10 câu lệnh cần nhớ khi làm việc với Cisco IOS

Becoming proficient with the Cisco IOS means learning some essential commands. This quick reference describes 10 commands you'll need to rely on when handling various configuration and troubleshooting tasks. 

Editor's Note: This article was originally published on TechRepublic July 25, 2006. For your convenience, I'm republishing it in the blog to be part of the Cisco Routers and Switches archive. It is also available as a PDF download.

The Cisco IOS provides thousands of commands, and configuring it can be challenging. Here are 10 commands you need to know, inside and out, when using the Cisco IOS.

#1: The "?"

It may seem entirely too obvious that you should know how to type ? to ask for help when using the Cisco IOS. However, the Cisco IOS is completely different from other operating systems when it comes to using the question mark (help key). As the IOS is a command-line operating system with thousands of possible commands and parameters, using the ? can save your day.

You can use the command in many ways. First, use it when you don't know what command to type. For example, type ? at the command line for a list of all possible commands. You can also use ? when you don't know what a command's next parameter should be. For example, you might type show ip ? If the router requires no other parameters for the command, the router will offer CR as the only option. Finally, use ? to see all commands that start with a particular letter. For example, show c? will return a list of commands that start with the letter c.

#2: show running-configuration

The show running-config command shows the router, switch, or firewall's current configuration. The running-configuration is the config that is in the router's memory. You change this config when you make changes to the router. Keep in mind that config is not saved until you do a copy running-configuration startup-configuration. This command can be abbreviated sh run.

#3: copy running-configuration startup-configuration

This command will save the configuration that is currently being modified (in RAM), also known as the running-configuration, to the nonvolatile RAM (NVRAM). If the power is lost, the NVRAM will preserve this configuration. In other words, if you edit the router's configuration, don't use this command and reboot the router--those changes will be lost. This command can be abbreviated copy run start. The copy command can also be used to copy the running or startup configuration from the router to a TFTP server in case something happens to the router.

#4: show interface

The show interface command displays the status of the router's interfaces. Among other things, this output provides the following:

• Interface status (up/down)
• Protocol status on the interface
• Utilization
• Errors
• MTU

This command is essential for troubleshooting a router or switch. It can also be used by specifying a certain interface, like shint fa0/0.

#5: show ip interface

Even more popular than show interface are show ip interface and show ip interface brief. Theshow ip interface command provides tons of useful information about the configuration and status of the IP protocol and its services, on all interfaces. The show ip interface brief command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.

#6: config terminal, enable, interface, and router

Cisco routers have different modes where only certain things can be shown or certain things can be changed. Being able to move between these modes is critical to successfully configuring the router.

For example, when logging in, you start off at the user mode (where the prompt looks like >). From there, you type enable to move to privileged mode (where the prompt looks like #). In privileged mode, you can show anything but not make changes. Next, type config terminal (orconfig t) to go to global configuration mode (where the prompt looks like router(config)# ). From here, you can change global parameters. To change a parameter on an interface (like the IP address), go to interface configuration mode with the interface command (where the prompt looks like router(config-if)#). Also from the global configuration mode, you can go into router configuration using the router {protocol} command. To exit from a mode, type exit.

#7: no shutdown

The no shutdown command enables an interface (brings it up). This command must be used in interface configuration mode. It is useful for new interfaces and for troubleshooting. When you're having trouble with an interface, you may want to try a shut and no shut. Of course, to bring the interface down, reverse the command and just say shutdown. This command can be abbreviated no shut.

#8: show ip route

The show ip route command is used to show the router's routing table. This is the list of all networks that the router can reach, their metric (the router's preference for them), and how to get there. This command can be abbreviated shipro and can have parameters after it, likeshiproospf for all OSPF routers. To clear the routing table of all routes, you do clear ip route *. To clear it of just one route, do clear ip route 1.1.1.1 for clearing out that particular network.

#9: show version

The show version command gives you the router's configuration register (essentially, the router's firmware settings for booting up), the last time the router was booted, the version of the IOS, the name of the IOS file, the model of the router, and the router's amount of RAM and Flash. This command can be abbreviated shver.

#10: debug

The debug command has many options and does not work by itself. It provides detailed debugging output on a certain application, protocol, or service. For example, debug ip route will tell you every time a router is added to or removed from the router.

