Cau Hinh SW Core 3705

2. Ki?m tra c?
u h�nh tr�n Cisco Core switch 3750

a) Ki?m tra file c?u h�nh
SG1-CSW-002#show running-config
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SG1-CSW-002
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$E6YG$d393NpryPXZ14SSb7DpEU0
!
username nkcsw privilege 15 secret 5 $1$F5dW$ryYEOxcuzxRVYsAJY7PrM0
no aaa new-model
switch 1 provision ws-c3750e-24td
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-2496931328
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2496931328
revocation-check none
rsakeypair TP-self-signed-2496931328
!
!
crypto pki certificate chain TP-self-signed-2496931328
certificate self-signed 01
30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343936 39333133 3238301E 170D3933 30333031 30303031
32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34393639
33313332 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BA2D 134F0E0E 1A96A77E 64A6FB50 F9D4A7F7 B16D7191 068CD66D 908D20C7
8006922F 1D18E1F6 9287C7A9 5319B1DC D421C47F 6B3A8755 6BE84923 C9D26035
1FB661B2 AAA62EC4 E6714BDF 5B995835 519C0427 92E34266 17AA5943 C7B51605
674EB724 FB995CF1 C8814A94 6E3D3636 EEE19DFD 8D78D40F BC19F639 6E422B1B
15BD0203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
551D1104 10300E82 0C534731 2D435357 2D303032 2E301F06 03551D23 04183016
8014FBE1 692ED8A2 9D53C01E A4DAADA3 B72719CA FEBC301D 0603551D 0E041604
14FBE169 2ED8A29D 53C01EA4 DAADA3B7 2719CAFE BC300D06 092A8648 86F70D01
01040500 03818100 B24B1D4A 5A97A4CC 107849A9 4F689D67 794AB405 96CB2F17
9A1B842B C10C66B6 B146F8F3 5729B593 BB6A7608 ECBD3AFA 138D1F22 B2726CBE
CEF0BCAB 6602308A F2D34A71 E41203D0 78BBEC31 47C670E3 BD0C063F 9733B8BD
AFBBF3CE C6BDA6CF DD43DCF6 EE2ACAF6 A0C1810B 10666DDC 42F20101 68D67292
E8500738 E7AED74C
quit
!
!
!
!
!
archive
log config
logging enable
notify syslog contenttype plaintext
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 2-10,12-13,40-41,50-58 priority 28672
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
description ***** EtherChannel Port G0/23 - G0/24 *****
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
description ***** EtherChannel Port G0/21 - G0/22 BladeServer *****
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1
description connect ASA5520
switchport access vlan 100
switchport mode access
!
description connect ASA5520
!
switchport trunk allowed vlan 8,13,40,41,50-58
ip dhcp snooping limit rate 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
description connect to TONGDAI
!
description connect to TONGDAI
!
description ***** Trunk Connection to BLADE SERVER *****
channel-group 2 mode on
!
description ***** Trunk Connection to BLADE SERVER *****
!
description ***** Trunk Connection to Core Sw4505 *****
!
description ***** Trunk Connection to Core Sw4505 *****
!
!
!
!
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 172.16.1.62 255.255.255.192
ip helper-address 172.16.1.66
standby 0 ip 172.16.1.1
standby 0 preempt
!
interface Vlan3
ip address 172.16.1.126 255.255.255.192
standby 0 ip 172.16.1.65
standby 0 preempt
!
interface Vlan4
ip address 172.16.5.158 255.255.255.224
standby 0 ip 172.16.5.129
standby 0 preempt
!
interface Vlan5
ip address 172.16.1.158 255.255.255.240
standby 0 ip 172.16.1.145
standby 0 preempt
!
interface Vlan6
ip address 172.16.1.142 255.255.255.240
standby 0 ip 172.16.1.129
standby 0 preempt
!
interface Vlan8
ip address 172.16.11.254 255.255.252.0
ip access-group DESKTOP_OUT in
standby 0 ip 172.16.8.1
standby 0 preempt
!
interface Vlan9
ip address 172.16.4.254 255.255.255.0
standby 0 ip 172.16.4.1
standby 0 preempt
!
interface Vlan10
ip address 172.16.3.254 255.255.255.0
standby 0 ip 172.16.3.1
standby 0 preempt
!
interface Vlan12
ip address 172.16.1.254 255.255.255.192
standby 0 ip 172.16.1.193
standby 0 preempt
!
interface Vlan13
ip address 172.16.2.126 255.255.255.192
ip access-group VIDEOCONFERENCE_OUT in
standby 0 ip 172.16.2.65
standby 0 preempt
!
interface Vlan40
ip address 172.16.5.62 255.255.255.192
standby 0 ip 172.16.5.1
standby 0 preempt
!
interface Vlan41
ip address 172.16.5.126 255.255.255.192
