20201230 cisco STP

課堂資料

STP 生成樹協定 - Jan Ho 的網絡世界Jan Ho 的網絡世界

EtherChannel PAgP LACP 以太通道 - Jan Ho 的網絡世界Jan Ho 的網絡世界

AAA 認證授權與計費 - Jan Ho 的網絡世界Jan Ho 的網絡世界

ubuntu tacacs+ 服務器安裝啓動 - 台部落

527KB

SpanningTree.pdf

pdf

FDB

Spanning Tree Steps

• Find the Root Bridge

  • 最小：priority ( 可手動設定，預設值為32768 + Vlan ID) + MAC address

• Find the Root Port

• Find the Designated Port ( D Port )

AAA Tacacs

課堂練習

STP

sw1

do sh spanning-tree

sw2

do sh spanning-tree

sw3

do sh spanning-tree

VPC4

ip 192.168.1.1 255.255.255.0

ping 192.168.1.2

VPC5

ip 192.168.1.2 255.255.255.0

ping 192.168.1.1

Ether Channel

sw6

int range e0/0 - 1

channel-group 1 mode on

do sh etherchannel summary

do sh spanning-tree

sw7

int range e0/0 - 1

shut

channel-group 1 mode on

no shut

do sh etherchannel summary

do sh spanning-tree

AAA Tacacs

Part 01.

Linux

wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz

tar zxvf tacacs-F4.0.4.28.tar.gz

cd tacacs-F4.0.4.28

./configure

apt install bison

apt install bison --fix-missing

apt install libwrap0-dev

./configure

make install 

gedit /etc/ld.so.conf

ld.so.conf

include /etc/ld.so.conf.d/*.conf
/usr/lib

Part 02.

Linux

ip addr add 192.168.1.2/24 brd + dev eth0

ping 192.168.1.1

新增 user

useradd anida

passwd anida

安裝 tac plus

./tac_pwd

gedit tac_plus.conf

tac_plus.conf

key = ccie

accounting file = /var/log/tac.acct

user = user {
    member = user5
    login = des aerYSwBGbhIlo
}
group = user5 {
    service = exec {
        priv-lvl = 5
    }
}

執行 tacacs+ server

./tac_plus -C ./tac_plus.conf -G

R2

int e0/0

ip add 23.1.1.2 255.255.255.0

no shut

exit

啟動 AAA New-Model

aaa new-model

設定 TACACS+ 資料

tacacs server TACACS-SERVER

add ipv4 192.168.1.2

key ccie

exit

設定 Authentication

aaa authentication login List_Login group tacacs+ local

line console 0 

login authentication List_Login

line vty 0 4

login authentication List_Login

aaa authentication enable default group tacacs+ enable

設定 Authorization

aaa authorization exec List_Priv group tacacs+ local

line console 0 

authorization exec List_Priv

exit

aaa authorization console

line vty 0 4

authorization exec List_Priv

設定 Accounting

line console 0 

accounting exec List_Acc

accounting commands 5 List_Comm_5

accounting commands 10 List_Comm_10

accounting commands 15 List_Comm_15

line vty 0 4

accounting exec List_Acc

accounting commands 5 List_Comm_5

accounting commands 10 List_Comm_10

accounting commands 15 List_Comm_15

do telnet 23.1.1.3

R3

int e0/0

ip add 23.1.1.3 255.255.255.0

no shut

int e0/1

ip add 192.168.1.1 255.255.255.0

no shut