Page 1
ACL : Access control List
Les listes de contrôle d’accès
C’est un ensemble de conditions séquentielles
Condition 1 Condition 2 Condition n
Définition de l’ACL au niveau du routeur
Affectation de l’ACL à une interface IN ou OUT.
Il y a toujours un jugement soit un refus DENY ou une autorisation PERMIT
Il y a des ACL standards et d’autres étendues.
ACL standards (1-99) :
Test : @ IP d’origine Position : le plus proche de la destination
ACL étendue (100-199) :
Test : @ IP d’origine, @ IP de destination… Position : le plus proche de la source
Routeur (conf)# acces-list 1 permit ou deny
Interf fa0/0
(Config-if )#ip acces-group 1 in/out
Remarque:
De la condition la plus précise à la condition la plus générale.
0.0.0.255 -> masque générique = ! Masque réseau
// pour permettre la connexion a tout le monde
ACL 2 PERMIT 0.0.0.0 255.255.255.255
ACL 2 DENY 172.16.1.1 0.0.0.0 // refuser l’accès a l’adresse IP
ACL 2 DENY HOST 172.16.1.1 // pour spécifier que c’est une machine et non pas un réseau
ACL 2 PERMIT ANY ANY
Page 2
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostna
Router(config)#hostname rabat
rabat(config)#ser
rabat(config)#service pas
rabat(config)#enable secret
rabat(config)#enable secret cisco
rabat(config)#
rabat(config)#line con 0
rabat(config-line)#p
rabat(config-line)#pas
rabat(config-line)#password cisco
rabat(config-line)#login
rabat(config-line)#exit
rabat(config)#line vty 0 4
rabat(config-line)#p
rabat(config-line)#pass
rabat(config-line)#password cisco
rabat(config-line)#
rabat(config-line)#login
rabat(config-line)#exit
rabat(config)#ser
rabat(config)#service pass
rabat(config)#service password-encryption
rabat(config)#enable sec
Page 3
rabat(config)#enable secret cisco
rabat(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
rabat#exit
rabat con0 is now available
Press RETURN to get started.
User Access Verification
Password:
rabat>enable
Password:
rabat#conf t
Enter configuration commands, one per line. End with CNTL/Z.
rabat(config)#enterf
rabat(config)#conf t
%Invalid hex value
rabat(config)#interfa
rabat(config)#interface f0/0
rabat(config-if)#ip add
rabat(config-if)#ip address 192.168.14.1 255.255.255.0
rabat(config-if)#no sh
rabat(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
rabat(config-if)#exit
Page 4
rabat(config)#inter
rabat(config)#interface s2/0
rabat(config-if)#ip
rabat(config-if)#ip add
rabat(config-if)#ip address 192.168.100.1 255.255.255.252
rabat(config-if)#clo
rabat(config-if)#clock ra
rabat(config-if)#clock rate 128000
rabat(config-if)#no sh
rabat(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial2/0, changed state to down
rabat(config-if)#ip dhcp poo
rabat(config-if)#exit
rabat(config)#ip
rabat(config)#ip dh
rabat(config)#ip dhcp p
rabat(config)#ip dhcp pool lan1
rabat(dhcp-config)#netw
rabat(dhcp-config)#network 192.168.14.0 255.255.255.0
rabat(dhcp-config)#default
rabat(dhcp-config)#default-router 192.168.14.1
rabat(dhcp-config)#end
%SYS-5-CONFIG_I: Configured from console by console
rabat#wr
Destination filename [startup-config]?
Building configuration...
Page 5
[OK]
casa(config)#router rip
casa(config-router)#ver
casa(config-router)#version 2
casa(config-router)#networ
casa(config-router)#network 192.168.15.0
casa(config-router)#network 192.168.100.0
casa(config-router)#?
auto-summary Enter Address Family command mode
default-information Control distribution of default information
distance Define an administrative distance
exit Exit from routing protocol configuration mode
network Enable routing on an IP network
no Negate a command or set its defaults
passive-interface Suppress routing updates on an interface
timers Adjust routing timers
version Set routing protocol version
casa(config-router)#au
casa(config-router)#auto-summary
casa(config-router)#pas
casa(config-router)#passive-interface f0/0
casa(config-router)#end
%SYS-5-CONFIG_I: Configured from console by console
casa#wr
Destination filename [startup-config]?
