• 核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合等

    #
    !Software Version V200R001C00SPC300
    sysname IT_ServerRoom  #交换机名称#
    #
    vlan batch 10 20 30 40 50 60 70 80 90 99 to 100  #设置Vlan#
    vlan batch 110
    #
    lacp priority 100  #链路聚合优先级设定#
    #
    undo http server enable 
    #
    undo nap slave enable
    #
    dhcp enable #打开DHCP功能#
    #
    acl number 3001  #配置ACL访控#
    rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#
    rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389
    rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389
    rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
    rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
    rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
    rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet 
    rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet
    rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
    rule 100 deny tcp destination-port eq 3389  #关闭远程协助端口#
    rule 105 deny tcp destination-port eq telnet  #关闭Telnet端口#
    #
    ip pool 1   #设置IP地址池#
    gateway-list 192.168.11.254   #设置网关#
    network 192.168.11.0 mask 255.255.255.0   #子网掩码及IP区段#
    excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#
    lease day 10 hour 0 minute 0    #IP地址有效时间#
    dns-list 192.168.11.2 192.168.11.5   #DNS配置#
    #
    ip pool 2
    gateway-list 192.168.21.254
    network 192.168.21.0 mask 255.255.255.0
    excluded-ip-address 192.168.21.1 192.168.21.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 3
    gateway-list 192.168.31.254
    network 192.168.31.0 mask 255.255.255.0
    excluded-ip-address 192.168.31.1 192.168.31.60
    lease day 10 hour 0 minute 0             
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 4
    gateway-list 192.168.41.254
    network 192.168.41.0 mask 255.255.255.0
    excluded-ip-address 192.168.41.1 192.168.41.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 5
    gateway-list 192.168.51.254
    network 192.168.51.0 mask 255.255.255.0
    excluded-ip-address 192.168.51.1 192.168.51.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 6
    gateway-list 192.168.61.254
    network 192.168.61.0 mask 255.255.255.0
    excluded-ip-address 192.168.61.1 192.168.61.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 7                                 
    gateway-list 192.168.71.254
    network 192.168.71.0 mask 255.255.255.0
    excluded-ip-address 192.168.71.1 192.168.71.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 8
    gateway-list 192.168.81.254
    network 192.168.81.0 mask 255.255.255.0
    excluded-ip-address 192.168.81.1 192.168.81.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 9
    gateway-list 192.168.91.254
    network 192.168.91.0 mask 255.255.255.0
    excluded-ip-address 192.168.91.1 192.168.91.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 10
    gateway-list 192.168.101.254
    network 192.168.101.0 mask 255.255.255.0
    excluded-ip-address 192.168.101.1 192.168.101.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    ip pool 11
    gateway-list 192.168.111.254
    network 192.168.111.0 mask 255.255.255.0
    excluded-ip-address 192.168.111.1 192.168.111.60
    lease day 10 hour 0 minute 0
    dns-list 192.168.11.2 192.168.11.5
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password cipher %$%$O9hP7mbdf4Q#EvU4j#wX3ypg%$%$@!@$
    local-user admin service-type http       
    #
    interface Vlanif1
    ip address 192.168.66.254 255.255.255.0
    #
    interface Vlanif10  #实现Vlan间互访#
    ip address 192.168.11.254 255.255.255.0  
    dhcp select global
    #
    interface Vlanif20
    ip address 192.168.21.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif30
    ip address 192.168.31.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif40
    ip address 192.168.41.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif50
    ip address 192.168.51.254 255.255.255.0
    dhcp select global
    #                                         
    interface Vlanif60
    ip address 192.168.61.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif70
    ip address 192.168.71.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif80
    ip address 192.168.81.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif90
    ip address 192.168.91.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif99
    ip address 10.0.0.2 255.255.255.0
    #
    interface Vlanif100
    ip address 192.168.101.254 255.255.255.0
    dhcp select global
    #
    interface Vlanif110                       