Source: TechRepublic http://www.techrepublic.com/blog/data-center/10-commands-you-should-master-when-working-with-the-cisco-ios-104071/

Semester 2 - Openlab full - CCNA 2014

Note: Internet Zone and all Servers are configured completely. All PCs are configured service, but not have IP address. Address for routers are configured, except sub-interface of R1,R2, and SITE2.Core2-intervlan.
1.      Access, Trunking













2.   VTP

3.      Vlan, IP address for Vlan

4.      Routing and Inter-vlan routing
-          Inter-vlan Routing:
On SITE1 :
·          SITE1.R1 , SITE1.R2: config router on a stick, create sub-interface (example : G0/0.X with X as vlan-id). SITE1.R1 creat 2 sub for VLAN 10,20; SITE1.R2 create 3 sub-interface for vlan 30,40,50. The 4th octet for sub-interface is: SITE1 +1; SITE2 +2.

On SITE2
Core2.SITE2 : using SVI for vlan 11,22,33. The 4th octet for interface is 1
-          Routing for IPv4:
On SITE1 : Enable OSPFv2 on GATE,R1,R2. Configure default route on GATE to internet using ip nexthop and propagate the default route in OSPF domain (process-id = 1, area = 0)
On SITE2 : Enable OSPFv2 on SITE2.GATE and Core2 (process-id = 1, area = 0). Configure default route on GATE to internet using ip nexthop and propagate the default route in OSPF domain. Enable RIPv2 on Core2 and SITE2.Building2 router. Redistribute between RIP and OSPF domain.
Using metric :
Into RIP : Metric =2
Into OSPF : Metric = 200, metric-type = 1

-          Routing for IPv6:
·          Enable RIPng on SITE1.GATE, SITE1-R2 using name SITE1-RIPng. Configure a default route on GATE using ip next-hop and propagate this route into RIPng domain

NOTE: using ‘show” commands to see IPv4 and IPv6 address had assigned for routers.



5.      DHCP, NAT, management switches
-          DHCP:

On SITE1.R2 : configure stateless DHCPv6 (option2), advertise only DNS server’s IP address (2000:1609::8) for vlan 50, with pool name as IPv6STATELESS.

-          NAT:
On SITE1 :Configure access-list name SITE1NAT-ACL in router Gate to permit all user (10.1.0.0/16) can connect toward the Internet, using public IP address of interface G0/2.
Configure static NAT to public Web server (10.1.100.253 – 200.1.1.3) and Mail server (10.1.100.254 – 200.1.1.4).

On SITE2 : Configure access-list name SITE2-NATOVERLOAD in router Gate to permit all user (10.2.0.0/16 and 172.16.0.0/16) can connect toward the Internet, using public IP address of interface G0/0.
-          SECURITY : On SITE1.R2-G0/2

-          Configure IPv4 name ACL : SERVICE-ALLOW permit web, email (SMTP and POP), Remote Desktop (TCP 3389) request traffic to network 10.1.100.0/24.

-          Configure IPv6 name ACL : SERVICE-ALLOW-IPv6 permit web, email (SMTP and POP), Remote Desktop (TCP 3389) request traffic to network 2014:100::/64

-           

-          Send mail from Student_PC to Ins_PC, and vice versa, and check the result.

________________________________________________________________
hostname Access1.SITE1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 20
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Acces2.SITE1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 40
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 50
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end

