首页 > 代码库 > 核心交换机配置Vlan划分、互访、ACL管控、链路聚合等

核心交换机配置Vlan划分、互访、ACL管控、链路聚合等

#

!Software Version V200R001C00SPC300

sysname IT_ServerRoom  #交换机名称#

#

vlan batch 10 20 30 40 50 60 70 80 90 99 to 100  #设置Vlan#

vlan batch 110

#

lacp priority 100  #链路聚合优先级设定#

#

undo http server enable 

#

undo nap slave enable

#

dhcp enable #打开DHCP功能#

#

acl number 3001  #配置ACL访控#

 rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#

 rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389

 rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389

 rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

 rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

 rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

 rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet 

 rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet

 rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

 rule 100 deny tcp destination-port eq 3389  #关闭远程协助端口#

 rule 105 deny tcp destination-port eq telnet  #关闭Telnet端口#

#

ip pool 1   #设置IP地址池#

 gateway-list 192.168.11.254   #设置网关#

 network 192.168.11.0 mask 255.255.255.0   #子网掩码及IP区段#

 excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#

 lease day 10 hour 0 minute 0    #IP地址有效时间#

 dns-list 192.168.11.2 192.168.11.5   #DNS配置#

#

ip pool 2

 gateway-list 192.168.21.254

 network 192.168.21.0 mask 255.255.255.0

 excluded-ip-address 192.168.21.1 192.168.21.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 3

 gateway-list 192.168.31.254

 network 192.168.31.0 mask 255.255.255.0

 excluded-ip-address 192.168.31.1 192.168.31.60

 lease day 10 hour 0 minute 0             

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 4

 gateway-list 192.168.41.254

 network 192.168.41.0 mask 255.255.255.0

 excluded-ip-address 192.168.41.1 192.168.41.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 5

 gateway-list 192.168.51.254

 network 192.168.51.0 mask 255.255.255.0

 excluded-ip-address 192.168.51.1 192.168.51.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 6

 gateway-list 192.168.61.254

 network 192.168.61.0 mask 255.255.255.0

 excluded-ip-address 192.168.61.1 192.168.61.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 7                                 

 gateway-list 192.168.71.254

 network 192.168.71.0 mask 255.255.255.0

 excluded-ip-address 192.168.71.1 192.168.71.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 8

 gateway-list 192.168.81.254

 network 192.168.81.0 mask 255.255.255.0

 excluded-ip-address 192.168.81.1 192.168.81.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 9

 gateway-list 192.168.91.254

 network 192.168.91.0 mask 255.255.255.0

 excluded-ip-address 192.168.91.1 192.168.91.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 10

 gateway-list 192.168.101.254

 network 192.168.101.0 mask 255.255.255.0

 excluded-ip-address 192.168.101.1 192.168.101.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 11

 gateway-list 192.168.111.254

 network 192.168.111.0 mask 255.255.255.0

 excluded-ip-address 192.168.111.1 192.168.111.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$