    ip address 192.168.111.254 255.255.255.0
    dhcp select global
    #
    interface MEth0/0/1
    ip address 192.168.88.1 255.255.255.0
    #
    interface Eth-Trunk1   #链路聚合设置#
    port link-type trunk   #链路聚合后的模式#
    port trunk allow-pass vlan 2 to 4094  #允许通过的Vlan标签#
    mode lacp-static     #链路聚合模式#
    max active-linknumber 2   #最大在线端口#
    #
    interface GigabitEthernet0/0/1  #各端口配置#
    port link-type access
    port default vlan 10
    loopback-detect enable    #环路检测#
    #
    interface GigabitEthernet0/0/2
    port link-type access
    port default vlan 10
    loopback-detect enable
    #
    interface GigabitEthernet0/0/3
    port link-type access                    
    port default vlan 10
    loopback-detect enable
    #
    interface GigabitEthernet0/0/4
    port link-type access
    port default vlan 10
    loopback-detect enable
    #
    interface GigabitEthernet0/0/5
    port link-type access
    port default vlan 110
    #
    interface GigabitEthernet0/0/6
    port link-type access
    port default vlan 110
    loopback-detect enable
    #
    interface GigabitEthernet0/0/7
    port link-type access
    port default vlan 100
    loopback-detect enable
    #
    interface GigabitEthernet0/0/8
    port link-type access                    
    port default vlan 100
    loopback-detect enable
    #
    interface GigabitEthernet0/0/9
    port link-type access
    port default vlan 90
    loopback-detect enable
    #
    interface GigabitEthernet0/0/10
    port link-type access
    port default vlan 90
    loopback-detect enable
    #
    interface GigabitEthernet0/0/11
    port link-type access
    port default vlan 60
    loopback-detect enable
    #
    interface GigabitEthernet0/0/12
    port link-type access
    port default vlan 60
    loopback-detect enable
    #
    interface GigabitEthernet0/0/13           
    port link-type access
    port default vlan 70
    loopback-detect enable
    #
    interface GigabitEthernet0/0/14
    loopback-detect enable
    #
    interface GigabitEthernet0/0/15
    loopback-detect enable
    #
    interface GigabitEthernet0/0/16
    loopback-detect enable
    #
    interface GigabitEthernet0/0/17  #链路聚合端口配置1#
    eth-trunk 1
    lacp priority 100               #高优先级#
    #
    interface GigabitEthernet0/0/18   #链路聚合端口配置2#
    eth-trunk 1
    lacp priority 100
    #
    interface GigabitEthernet0/0/19   #链路聚合端口配置3#
    eth-trunk 1                      #备用链路,2用1备#
    #                                         
    interface GigabitEthernet0/0/20   
    loopback-detect enable
    #
    interface GigabitEthernet0/0/21
    port link-type trunk
    port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
    port trunk allow-pass vlan 110
    loopback-detect enable
    #
    interface GigabitEthernet0/0/22
    port link-type trunk
    port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
    port trunk allow-pass vlan 110
    loopback-detect enable
    #
    interface GigabitEthernet0/0/23  #连接防火墙配置#
    port link-type access
    port default vlan 99
    loopback-detect enable
    #
    interface GigabitEthernet0/0/24
    port link-type access
    port default vlan 99
    loopback-detect enable                   
    #
    interface NULL0
    #
    arp static 192.168.81.13 7427-ea35-eedf
    #
    ip route-static 0.0.0.0 0.0.0.0 10.0.0.1   #静态路由#
    ip route-static 192.168.10.0 255.255.255.0 192.168.71.1
    ip route-static 192.168.12.0 255.255.255.0 192.168.71.2
    ip route-static 192.168.118.0 255.255.255.0 192.168.111.1
    #
    traffic-filter inbound acl 3001  #全局启用ACL管控#
    #
    snmp-agent      #利用Cacti监控192.168.11.151,配置SNMP#
    snmp-agent local-engineid 800007DB037054F5DFC580
    snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJSJ%$%$
    snmp-agent sys-info version all
    snmp-agent group v3 public
    snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public
    #
    user-interface con 0    #console口密码#
    authentication-mode password
    set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.~)c#$!;K>.194{FaqXM&$F=8%$%$@#
    user-interface vty 0 4  #Telnet密码#
    authentication-mode password             
    user privilege level 3
    set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$#
    user-interface vty 16 20
    #
  • 相关阅读:
    .Net中获取打印机的相关信息
    如何在windows server 2008上配置NLB群集
    jvm分析内存泄露
    JVM调优
    线程池工作队列饱和策略
    线程池的处理流程:
    Java的Executor框架和线程池实现原理(转)
    线程池实现原理详解:
    futer.get()(如果任务没执行完将等待)
    sql注入
  • 原文地址:https://www.cnblogs.com/zhuimengle/p/5854526.html
Copyright © 2020-2023  润新知