________________________________________________________________
hostname Core1.SITE1
!
spanning-tree mode pvst
spanning-tree vlan 1 priority 24576
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface GigabitEthernet1/1
 switchport mode trunk
!
interface GigabitEthernet1/2
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname SITE1.GATE
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524H60R
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.13.2 255.255.255.252
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.1.23.2 255.255.255.252
 ip nat inside
 duplex auto
 speed auto
 ipv6 address 2014:23::1/64
 ipv6 rip SITE1-RIPng enable
 ipv6 rip SITE1-RIPng default-information originate
!
interface GigabitEthernet0/2
 ip address 200.1.1.2 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
 ipv6 address 2014:1::2/64
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.13.0 0.0.0.255 area 0
 network 10.1.23.0 0.0.0.255 area 0
 default-information originate
!
ipv6 router rip SITE1-RIPng
!
ip nat inside source list SITE1NAT-ACL interface GigabitEthernet0/2 overload
ip nat inside source static 10.1.100.253 200.1.1.3
ip nat inside source static 10.1.100.254 200.1.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2
!
ipv6 route ::/0 2014:1::1
!
ip access-list standard SITE1NAT-ACL
 permit 10.1.0.0 0.0.255.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE1.R1
!
license udi pid CISCO2911/K9 sn FTX1524V34Y
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.13.1 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.1.200.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.10
 encapsulation dot1Q 10
 ip address 10.1.10.1 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/2.20
 encapsulation dot1Q 20
 ip address 10.1.20.1 255.255.255.0
 ip helper-address 10.1.200.10
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.13.0 0.0.0.255 area 0
 network 10.1.10.0 0.0.0.255 area 0
 network 10.1.20.0 0.0.0.255 area 0
 network 10.1.200.0 0.0.0.255 area 0
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE1.R2
!
ipv6 unicast-routing
!
!
ipv6 dhcp pool IPv6STATELESS
 dns-server 2009:1609::8
 domain-name bkacad.com
!
license udi pid CISCO2911/K9 sn FTX1524TYQ0
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.1.30.2 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 10.1.40.2 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 no ip address
 ipv6 address 2014:50::2/64
 ipv6 rip SITE1-RIPng enable
 ipv6 dhcp server IPv6STATELESS
!
interface GigabitEthernet0/1
 ip address 10.1.23.1 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2014:23::2/64
 ipv6 rip SITE1-RIPng enable
!
interface GigabitEthernet0/2
 ip address 10.1.100.2 255.255.255.0
 ip access-group SERVICE-ALLOW out
 ipv6 traffic-filter SERVICE-ALLOW-IPv6 out
 duplex auto
 speed auto
 ipv6 address 2014:100::2/64
 ipv6 rip SITE1-RIPng enable
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.23.0 0.0.0.255 area 0
 network 10.1.30.0 0.0.0.255 area 0
 network 10.1.40.0 0.0.0.255 area 0
 network 10.1.100.0 0.0.0.255 area 0
!
ipv6 router rip SITE1-RIPng
!
ip classless
!
ip access-list extended SERVICE-ALLOW
 permit tcp any 10.1.100.0 0.0.0.255 eq www
 permit tcp any 10.1.100.0 0.0.0.255 eq smtp
 permit tcp any 10.1.100.0 0.0.0.255 eq pop3
 permit tcp any 10.1.100.0 0.0.0.255 eq 3389
ipv6 access-list SERVICE-ALLOW-IPv6
 permit tcp any 2014:100::/64 eq www
 permit tcp any 2014:100::/64 eq smtp
 permit tcp any 2014:100::/64 eq pop3
 permit tcp any 2014:100::/64 eq 3389
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Access2.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 11
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Access3.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 22
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname SITE2.Building2
!
license udi pid CISCO2911/K9 sn FTX1524GF50
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 172.16.33.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 172.16.44.2 255.255.255.0
 ip helper-address 172.16.33.1
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 version 2
 network 172.16.0.0
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Core2.SITE2
!
ip dhcp excluded-address 10.2.11.1 10.2.11.19
ip dhcp excluded-address 10.2.11.220 10.2.11.254
ip dhcp excluded-address 10.2.22.1 10.2.22.19
ip dhcp excluded-address 10.2.22.220 10.2.22.254
ip dhcp excluded-address 172.16.44.1 172.16.44.19
ip dhcp excluded-address 172.16.44.220 172.16.44.254
!
ip dhcp pool INS
 network 10.2.11.0 255.255.255.0
 default-router 10.2.11.1
 dns-server 209.16.9.8
ip dhcp pool STUDENT
 network 10.2.22.0 255.255.255.0
 default-router 10.2.22.1
 dns-server 209.16.9.8
ip dhcp pool SALE
 network 172.16.44.0 255.255.255.0
 default-router 172.16.44.2
 dns-server 209.16.9.8
ip routing
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/1
 no switchport
 ip address 10.2.99.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.2.11.1 255.255.255.0
!
interface Vlan22
 ip address 10.2.22.1 255.255.255.0
!
interface Vlan33
 ip address 172.16.33.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 redistribute rip metric 200 metric-type 1 subnets
 network 10.2.11.0 0.0.0.255 area 0
 network 10.2.22.0 0.0.0.255 area 0
 network 10.2.99.0 0.0.0.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 2
 network 172.16.0.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE2.GATE
!
license udi pid CISCO2911/K9 sn FTX15245B42
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 200.2.2.2 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.2.99.2 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.2.99.0 0.0.0.255 area 0
 default-information originate
!
ip nat inside source list SITE2-NATOVERLOAD interface GigabitEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.2.2.1
!
ip access-list standard SITE2-NATOVERLOAD
 permit 10.2.0.0 0.0.255.255
 permit 172.16.0.0 0.0.255.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Access1.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 33
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Access2.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 11
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end

