no ip domain lookup

_______________________________________________________________________________

TWORZENIE VLANÓW(10,20,30)

SW1(config)#vlan 10
SW1(config-vlan)#name maciek
SW1(config-vlan)#exit

SW1(config)#vlan 20
SW1(config-vlan)#name rzeszow
SW1(config-vlan)#exit

SW1(config)#vlan 30
SW1(config-vlan)#name dworak
SW1(config-vlan)#exit
_______________________________________________________________________________

PODGLĄD VLANÓW

SW1(config)#exit
SW1#sh vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 maciek active
20 rzeszow active
30 dworak active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
_______________________________________________________________________________

USTAWIANIE IP NA VLANIE 10

SW1(config)#interface vlan 10
SW1(config-if)#ip address 192.168.0.2 255.255.255.0
SW1(config-if)#no shutdown
_______________________________________________________________________________

PRZYPISANIE NA PORTÓW DO VLANU

SW1(config)#interface range fastEthernet 0/1-8

SW1(config-if-range)#
SW1(config-if-range)#switchport access vlan 10
SW1(config-if-range)#exit
SW1(config)#interface range fastEthernet 0/9-16
SW1(config-if-range)#switchport access vlan 20
SW1(config-if-range)#exit

SW1(config)#interface range fastEthernet 0/17-24

SW1(config-if-range)#switchport access vlan 30
SW1(config-if-range)#end
_______________________________________________________________________________

PODGLĄD VLANÓW

SW1#sh vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Gig0/1, Gig0/2
10 maciek active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
20 rzeszow active Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
30 dworak active Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
_______________________________________________________________________________

TRUNK

SW1(config)#interface gigabitEthernet 0/1

SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20,30
SW1(config-if)#no shutdown
_______________________________________________________________________________

WŁAŚCIWOŚCI PORTU

SW1(config)#interface gigabitEthernet 0/1

SW1(config-if)#duplex auto
SW1(config-if)#speed auto
SW1(config-if)#mdix auto
SW1(config-if)#exit
_______________________________________________________________________________

SPRAWDZENIE

SW1#sh interfaces gigabitEthernet 0/1

GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Lance, address is 0060.5ca1.eb19 (bia 0060.5ca1.eb19)
BW 1000000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
956 packets input, 193351 bytes, 0 no buffer
Received 956 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
2357 packets output, 263570 bytes, 0 underruns

_______________________________________________________________________________

SSH

SW1(config)#ip domain-name zse.pl

SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.zse.pl
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

SW1(config)#username admin secret admin

SW1(config)#line vty 0 15
SW1(config-line)#login local

SW1(config-line)#transport input ssh

SW1(config)#enable secret admin

SW1(config)#ip ssh ?
authentication-retries Specify number of authentication retries
time-out Specify SSH time-out interval
version Specify protocol version to be supported

SW1(config)#ip ssh version ?

<1-2> Protocol version
SW1(config)#ip ssh version 2

SW1(config)#ip ssh time-out ?

<1-120> SSH time-out interval (secs)
SW1(config)#ip ssh time-out 100

SW1(config)#ip ssh authentication-retries ?

<0-5> Number of authentication retries
SW1(config)#ip ssh authentication-retries 2
_______________________________________________________________________________

WYŁĄCZANIE PORTÓW

Switch(config)#interface range fastEthernet 0/4-24

Switch(config-if-range)#shutdown
_______________________________________________________________________________

ZABEZPIECZANIE PORTU 1
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport port-security ?
aging Port-security aging commands
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>

Switch(config-if)#switchport port-security maximum ?

<1-132> Maximum addresses
Switch(config-if)#switchport port-security maximum 1

Switch(config-if)#switchport port-security mac-address ?

H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky
Switch(config-if)#switchport port-security mac-address sticky

Switch(config-if)#switchport port-security violation ?

protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#end

Switch#sh port-security interface fastEthernet 0/1

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

_______________________________________________________________________________

WŁĄCZENIE PO PRZEPIECIU PORTU

Switch(config-if)#shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

Switch(config-if)#no shutdown
_______________________________________________________________________________

BLOKOWANIE FAŁSZYWEGO DHCP

Switch(config)#ip dhcp snooping

_______________________________________________________________________________

DZIAŁANIE PRZCIWKO SNOOPINGOWE

Switch(config)#interface gigabitEthernet 0/2

Switch(config-if)#ip dhcp snooping trust
_______________________________________________________________________________