Building configuration...
Page 6
[OK]
casa#conf t
Enter configuration commands, one per line. End with CNTL/Z.
casa(config)#acc
casa(config)#access-list 20 de
casa(config)#access-list 20 deny ho
casa(config)#access-list 20 deny host 192.168.14.2
casa(config)#access-list 20 permit any
casa(config)#inter
casa(config)#interface f0/0
casa(config-if)#ip acc
casa(config-if)#ip access-group 20 ou
casa(config-if)#ip access-group 20 out
casa(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
casa#wr
Destination filename [startup-config]?
Building configuration...
[OK]
casa#
casa#conf t
Enter configuration commands, one per line. End with CNTL/Z.
casa(config)#acc
casa(config)#access-list 20 de
casa(config)#access-list 20 deny ho
casa(config)#access-list 20 deny host 192.168.14.2
casa(config)#access-list 20 permit any
Page 7
casa(config)#inter
casa(config)#interface f0/0
casa(config-if)#ip acc
casa(config-if)#ip access-group 20 ou
casa(config-if)#ip access-group 20 out
casa(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
casa#wr
Destination filename [startup-config]?
Building configuration...
[OK]
casa#
// pour éliminer l’accès liste
bat#conf t
Enter configuration commands, one per line. End with CNTL/Z.
rabat(config)#no acc
rabat(config)#inte
rabat(config)#interface f0/0
rabat(config-if)#no a
rabat(config-if)#no acc
rabat(config-if)#no acc
rabat(config-if)#no acce
rabat(config-if)#no ip ac
rabat(config-if)#no ip access-group 30 out
rabat(config-if)#no ip access-group 30 out
rabat(config-if)#no acc
Page 8
rabat(config-if)#exit
rabat(config)#no a
rabat(config)#no access-list 30
rabat(config)#end
%SYS-5-CONFIG_I: Configured from console by console
rabat#wr
Destination filename [startup-config]?
Building configuration...
[OK]
rabat#
// ACL 40 qui autorise le trafic venant uniquement des machines ayant une @IP paire
2 :0000 0010
3 :0000 0011
4 :0000 0100
192.168.14.0
0.0.0.254
casa# conf t
casa(config)#access-list 40 permit 192.168.14.0 0.0.0.254
casa(config)#end
casa#wr
casa#conf t
casa(config)#interface f0/0
casa(config-if)#ip access-group 40 out
casa(config-if)#end
casa#wr
// ACL 50 qui autorise le trafic venant uniquement des machines ayant une @IP impaire
Page 9
casa#conf t
casa(config)#access-list 50 permit 192.168.14.1 0.0.0.254
casa(config)#inter f0/0
casa(config-if)#ip acc
casa(config-if)#ip access-group 50 out
casa(config-if)#end
// ACL qui autorise la connexion des paires avec les impaires et refuse la connexion des mêmes types (étendue)
Acces –list 114 permit tcp 192.168.14.0 0.0.0.254 192.168.15.1 0.0.0.254
Acces –list 114 permit tcp 192.168.14.1 0.0.0.254 192.168.15.0 0.0.0.254
casa(config)#no access-list 40
casa(config)#exit
casa#wr
casa#conf t
casa(config)#access-list 114 permit tcp 192.168.15.0 0.0.0.254 192.168.14.1 0.0.0.25
casa(config)#access-list 114 permit tcp 192.168.15.1 0.0.0.254 192.168.14.0 0.0.0.25
casa(config)#inter f0/0
casa(config-if)#ip access-group 114 in
casa(config-if)#end
casa#wr
// ACL qui autorise la connexion des hosts du département formation au serveur formation seulement et les hosts du département commercial au serveur commercial
rabat(config)#access-list 120 d
rabat(config)#access-list 120 deny ip 192.168.14.0 0.0.0.255 host 192.168.16.3
rabat(config)#access-list 120 permit ip any any
rabat(config)#interf f0/0
rabat(config-if)#ip
Page 10
rabat(config-if)#ip acc
rabat(config-if)#ip access-group 120 in
rabat(config-if)#end
rabat#wr
// ACL nommée
agadir(config)#ip access-list ex
agadir(config)#ip access-list extended server
agadir(config-ext-nacl)#deny ip host 192.168.16.2 192.168.15.0 0.0.0.255
agadir(config-ext-nacl)#deny ip host 192.168.16.3 192.168.14.0 0.0.0.255
agadir(config-ext-nacl)#permit ip any any
agadir(config-ext-nacl)#exit
agadir(config)#interf f0/0
agadir(config-if)#ip a
agadir(config-if)#ip acc
agadir(config-if)#ip access-group server
% Incomplete command.