________________________________________________________________
hostname Access3.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 22
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________

LabS4-CHAP-ACL-NAT-DHCP

LAB4-CHAP-ACL-NAT-DHCP
Task 1 : Basic configuration
+ Configure VLAN and Inter-VLAN routing : vlan 10, 20, 30, 40.
+ On R1, configure the default route to Internet
+ DHCP : start ip : + 10; maximum users : 100. Assign ip address for host of vlan 10,20,30. Pool name : VLAN10,VLAN20,VLAN30. Enable DHCP relay agent.
Task 2 :  CHAP
Configure CHAP 1-way, BKACADGATE send user Internet pass cisco@123 to ISP (Internet).
Task 3 : NAT
+ Static NAT : The map of Inside local and Inside Global address as the following:
155.55.40.3-203.18.1.3
155.55.40.4-203.18.1.4
+ NAT overload : configure NAT overload to all user in VLAN 10,20,30 can access to the Internet. Using acl 10.
Task 4 : ACL
+ Create extended name acls “IN-TO-OUT” on BKACADGATE router to implement the policy :
Permit ICMP, WEB, MAIL, DNS request traffic from vlan 10,20,30 to Internet.
Permit WEB, MAIL respond traffic from web, mail servers to all client.
Apply  this ACL on BKACADGATE-s0/0/0 out.
+ Create standard number ACL 20 to allow only users in Vlan 10 can telnet to BKACADGATE router. Apply this acl on line vty 0 4.
Note : The packets is going from the inside network to the outside network on BKACADGATE will be processed by NAT rules before ACLs check.
_________________________________________________________________________________

hostname BKACADGATE
!
enable password cisco
!
username Internet password 0 cisco@123
username admin password 0 cisco
!
spanning-tree mode pvst
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 155.55.10.1 255.255.255.0
 ip helper-address 155.55.40.2
 ip nat inside
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 155.55.20.1 255.255.255.0
 ip helper-address 155.55.40.2
 ip nat inside
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 155.55.30.1 255.255.255.0
 ip helper-address 155.55.40.2
 ip nat inside
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 155.55.40.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 203.18.1.1 255.255.255.248
 encapsulation ppp
 ip access-group IN-TO-OUT out
 ip nat outside
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source list 10 interface Serial0/0/0 overload
ip nat inside source static 155.55.40.3 203.18.1.3
ip nat inside source static 155.55.40.4 203.18.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
access-list 10 permit 155.55.10.0 0.0.0.255
access-list 10 permit 155.55.20.0 0.0.0.255
access-list 10 permit 155.55.30.0 0.0.0.255
ip access-list extended IN-TO-OUT
 permit icmp host 203.18.1.1 any echo
 permit tcp host 203.18.1.1 any eq www
 permit tcp host 203.18.1.1 any eq smtp
 permit tcp host 203.18.1.1 any eq pop3
 permit udp host 203.18.1.1 any eq domain
 permit tcp host 203.18.1.3 eq www any
 permit tcp host 203.18.1.4 eq smtp any
 permit tcp host 203.18.1.4 eq pop3 any
access-list 20 permit 155.55.10.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 20 in
 login local
!
end

_________________________________________________________________________________
hostname Internet
!
username BKACADGATE password 0 cisco@123
!
spanning-tree mode pvst
!
interface FastEthernet0/0
 ip address 8.8.8.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 200.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 203.18.1.2 255.255.255.248
 encapsulation ppp
 ppp authentication chap
 clock rate 64000
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
_________________________________________________________________________________
hostname SW1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 30
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 40
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
!
end


_________________________________________________________________________________
hostname Switch
!
spanning-tree mode pvst
!
interface Vlan1
 no ip address
 shutdown
!
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
!
end
_________________________________________________________________________________