standby 0 ip 172.16.5.65
standby 0 preempt
!
interface Vlan42
ip address 172.16.13.30 255.255.255.224
standby 0 ip 172.16.13.1
standby 0 preempt
!
interface Vlan50
ip address 172.16.2.62 255.255.255.192
shutdown
standby 0 ip 172.16.2.1
standby 0 preempt
!
interface Vlan51
ip address 172.16.2.254 255.255.255.128
shutdown
standby 0 ip 172.16.2.129
standby 0 preempt
!
interface Vlan52
ip address 172.16.6.62 255.255.255.192
standby 0 ip 172.16.6.1
standby 0 preempt
!
interface Vlan53
ip address 172.16.6.94 255.255.255.224
standby 0 ip 172.16.6.65
standby 0 preempt
!
interface Vlan54
ip address 172.16.6.126 255.255.255.224
shutdown
standby 0 ip 172.16.6.97
standby 0 preempt
!
interface Vlan55
ip address 172.16.6.254 255.255.255.128
shutdown
standby 0 ip 172.16.6.129
standby 0 preempt
!
interface Vlan56
ip address 172.16.7.126 255.255.255.128
shutdown
standby 0 ip 172.16.7.1
standby 0 preempt
!
interface Vlan57
ip address 172.16.7.254 255.255.255.128
shutdown
standby 0 ip 172.16.7.129
standby 0 preempt
!
interface Vlan70
no ip address
ip access-group DESKTOP_OUT in
!
interface Vlan100
ip address 172.16.0.37 255.255.255.248
standby 0 ip 172.16.0.34
standby 0 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.33
ip route 118.69.126.0 255.255.255.0 172.16.0.25
ip route 172.16.0.0 255.255.255.240 172.16.0.25
ip route 172.16.12.0 255.255.255.0 172.16.0.25
ip http server
ip http secure-server
!
ip access-list extended DESKTOP_OUT
remark ####################################
remark Cho phep ket noi TCP
permit tcp any any established
remark ####################################
remark Cho phep Ping
permit icmp any any
remark ####################################
remark Cho phep ket noi AgriBank
permit tcp any host 192.168.19.21 eq 16010
remark ####################################
remark Cho phep SG1-MGT-003 noi SNMP
permit udp host 172.16.8.116 any
remark Cho phep den MGT noi WSUS
permit tcp any 172.16.5.128 0.0.0.31 eq 8530
remark ####################################
permit ip any host 172.16.5.132
permit ip host 172.16.9.128 host 172.16.6.9
permit ip host 172.16.8.159 any
permit tcp any host 172.16.3.4
remark ####################################
remark Cho phep den SG3-MGT-100 remote admin den kho
permit tcp host 172.16.8.45 any eq 4899
permit tcp host 172.16.8.45 any eq 445
remark ####################################
remark Cho phep IT co ip 8.20-23 remote den mgt-100
permit tcp 172.16.8.16 0.0.0.4 host 172.16.5.151 eq 3389
permit tcp 172.16.8.16 0.0.0.4 host 172.16.6.26 eq 3389
permit tcp host 172.16.8.24 host 172.16.5.151 eq 3389
permit tcp host 172.16.8.24 host 172.16.6.26 eq 3389
remark ####################################
remark Conference
remark ####################################
remark Cam Remote Desktop- Telnet
deny tcp any any eq 3389
deny tcp any any eq 5900
deny tcp any any eq telnet
remark ####################################
remark Cho phep truy cap SQL
permit tcp any any range 1433 1434
remark ####################################
remark Cho phep truy cap den AD-Netbios
permit tcp any 172.16.1.64 0.0.0.63 eq 445
permit udp any 172.16.1.64 0.0.0.63 eq 445
permit tcp any 172.16.1.64 0.0.0.63 eq 88
permit udp any 172.16.1.64 0.0.0.63 eq 88
permit tcp any 172.16.1.64 0.0.0.63 eq 389
permit udp any 172.16.1.64 0.0.0.63 eq 389
permit tcp any 172.16.1.64 0.0.0.63 eq 135
permit tcp any 172.16.1.64 0.0.0.63 eq 139
permit udp any 172.16.1.64 0.0.0.63 eq 135
permit udp any 172.16.1.64 0.0.0.63 eq netbios-ns
permit udp any 172.16.1.64 0.0.0.63 eq netbios-dgm
permit udp any 172.16.1.64 0.0.0.63 eq netbios-ss
permit tcp any 172.16.1.64 0.0.0.63 eq 3268
permit tcp any 172.16.1.64 0.0.0.63 eq 1025
permit tcp any 172.16.1.64 0.0.0.63 eq 1026
remark ####################################
remark Cho phep truy cap Datafile tam thoi den SG1-DCL-002 de lay Certificate
remark ####################################
remark Cho phep chat noi bo
permit tcp any any eq 10001
remark ####################################
remark Cho phep truy cap den AD-DNS
permit tcp any 172.16.1.64 0.0.0.63 eq domain
permit udp any 172.16.1.64 0.0.0.63 eq domain
remark ####################################