agadir(config-if)#ip access-group server in
agadir(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
agadir#wr
Switching
Interface vlan1 est une interface de gestion
//créer des vlan
Et leur atrribuer les interfaces suivantes :
Vlan 10 : fa0/1, fa0/2, fa0/3
Page 11
Vlan 20 : fa0/4, fa0/5, fa0/6
Vlan 30 : fa0/7, fa0/8, fa0/9
Switch>hos
Switch>enable
Switch>enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname sw_a
sw_a(config)#enable secret cisco
sw_a(config)#line con 0
sw_a(config-line)#pas
sw_a(config-line)#password cisco
sw_a(config-line)#login
sw_a(config-line)#exit
sw_a(config)#line vty O 4
^
% Invalid input detected at '^' marker.
sw_a(config)#line vty O 15
^
% Invalid input detected at '^' marker.
sw_a(config)#line?
line
sw_a(config)#line vty?
vty
Page 12
sw_a(config)#line vty 0 15
sw_a(config-line)#pas
sw_a(config-line)#password cisco
sw_a(config-line)#login
sw_a(config-line)#exit
sw_a(config)#se
sw_a(config)#service pass
sw_a(config)#service password-encryption
sw_a(config)#ip
sw_a(config)#ip add
sw_a(config)#?
Configure commands:
banner Define a login banner
boot Boot Commands
cdp Global CDP configuration subcommands
clock Configure time-of-day clock
enable Modify enable password parameters
end Exit from configure mode
exit Exit from configure mode
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration subcommands
line Configure a terminal line
mac-address-table Configure the MAC address table
no Negate a command or set its defaults
service Modify use of network based services
spanning-tree Spanning Tree Subsystem
Page 13
vlan Vlan commands
vtp Configure global VTP state
sw_a(config)#vlan
sw_a(config)#in
sw_a(config)#interface ?
Ethernet IEEE 802.3
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Vlan Catalyst Vlans
sw_a(config)#interface vl
sw_a(config)#interface vlan1
sw_a(config-if)#ip add
sw_a(config-if)#ip address 192.168.1.1 255.255.255.0
sw_a(config-if)#no
sw_a(config-if)#no sh
sw_a(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
sw_a(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Destination filename [startup-config]?
Building configuration...
[OK]
sw_a#
Page 14
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
sw_a#
sw_a#
sw_a#show ru
sw_a#show running-config
Building configuration...
Current configuration : 1002 bytes
!
version 12.1
service password-encryption
!
hostname sw_a
!
enable secret 5 $1$13Vp$bAX2FK3JRWJhJ7wz.IET//
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
Page 15
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
Page 16
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
line con 0
password 7 104D000A0618
login
!
line vty 0 4
password 7 104D000A0618
login
line vty 5 15
password 7 104D000A0618
login
Page 17
!
!
end
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#line vty 0 15
sw_a(config-line)#pass
sw_a(config-line)#password cisco
sw_a(config-line)#login
sw_a(config-line)#end
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Destination filename [startup-config]?
Building configuration...
[OK]
sw_a#
sw_a#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
sw_a#exit
Page 18
sw_a con0 is now available
Press RETURN to get started.
Page 19
User Access Verification
Password:
% Password: timeout expired!
