在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
# !Software Version V200R001C00SPC300 sysname IT_ServerRoom #交换机名称# # vlan batch 10 20 30 40 50 60 70 80 90 99 to 100 #设置Vlan# vlan batch 110 # lacp priority 100 #链路聚合优先级设定# # undo http server enable # undo nap slave enable # dhcp enable #打开DHCP功能# # acl number 3001 #配置ACL访控# rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助# rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389 rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389 rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389 rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389 rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389 rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389 rule 100 deny tcp destination-port eq 3389 #关闭远程协助端口# rule 105 deny tcp destination-port eq telnet #关闭Telnet端口# # ip pool 1 #设置IP地址池# gateway-list 192.168.11.254 #设置网关# network 192.168.11.0 mask 255.255.255.0 #子网掩码及IP区段# excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址# lease day 10 hour 0 minute 0 #IP地址有效时间# dns-list 192.168.11.2 192.168.11.5 #DNS配置# # ip pool 2 gateway-list 192.168.21.254 network 192.168.21.0 mask 255.255.255.0 excluded-ip-address 192.168.21.1 192.168.21.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 3 gateway-list 192.168.31.254 network 192.168.31.0 mask 255.255.255.0 excluded-ip-address 192.168.31.1 192.168.31.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 4 gateway-list 192.168.41.254 network 192.168.41.0 mask 255.255.255.0 excluded-ip-address 192.168.41.1 192.168.41.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 5 gateway-list 192.168.51.254 network 192.168.51.0 mask 255.255.255.0 excluded-ip-address 192.168.51.1 192.168.51.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 6 gateway-list 192.168.61.254 network 192.168.61.0 mask 255.255.255.0 excluded-ip-address 192.168.61.1 192.168.61.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 7 gateway-list 192.168.71.254 network 192.168.71.0 mask 255.255.255.0 excluded-ip-address 192.168.71.1 192.168.71.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 8 gateway-list 192.168.81.254 network 192.168.81.0 mask 255.255.255.0 excluded-ip-address 192.168.81.1 192.168.81.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 9 gateway-list 192.168.91.254 network 192.168.91.0 mask 255.255.255.0 excluded-ip-address 192.168.91.1 192.168.91.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 10 gateway-list 192.168.101.254 network 192.168.101.0 mask 255.255.255.0 excluded-ip-address 192.168.101.1 192.168.101.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # ip pool 11 gateway-list 192.168.111.254 network 192.168.111.0 mask 255.255.255.0 excluded-ip-address 192.168.111.1 192.168.111.60 lease day 10 hour 0 minute 0 dns-list 192.168.11.2 192.168.11.5 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$ local-user admin service-type http # interface Vlanif1 ip address 192.168.66.254 255.255.255.0 # interface Vlanif10 #实现Vlan间互访# ip address 192.168.11.254 255.255.255.0 dhcp select global # interface Vlanif20 ip address 192.168.21.254 255.255.255.0 dhcp select global # interface Vlanif30 ip address 192.168.31.254 255.255.255.0 dhcp select global # interface Vlanif40 ip address 192.168.41.254 255.255.255.0 dhcp select global # interface Vlanif50 ip address 192.168.51.254 255.255.255.0 dhcp select global # interface Vlanif60 ip address 192.168.61.254 255.255.255.0 dhcp select global # interface Vlanif70 ip address 192.168.71.254 255.255.255.0 dhcp select global # interface Vlanif80 ip address 192.168.81.254 255.255.255.0 dhcp select global # interface Vlanif90 ip address 192.168.91.254 255.255.255.0 dhcp select global # interface Vlanif99 ip address 10.0.0.2 255.255.255.0 # interface Vlanif100 ip address 192.168.101.254 255.255.255.0 dhcp select global # interface Vlanif110 ip address 192.168.111.254 255.255.255.0 dhcp select global # interface MEth0/0/1 ip address 192.168.88.1 255.255.255.0 # interface Eth-Trunk1 #链路聚合设置# port link-type trunk #链路聚合后的模式# port trunk allow-pass vlan 2 to 4094 #允许通过的Vlan标签# mode lacp-static #链路聚合模式# max active-linknumber 2 #最大在线端口# # interface GigabitEthernet0/0/1 #各端口配置# port link-type access port default vlan 10 loopback-detect enable #环路检测# # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 loopback-detect enable # interface GigabitEthernet0/0/3 port link-type access port default vlan 10 loopback-detect enable # interface GigabitEthernet0/0/4 port link-type access port default vlan 10 loopback-detect enable # interface GigabitEthernet0/0/5 port link-type access port default vlan 110 # interface GigabitEthernet0/0/6 port link-type access port default vlan 110 loopback-detect enable # interface GigabitEthernet0/0/7 port link-type access port default vlan 100 loopback-detect enable # interface GigabitEthernet0/0/8 port link-type access port default vlan 100 loopback-detect enable # interface GigabitEthernet0/0/9 port link-type access port default vlan 90 loopback-detect enable # interface GigabitEthernet0/0/10 port link-type access port default vlan 90 loopback-detect enable # interface GigabitEthernet0/0/11 port link-type access port default vlan 60 loopback-detect enable # interface GigabitEthernet0/0/12 port link-type access port default vlan 60 loopback-detect enable # interface GigabitEthernet0/0/13 port link-type access port default vlan 70 loopback-detect enable # interface GigabitEthernet0/0/14 loopback-detect enable # interface GigabitEthernet0/0/15 loopback-detect enable # interface GigabitEthernet0/0/16 loopback-detect enable # interface GigabitEthernet0/0/17 #链路聚合端口配置1# eth-trunk 1 lacp priority 100 #高优先级# # interface GigabitEthernet0/0/18 #链路聚合端口配置2# eth-trunk 1 lacp priority 100 # interface GigabitEthernet0/0/19 #链路聚合端口配置3# eth-trunk 1 #备用链路,2用1备# # interface GigabitEthernet0/0/20 loopback-detect enable # interface GigabitEthernet0/0/21 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100 port trunk allow-pass vlan 110 loopback-detect enable # interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100 port trunk allow-pass vlan 110 loopback-detect enable # interface GigabitEthernet0/0/23 #连接防火墙配置# port link-type access port default vlan 99 loopback-detect enable # interface GigabitEthernet0/0/24 port link-type access port default vlan 99 loopback-detect enable # interface NULL0 # arp static 192.168.81.13 7427-ea35-eedf # ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 #静态路由# ip route-static 192.168.10.0 255.255.255.0 192.168.71.1 ip route-static 192.168.12.0 255.255.255.0 192.168.71.2 ip route-static 192.168.118.0 255.255.255.0 192.168.111.1 # traffic-filter inbound acl 3001 #全局启用ACL管控# # snmp-agent #利用Cacti监控192.168.11.151,配置SNMP# snmp-agent local-engineid 800007DB037054F5DFC580 snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJ\SJ%$%$ snmp-agent sys-info version all snmp-agent group v3 public snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public # user-interface con 0 #console口密码# authentication-mode password set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@# user-interface vty 0 4 #Telnet密码# authentication-mode password user privilege level 3 set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$# user-interface vty 16 20 # |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论