remark Cho phep truy cap den AD-Time
permit udp any 172.16.1.64 0.0.0.63 eq ntp
permit udp any 172.16.1.64 0.0.0.63 eq time
remark ####################################
remark Cho phep truy cap den AD-DHCP
permit udp any any eq bootps
permit udp any any eq bootpc
remark ####################################
remark Cho phep truy cap Datafile tam thoi den lop DATA
permit tcp any 172.16.1.0 0.0.0.63 eq 445
permit udp any 172.16.1.0 0.0.0.63 eq 445
permit udp any host 172.16.17.8 eq 445
remark ####################################
remark Cho phep truy cap Datafile den lop DATA Message
permit tcp any 172.16.1.128 0.0.0.31 eq 139
permit udp any 172.16.1.128 0.0.0.31 eq 135
permit tcp any 172.16.1.128 0.0.0.31 eq 445
permit udp any 172.16.1.128 0.0.0.31 eq 445
remark ####################################
remark Cho phep truy cap Datafile den lop MGT
remark ####################################
remark Cho phep truy cap den WWW
permit tcp any any eq www
remark ####################################
remark Cho phep truy cap den MailServer
permit tcp any 172.16.1.144 0.0.0.15
remark ####################################
remark Cho phep lien lac Tong dai
permit ip any 172.16.1.192 0.0.0.63
remark ####################################
remark Cho phep update Kaspersky
remark ####################################
remark Cho phep truy cap Webservices
remark ####################################
remark Cho phep truy cap web bang proxy 8080
remark ####################################
remark Cho Phep FTP
permit tcp any any eq ftp-data
permit tcp any any eq ftp
permit udp any any eq 20
permit udp any any eq 21
remark ####################################
remark Cho Phep truyen file giua cac site, IP: 172.16.8.0-15
permit tcp 172.16.8.0 0.0.0.15 any eq 445
remark ####################################
remark Cho phep Video Conference
permit ip any 172.16.2.64 0.0.0.63
permit ip any 172.16.18.64 0.0.0.63
permit ip any 172.17.2.64 0.0.0.63
remark ####################################
remark Cho phep Netmeeting
permit udp any any range 1024 65535
remark ####################################
remark Chat LCS
permit tcp any host 172.16.6.55 range 1024 65535
permit udp any host 172.16.6.55 range 1024 65535
permit tcp any host 172.16.6.55 range 6891 6901
deny ip any any
!
logging trap debugging
logging 172.16.5.138
!
control-plane
!
!
line con 0
line vty 0 4
password nkhpt
login local
transport input ssh
line vty 5 15
password nkhpt
login local
transport input ssh
!
!
monitor session 1 source interface Gi1/0/9
monitor session 1 destination interface Gi1/0/20
ntp server 192.168.2.19
end
SG1-CSW-002#
b) Ki?m tra t�nh tr?ng c�c interface
SG1-CSW-002#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up up
Vlan2 172.16.1.62 YES NVRAM up up
Vlan8 172.16.11.254 YES manual up up
Vlan50 172.16.2.62 YES NVRAM administratively down down
Vlan70 unassigned YES NVRAM up up
FastEthernet0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/20 unassigned YES unset up down
GigabitEthernet1/0/25 unassigned YES unset down down
Te1/0/1 unassigned YES unset down down
Te1/0/2 unassigned YES unset down down
Port-channel1 unassigned YES unset up up
Port-channel2 unassigned YES unset up up
SG1-CSW-002#
c) Ki?m tra th�ng tin vlan
SG1-CSW-002#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/25, Gi1/0/26
Gi1/0/27, Gi1/0/28
2 Data active Gi1/0/12, Gi1/0/13
Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17
Gi1/0/18
3 Core active Gi1/0/11
4 Management active
5 MessagingEnd active
6 MessagingFront active
8 Desktop active Gi1/0/9, Gi1/0/10
9 Mobile active
10 Camera active
12 ContactCenter active Gi1/0/19
13 VideoConference active
14 siemens active
40 CoreDevices active
41 UserDevices active
42 VTS active
50 Kioks active
51 Customers active
52 IT active
53 HR active
54 Director active
55 Marketing active
56 Account active
57 Sale active
70 other active
100 VLAN0100 active Gi1/0/1, Gi1/0/2
200 Internet active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SG1-CSW-002#
d) Ki?m tra th�ng tin port trunk
SG1-CSW-002#show interfaces trunk
Port Mode Encapsulation Status Native vlan

