Config Cisco Catalyst 9200

Switch ở L2 Theo mình con này như con trung gian từ 1 port chia ra 24 port thôi chỉ cần quan tâm 2 điều
Thứ first bạn chia Vlan của thiết bị
Thứ second bạn route (định tuyến cho nó)

enable
config terminal

hostname L3SW-WPW-002

vtp mode transparent

no ip domain lookup
ip domain name koa.local

ip ssh version 2
line vty 0 4
transport input ssh
login local
username admin password Koa@****

vlan 10
name OA-Server
exit

vlan 11
name Production-Server
exit

vlan 20
name OA-PC
exit

vlan 21
name Production-PC
exit

vlan 22
name Internal-Wifi
exit

vlan 23
name Producton-Wifi
exit

vlan 30
name CCTV
exit

vlan 40
name IP-Phone
exit

vlan 99
name Guest-Wifi
exit

vlan 100
name Network-Management
lldp run
exit

interface vlan100
ip address 10.20.100.231 255.255.255.0
exit

config terminal
interface GigabitEthernet1
description to WPW-NVR-001
switchport access vlan 30
switchport mode access
exit

interface GigabitEthernet2
description to CAM_WPW_001
switchport access vlan 30
switchport mode access
exit

interface GigabitEthernet3
description to CAM_AP_01
switchport access vlan 30
switchport mode access
exit

interface GigabitEthernet4
description to Production-PC_1
switchport access vlan 21
switchport mode access
exit

interface GigabitEthernet5
description to Production-PC_2
switchport access vlan 21
switchport mode access
exit

interface GigabitEthernet6
description to AP-WPW-001
switchport trunk native vlan 100
switchport trunk allowed vlan 20,21,22,23,40,99,100
switchport mode trunk
exit

interface GigabitEthernet7
description to AP-WPW-006
switchport trunk native vlan 100
switchport trunk allowed vlan 20,21,22,23,40,99,100
switchport mode trunk
exit

interface GigabitEthernet8
description to IPPhone-OCC
switchport access vlan 40
switchport mode access
exit

interface GigabitEthernet16
description to L2SW-WPW-001
switchport trunk allowed vlan 10,11,20-23,30,40,50,99,100 => cho phép vào các mạng này
switchport mode trunk
ip dhcp snooping trust => Để ngăn chặn các cuộc tấn công “man-in-the-middle
ex

interface GigabitEthernet9
description Spare
ex

interface GigabitEthernet10
description Spare
ex

interface GigabitEthernet11
description Spare
ex

interface GigabitEthernet12
description Spare
ex

interface GigabitEthernet13
description Spare
ex

interface GigabitEthernet14
description Spare
ex

interface GigabitEthernet15
description Spare
ex

control-plane
service-policy input system-cpp-policy

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.20.100.254

wr