 local-user admin service-type http       

#

interface Vlanif1

 ip address 192.168.66.254 255.255.255.0

#

interface Vlanif10  #实现Vlan间互访#

 ip address 192.168.11.254 255.255.255.0  

 dhcp select global

#

interface Vlanif20

 ip address 192.168.21.254 255.255.255.0

 dhcp select global

#

interface Vlanif30

 ip address 192.168.31.254 255.255.255.0

 dhcp select global

#

interface Vlanif40

 ip address 192.168.41.254 255.255.255.0

 dhcp select global

#

interface Vlanif50

 ip address 192.168.51.254 255.255.255.0

 dhcp select global

#                                         

interface Vlanif60

 ip address 192.168.61.254 255.255.255.0

 dhcp select global

#

interface Vlanif70

 ip address 192.168.71.254 255.255.255.0

 dhcp select global

#

interface Vlanif80

 ip address 192.168.81.254 255.255.255.0

 dhcp select global

#

interface Vlanif90

 ip address 192.168.91.254 255.255.255.0

 dhcp select global

#

interface Vlanif99

 ip address 10.0.0.2 255.255.255.0

#

interface Vlanif100

 ip address 192.168.101.254 255.255.255.0

 dhcp select global

#

interface Vlanif110                       

 ip address 192.168.111.254 255.255.255.0

 dhcp select global

#

interface MEth0/0/1

 ip address 192.168.88.1 255.255.255.0

#

interface Eth-Trunk1   #链路聚合设置#

 port link-type trunk   #链路聚合后的模式#

 port trunk allow-pass vlan 2 to 4094  #允许通过的Vlan标签#

 mode lacp-static     #链路聚合模式#

 max active-linknumber 2   #最大在线端口#

#

interface GigabitEthernet0/0/1  #各端口配置#

 port link-type access

 port default vlan 10

 loopback-detect enable    #环路检测#

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 10

 loopback-detect enable

#

interface GigabitEthernet0/0/3

 port link-type access                    

 port default vlan 10

 loopback-detect enable

#

interface GigabitEthernet0/0/4

 port link-type access

 port default vlan 10

 loopback-detect enable

#

interface GigabitEthernet0/0/5

 port link-type access

 port default vlan 110

#

interface GigabitEthernet0/0/6

 port link-type access

 port default vlan 110

 loopback-detect enable

#

interface GigabitEthernet0/0/7

 port link-type access

 port default vlan 100

 loopback-detect enable

#

interface GigabitEthernet0/0/8

 port link-type access                    

 port default vlan 100

 loopback-detect enable

#

interface GigabitEthernet0/0/9

 port link-type access

 port default vlan 90

 loopback-detect enable

#

interface GigabitEthernet0/0/10

 port link-type access

 port default vlan 90

 loopback-detect enable

#

interface GigabitEthernet0/0/11

 port link-type access

 port default vlan 60

 loopback-detect enable

#

interface GigabitEthernet0/0/12

 port link-type access

 port default vlan 60

 loopback-detect enable

#

interface GigabitEthernet0/0/13           

 port link-type access

 port default vlan 70

 loopback-detect enable

#

interface GigabitEthernet0/0/14

 loopback-detect enable

#

interface GigabitEthernet0/0/15

 loopback-detect enable

#

interface GigabitEthernet0/0/16

 loopback-detect enable

#

interface GigabitEthernet0/0/17  #链路聚合端口配置1#

 eth-trunk 1

 lacp priority 100               #高优先级#

#

interface GigabitEthernet0/0/18   #链路聚合端口配置2#

 eth-trunk 1

 lacp priority 100

#

interface GigabitEthernet0/0/19   #链路聚合端口配置3#

 eth-trunk 1                      #备用链路,2用1备#

#                                         

interface GigabitEthernet0/0/20   

 loopback-detect enable

#

interface GigabitEthernet0/0/21

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100

 port trunk allow-pass vlan 110

 loopback-detect enable

#

interface GigabitEthernet0/0/22

 port link-type trunk

 port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100

 port trunk allow-pass vlan 110

 loopback-detect enable

#

interface GigabitEthernet0/0/23  #连接防火墙配置#

 port link-type access

 port default vlan 99

 loopback-detect enable

#

interface GigabitEthernet0/0/24

 port link-type access

 port default vlan 99

 loopback-detect enable                   

#

interface NULL0

#

arp static 192.168.81.13 7427-ea35-eedf

#

ip route-static 0.0.0.0 0.0.0.0 10.0.0.1   #静态路由#

ip route-static 192.168.10.0 255.255.255.0 192.168.71.1

ip route-static 192.168.12.0 255.255.255.0 192.168.71.2

ip route-static 192.168.118.0 255.255.255.0 192.168.111.1

#

traffic-filter inbound acl 3001  #全局启用ACL管控#

#

snmp-agent      #利用Cacti监控192.168.11.151,配置SNMP#

snmp-agent local-engineid 800007DB037054F5DFC580

snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I‘MJ\SJ%$%$

snmp-agent sys-info version all

snmp-agent group v3 public

snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public

#

user-interface con 0    #console口密码#

 authentication-mode password

 set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@#

user-interface vty 0 4  #Telnet密码#

 authentication-mode password             

 user privilege level 3

 set authentication password cipher %$%$%‘cJU]0{$8$:m91‘RKYxGYsja6iDE%48L>!hl‘$Av[8vK6ypk%$%$@#$#

user-interface vty 16 20

#


本文出自 “8737404” 博客,请务必保留此出处http://8747404.blog.51cto.com/8737404/1554552

核心交换机配置Vlan划分、互访、ACL管控、链路聚合等