Gi1/0/3 on 802.1q trunking 1
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1
Port Vlans allowed on trunk

Gi1/0/3 8,13,40-41,50-58
Gi1/0/4 8,13,40-41,50-58
Gi1/0/5 8,13,40-41,50-58
Gi1/0/6 8,13,40-41,50-58
Gi1/0/7 8,13,40-41,50-58
Gi1/0/8 8,13,40-41,50-58
Po1 1-4094
Po2 1-4094
Port Vlans allowed and active in management domain

Gi1/0/3 8,13,40-41,50-57
Gi1/0/4 8,13,40-41,50-57
Gi1/0/5 8,13,40-41,50-57
Gi1/0/6 8,13,40-41,50-57
Gi1/0/7 8,13,40-41,50-57
Gi1/0/8 8,13,40-41,50-57
Po1 1-6,8-10,12-14,40-42,50-57,70,100,200
Po2 1-6,8-10,12-14,40-42,50-57,70,100,200
Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/3 8,13,40-41,50-57
Gi1/0/4 8,13,40-41,50-57
Gi1/0/5 8,13,40-41,50-57
Gi1/0/6 8,13,40-41,50-57
Gi1/0/7 8,13,40-41,50-57
Gi1/0/8 8,13,40-41,50-57
Po1 1-6,8-10,12-14,40-42,50-57,70,100,200
Po2 1-6,8-10,12-14,40-42,50-57,70,100,200
SG1-CSW-002#
e) Ki?m tra th�ng tin vtp
SG1-CSW-002#show vtp status
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 15
Maximum VLANs supported locally : 1005
Number of existing VLANs : 30
VTP Operating Mode : Client
VTP Domain Name : NguyenKim
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x62 0xD5 0x63 0xA4 0x53 0x65 0xC0 0xE6
Configuration last modified by 172.16.1.61 at 2-8-11 23:31:12
SG1-CSW-002#
SG1-CSW-002#show vtp password
VTP Password: VLAN!@#VTP&*(
SG1-CSW-002#
f) Ki?m tra th�ng tin etherchannel
SG1-CSW-002#
SG1-CSW-002#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 2

Number of aggregators: 2
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Gi1/0/23(P) Gi1/0/24(P)
2 Po2(SU) - Gi1/0/21(P) Gi1/0/22(P)
SG1-CSW-002#
SG1-CSW-002#show etherchannel detail
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Gi1/0/23
------------
Port state = Up Mstr In-Bndl

Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 5d:02h:13m:41s
Port: Gi1/0/24
------------

Port-channels in the group:

---------------------------
Port-channel: Po1
------------
Age of the Port-channel = 5d:06h:54m:58s

Logical slot/port = 10/1 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits

------+------+------+------------------+-----------
0 00 Gi1/0/23 On 0
0 00 Gi1/0/24 On 0
Time since last port bundled: 5d:02h:13m:41s Gi1/0/24

Time since last port Un-bundled: 5d:02h:15m:19s Gi1/0/24
Group: 2
----------
Group state = L2
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Gi1/0/21
------------

Port: Gi1/0/22
------------

Port-channels in the group:

---------------------------
Port-channel: Po2
------------
Age of the Port-channel = 5d:06h:54m:59s

Logical slot/port = 10/2 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits

------+------+------+------------------+-----------
0 00 Gi1/0/21 On 0
0 00 Gi1/0/22 On 0
Time since last port bundled: 5d:06h:54m:50s Gi1/0/22
SG1-CSW-002#
g) Ki?m tra th�ng tin d?nh tuy?n
SG1-CSW-002#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.0.33 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 16 subnets, 6 masks

C 172.16.1.144/28 is directly connected, Vlan5
S* 0.0.0.0/0 [1/0] via 172.16.0.33
SG1-CSW-002#
h) Ki?m tra th�ng tin access-list
SG1-CSW-002#show access-lists DESKTOP_OUT
Extended IP access list DESKTOP_OUT
10 deny ip 172.16.8.0 0.0.3.255 host 172.16.5.133
20 deny ip 172.16.8.0 0.0.3.255 host 172.16.5.132
30 permit tcp 172.16.8.0 0.0.3.255 172.16.5.128 0.0.0.31 eq 9300
40 permit tcp 172.16.8.0 0.0.3.255 host 172.16.1.210 eq 5060
50 permit udp 172.16.8.0 0.0.3.255 host 172.16.1.210 eq 5060
60 permit tcp any any established
70 permit icmp any any
80 permit tcp any host 192.168.19.21 eq 16010
90 permit udp host 172.16.8.116 any (4 matches)
100 permit tcp any 172.16.5.128 0.0.0.31 eq 8530
110 permit ip any host 172.16.5.132
150 permit ip host 172.16.9.128 host 172.16.6.9
160 permit ip host 172.16.8.159 any (9 matches)
170 permit tcp any host 172.16.3.4
180 permit tcp host 172.16.8.45 any eq 4899
190 permit tcp host 172.16.8.45 any eq 445
220 permit tcp host 172.16.8.24 host 172.16.5.151 eq 3389
230 permit tcp host 172.16.8.24 host 172.16.6.26 eq 3389
250 deny tcp any any eq 3389
260 deny tcp any any eq 5900
270 deny tcp any any eq telnet
280 permit tcp any any range 1433 1434
290 permit tcp any 172.16.1.64 0.0.0.63 eq 445
300 permit udp any 172.16.1.64 0.0.0.63 eq 445
310 permit tcp any 172.16.1.64 0.0.0.63 eq 88
320 permit udp any 172.16.1.64 0.0.0.63 eq 88
330 permit tcp any 172.16.1.64 0.0.0.63 eq 389
340 permit udp any 172.16.1.64 0.0.0.63 eq 389
350 permit tcp any 172.16.1.64 0.0.0.63 eq 135
360 permit tcp any 172.16.1.64 0.0.0.63 eq 139
370 permit udp any 172.16.1.64 0.0.0.63 eq 135
380 permit udp any 172.16.1.64 0.0.0.63 eq netbios-ns
390 permit udp any 172.16.1.64 0.0.0.63 eq netbios-dgm
400 permit udp any 172.16.1.64 0.0.0.63 eq netbios-ss
410 permit tcp any 172.16.1.64 0.0.0.63 eq 3268
420 permit tcp any 172.16.1.64 0.0.0.63 eq 1025
430 permit tcp any 172.16.1.64 0.0.0.63 eq 1026
450 permit tcp any any eq 10001
470 permit tcp any 172.16.1.64 0.0.0.63 eq domain
480 permit udp any 172.16.1.64 0.0.0.63 eq domain
490 permit udp any 172.16.1.64 0.0.0.63 eq ntp
500 permit udp any 172.16.1.64 0.0.0.63 eq time
510 permit udp any any eq bootps (428 matches)
520 permit udp any any eq bootpc (104 matches)
530 permit tcp any 172.16.1.0 0.0.0.63 eq 445
540 permit udp any 172.16.1.0 0.0.0.63 eq 445
560 permit udp any host 172.16.17.8 eq 445
580 permit tcp any 172.16.1.128 0.0.0.31 eq 139
590 permit udp any 172.16.1.128 0.0.0.31 eq 135
600 permit tcp any 172.16.1.128 0.0.0.31 eq 445
610 permit udp any 172.16.1.128 0.0.0.31 eq 445
660 permit tcp any any eq www
690 permit tcp any 172.16.1.144 0.0.0.15
700 permit ip any 172.16.1.192 0.0.0.63
750 permit tcp any any eq ftp-data
760 permit tcp any any eq ftp
770 permit udp any any eq 20
780 permit udp any any eq 21
790 permit tcp 172.16.8.0 0.0.0.15 any eq 445
800 permit ip any 172.16.2.64 0.0.0.63
810 permit ip any 172.16.18.64 0.0.0.63
820 permit ip any 172.17.2.64 0.0.0.63
880 permit udp any any range 1024 65535 (874 matches)
930 permit tcp any host 172.16.6.55 range 1024 65535
940 permit udp any host 172.16.6.55 range 1024 65535
950 permit tcp any host 172.16.6.55 range 6891 6901
960 deny ip any any (8499 matches)
SG1-CSW-002#
i) Ki?m tra th�ng tin HSRP
SG1-CSW-002#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 0 100 P Standby 172.16.1.61 local 172.16.1.1
Vl50 0 100 P Init unknown unknown 172.16.2.1
SG1-CSW-002#show standby all