Password:
sw_a>cisco
Translating "cisco"...domain server (255.255.255.255) % Name lookup aborted
sw_a>enable
Password:
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#
%SYS-5-CONFIG_I: Configured from console by console
sw_a#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down
Page 20
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up
sw_a#show vl
sw_a#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
Page 21
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
sw_a#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Page 22
sw_a(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
sw_a#show ?
arp Arp table
cdp CDP information
clock Display the system clock
dtp DTP information
flash: display information about flash: file system
history Display the session command history
hosts IP domain-name, lookup style, nameservers, and host table
interfaces Interface status and configuration
ip IP information
mac-address-table MAC forwarding table
port-security Show secure port information
running-config Current operating configuration
sessions Information about Telnet connections
spanning-tree Spanning Tree Topology
startup-config Contents of startup configuration
tcp Status of TCP connections
users Display information about terminal lines
version System hardware and software status
vlan VTP VLAN status
vtp VTP information
sw_a#show flash
Directory of flash:/
Page 23
1 -rw- 3058048 <no date> c2950-i6q4l2-mz.121-22.EA4.bin
32514048 bytes total (29456000 bytes free)
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#vlan 10
sw_a(config-vlan)#vlan 20
sw_a(config-vlan)#vlan 30
sw_a(config-vlan)#end
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Destination filename [startup-config]?
Building configuration...
[OK]
sw_a#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
Page 24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#vlan 10
sw_a(config-vlan)#?
VLAN configuration commands:
exit Apply changes, bump revision number, and exit mode
name Ascii name of the VLAN
no Negate a command or set its defaults
sw_a(config-vlan)#name formation
sw_a(config-vlan)#vlan 20
sw_a(config-vlan)#name commercial
sw_a(config-vlan)#vlan 30
sw_a(config-vlan)#name production
sw_a(config-vlan)#exit
sw_a(config)#sh
sw_a(config)#show
sw_a(config)#showexit
^
% Invalid input detected at '^' marker.
sw_a(config)#end
%SYS-5-CONFIG_I: Configured from console by console
Page 25
sw_a#show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 formation active
20 commercial active
30 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#interface f0/1
sw_a(config-if)#?
cdp Global CDP configuration subcommands
description Interface specific description
duplex Configure duplex operation.
exit Exit from interface configuration mode
mac-address Manually set interface MAC address
no Negate a command or set its defaults
Page 26
shutdown Shutdown the selected interface
speed Configure speed operation.
switchport Set switching mode characteristics
sw_a(config-if)#sw
sw_a(config-if)#switchport mo
sw_a(config-if)#switchport mode acce
sw_a(config-if)#switchport mode access
sw_a(config-if)#SW
sw_a(config-if)#SWitchport ac
sw_a(config-if)#SWitchport access v
sw_a(config-if)#SWitchport access vlan 10
sw_a(config-if)#interf f0/2
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan
% Incomplete command.
sw_a(config-if)#switchport access vlan 10
sw_a(config-if)#interf f0/3
sw_a(config-if)#siwtchport mode access
^
% Invalid input detected at '^' marker.
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 10
sw_a(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Page 27
Destination filename [startup-config]?
Building configuration...
[OK]
sw_a#show vlan br
sw_a#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active
30 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#vl
sw_a(config)#vlan 20
sw_a(config-vlan)#interf f0/4
sw_a(config-if)#switchport mode access
Page 28
sw_a(config-if)#switchport access vlan 20
sw_a(config-if)#interf f0/5
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 20
sw_a(config-if)#interf f0/6
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 20
sw_a(config-if)#exit
sw_a(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Destination filename [startup-config]?
Building configuration...
[OK]
sw_a#show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active
1002 fddi-default active
Page 29
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#vlan 30
sw_a(config-vlan)#interf f0/5
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport mode vlan 30
^
% Invalid input detected at '^' marker.
sw_a(config-if)#switchport access vlan 30
sw_a(config-if)#vlan 20
sw_a(config-vlan)#interf f0/5
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 20
sw_a(config-if)#exit
%SYS-5-CONFIG_I: Configured from console by console
sw_a#show vlan br
sw_a#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Page 30
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw_a#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw_a(config)#vlan 30
sw_a(config-vlan)#interf f0/7
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 30
sw_a(config-if)#interf f0/8
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 30
sw_a(config-if)#interf f0/8
sw_a(config-if)#interf f0/9
sw_a(config-if)#switchport mode access
sw_a(config-if)#switchport access vlan 30
sw_a(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
sw_a#wr
Destination filename [startup-config]?
Building configuration...
Page 31
[OK]
sw_a#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
10 formation active Fa0/1, Fa0/2, Fa0/3
20 commercial active Fa0/4, Fa0/5, Fa0/6
30 production active Fa0/7, Fa0/8, Fa0/9
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active