20201230 cisco STP

課堂資料

SpanningTree.pdf
527KB
PDF

FDB

Spanning Tree Steps

  • Find the Root Bridge
    • 最小:priority ( 可手動設定,預設值為32768 + Vlan ID) + MAC address
  • Find the Root Port
  • Find the Designated Port ( D Port )

AAA Tacacs

課堂練習

STP

sw1
sw2
sw3
VPC4
VPC5
do sh spanning-tree
do sh spanning-tree
do sh spanning-tree
ip 192.168.1.1 255.255.255.0
ping 192.168.1.2
ip 192.168.1.2 255.255.255.0
ping 192.168.1.1

Ether Channel

sw6
sw7
int range e0/0 - 1
channel-group 1 mode on
do sh etherchannel summary
do sh spanning-tree
int range e0/0 - 1
shut
channel-group 1 mode on
no shut
do sh etherchannel summary
do sh spanning-tree

AAA Tacacs

Part 01.

Linux
wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz
tar zxvf tacacs-F4.0.4.28.tar.gz
cd tacacs-F4.0.4.28
./configure
apt install bison
apt install bison --fix-missing
apt install libwrap0-dev
./configure
make install
gedit /etc/ld.so.conf

ld.so.conf

include /etc/ld.so.conf.d/*.conf
/usr/lib

Part 02.

Linux
R2
R3
ip addr add 192.168.1.2/24 brd + dev eth0
ping 192.168.1.1

新增 user

useradd anida
passwd anida

安裝 tac plus

./tac_pwd
gedit tac_plus.conf

tac_plus.conf

key = ccie
accounting file = /var/log/tac.acct
user = user {
member = user5
login = des aerYSwBGbhIlo
}
group = user5 {
service = exec {
priv-lvl = 5
}
}

執行 tacacs+ server

./tac_plus -C ./tac_plus.conf -G
int e0/0
ip add 23.1.1.2 255.255.255.0
no shut
exit

啟動 AAA New-Model

aaa new-model

設定 TACACS+ 資料

tacacs server TACACS-SERVER
add ipv4 192.168.1.2
key ccie
exit

設定 Authentication

aaa authentication login List_Login group tacacs+ local
line console 0
login authentication List_Login
line vty 0 4
login authentication List_Login
aaa authentication enable default group tacacs+ enable

設定 Authorization

aaa authorization exec List_Priv group tacacs+ local
line console 0
authorization exec List_Priv
exit
aaa authorization console
line vty 0 4
authorization exec List_Priv

設定 Accounting

line console 0
accounting exec List_Acc
accounting commands 5 List_Comm_5
accounting commands 10 List_Comm_10
accounting commands 15 List_Comm_15
line vty 0 4
accounting exec List_Acc
accounting commands 5 List_Comm_5
accounting commands 10 List_Comm_10
accounting commands 15 List_Comm_15
do telnet 23.1.1.3
int e0/0
ip add 23.1.1.3 255.255.255.0
no shut
int e0/1
ip add 192.168.1.1 255.255.255.0
no shut