Vlan2 - Group 0
State is Standby
4 state changes, last state change 5d02h
Virtual IP address is 172.16.1.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.336 secs
Preemption enabled
Active router is 172.16.1.61, priority 200 (expires in 9.584 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl2-0" (default)
Vlan3 - Group 0
State is Standby
Preemption enabled
Vlan4 - Group 0
State is Standby
Preemption enabled
Vlan5 - Group 0
State is Standby
Preemption enabled
Vlan6 - Group 0
State is Standby
Preemption enabled
Vlan8 - Group 0
State is Standby
1 state change, last state change 00:37:28
Preemption enabled
Vlan9 - Group 0
State is Standby
Preemption enabled
Vlan10 - Group 0
State is Standby
Preemption enabled
Vlan12 - Group 0
State is Standby
Preemption enabled
Vlan13 - Group 0
State is Standby
Preemption enabled
Vlan40 - Group 0
State is Standby
Preemption enabled
Vlan41 - Group 0
State is Standby
Preemption enabled
Vlan42 - Group 0
State is Standby
Preemption enabled
Vlan50 - Group 0
State is Init (interface down)
Active virtual MAC address is unknown
Preemption enabled
Active router is unknown
Standby router is unknown
Vlan51 - Group 0
Preemption enabled
Vlan52 - Group 0
State is Standby
Preemption enabled
Vlan53 - Group 0
State is Standby
Preemption enabled
Vlan54 - Group 0
Preemption enabled
Vlan55 - Group 0
Preemption enabled
Vlan56 - Group 0
Preemption enabled
Vlan57 - Group 0
Preemption enabled
Vlan100 - Group 0
State is Standby
Preemption enabled
SG1-CSW-002#

Cau Hinh SW Core 3705

Uploaded by

Copyright:

Available Formats

You might also like

Cau Hinh SW Core 3705

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cau Hinh SW Core 3705

Uploaded by

Copyright:

Available Formats

2. Ki?m tra c?

u h�nh tr�n Cisco Core switch 3750

VLAN Name Status Ports

Port Mode Encapsulation Status Native vlan

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

M - not in use, minimum links not met

Number of channel-groups in use: 2

Group Port-channel Protocol Ports

Port state = Up Mstr In-Bndl

Age of the port in the current state: 5d:02h:13m:41s

Port state = Up Mstr In-Bndl

Age of the port in the current state: 5d:02h:13m:41s

Port-channels in the group:

Age of the Port-channel = 5d:06h:54m:58s

Ports in the Port-channel:

Index Load Port EC state No of bits

Time since last port bundled: 5d:02h:13m:41s Gi1/0/24

Port state = Up Mstr In-Bndl

Age of the port in the current state: 5d:06h:54m:50s

Port state = Up Mstr In-Bndl

Age of the port in the current state: 5d:06h:54m:50s

Port-channels in the group:

Age of the Port-channel = 5d:06h:54m:59s

Ports in the Port-channel:

Index Load Port EC state No of bits

Time since last port bundled: 5d:06h:54m:50s Gi1/0/22

Gateway of last resort is 172.16.0.33 to network 0.0.0.0

172.16.0.0/16 is variably subnetted, 16 subnets, 6 masks

SG1-CSW-002#show standby all

You might also like