核心交換機各項配置 Vlan劃分、互訪、ACL管控、鏈路聚合等

這篇具有很好參考價值的文章主要介紹了核心交換機各項配置 Vlan劃分、互訪、ACL管控、鏈路聚合等。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方，請大家不吝賜教，您也可以點擊"舉報違法"按鈕提交疑問。

#
!Software Version V200R001C00SPC300
sysname IT_ServerRoom? #交換機名稱#
#
vlan batch 10 20 30 40 50 60 70 80 90 99 to 100? #設(shè)置Vlan#
vlan batch 110
#
lacp priority 100? #鏈路聚合優(yōu)先級設(shè)定#
#
undo http server enable
#
undo nap slave enable
#
dhcp enable #打開DHCP功能#
#
acl number 3001? #配置ACL訪控#
rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允許指定IP使用遠(yuǎn)程協(xié)助#
rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389
rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389
rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet
rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet
rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 100 deny tcp destination-port eq 3389? #關(guān)閉遠(yuǎn)程協(xié)助端口#
rule 105 deny tcp destination-port eq telnet? #關(guān)閉Telnet端口#
#
ip pool 1?? #設(shè)置IP地址池#
gateway-list 192.168.11.254?? #設(shè)置網(wǎng)關(guān)#
network 192.168.11.0 mask 255.255.255.0?? #子網(wǎng)掩碼及IP區(qū)段#
excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配時豁免的IP地址#
lease day 10 hour 0 minute 0??? #IP地址有效時間#
dns-list 192.168.11.2 192.168.11.5?? #DNS配置#
#
ip pool 2
gateway-list 192.168.21.254
network 192.168.21.0 mask 255.255.255.0
excluded-ip-address 192.168.21.1 192.168.21.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 3
gateway-list 192.168.31.254
network 192.168.31.0 mask 255.255.255.0
excluded-ip-address 192.168.31.1 192.168.31.60
lease day 10 hour 0 minute 0????????????
dns-list 192.168.11.2 192.168.11.5
#
ip pool 4
gateway-list 192.168.41.254
network 192.168.41.0 mask 255.255.255.0
excluded-ip-address 192.168.41.1 192.168.41.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 5
gateway-list 192.168.51.254
network 192.168.51.0 mask 255.255.255.0
excluded-ip-address 192.168.51.1 192.168.51.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 6
gateway-list 192.168.61.254
network 192.168.61.0 mask 255.255.255.0
excluded-ip-address 192.168.61.1 192.168.61.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 7????????????????????????????????
gateway-list 192.168.71.254
network 192.168.71.0 mask 255.255.255.0
excluded-ip-address 192.168.71.1 192.168.71.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 8
gateway-list 192.168.81.254
network 192.168.81.0 mask 255.255.255.0
excluded-ip-address 192.168.81.1 192.168.81.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 9
gateway-list 192.168.91.254
network 192.168.91.0 mask 255.255.255.0
excluded-ip-address 192.168.91.1 192.168.91.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 10
gateway-list 192.168.101.254
network 192.168.101.0 mask 255.255.255.0
excluded-ip-address 192.168.101.1 192.168.101.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 11
gateway-list 192.168.111.254
network 192.168.111.0 mask 255.255.255.0
excluded-ip-address 192.168.111.1 192.168.111.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$
local-user admin service-type http??????
#
interface Vlanif1
ip address 192.168.66.254 255.255.255.0
#
interface Vlanif10? #實現(xiàn)Vlan間互訪#
ip address 192.168.11.254 255.255.255.0?
dhcp select global
#
interface Vlanif20
ip address 192.168.21.254 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.31.254 255.255.255.0
dhcp select global
#
interface Vlanif40
ip address 192.168.41.254 255.255.255.0
dhcp select global
#
interface Vlanif50
ip address 192.168.51.254 255.255.255.0
dhcp select global
#????????????????????????????????????????
interface Vlanif60
ip address 192.168.61.254 255.255.255.0
dhcp select global
#
interface Vlanif70
ip address 192.168.71.254 255.255.255.0
dhcp select global
#
interface Vlanif80
ip address 192.168.81.254 255.255.255.0
dhcp select global
#
interface Vlanif90
ip address 192.168.91.254 255.255.255.0
dhcp select global
#
interface Vlanif99
ip address 10.0.0.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.101.254 255.255.255.0
dhcp select global
#
interface Vlanif110??????????????????????
ip address 192.168.111.254 255.255.255.0
dhcp select global
#
interface MEth0/0/1
ip address 192.168.88.1 255.255.255.0
#
interface Eth-Trunk1?? #鏈路聚合設(shè)置#
port link-type trunk?? #鏈路聚合后的模式#
port trunk allow-pass vlan 2 to 4094? #允許通過的Vlan標(biāo)簽#
mode lacp-static???? #鏈路聚合模式#
max active-linknumber 2?? #最大在線端口#
#
interface GigabitEthernet0/0/1? #各端口配置#
port link-type access
port default vlan 10
loopback-detect enable??? #環(huán)路檢測#
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/3
port link-type access???????????????????
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/8
port link-type access???????????????????
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/13??????????
port link-type access
port default vlan 70
loopback-detect enable
#
interface GigabitEthernet0/0/14
loopback-detect enable
#
interface GigabitEthernet0/0/15
loopback-detect enable
#
interface GigabitEthernet0/0/16
loopback-detect enable
#
interface GigabitEthernet0/0/17? #鏈路聚合端口配置1#
eth-trunk 1
lacp priority 100?????????????? #高優(yōu)先級#
#
interface GigabitEthernet0/0/18?? #鏈路聚合端口配置2#
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/19?? #鏈路聚合端口配置3#
eth-trunk 1????????????????????? #備用鏈路，2用1備#
#????????????????????????????????????????
interface GigabitEthernet0/0/20??
loopback-detect enable
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/23? #連接防火墻配置#
port link-type access
port default vlan 99
loopback-detect enable
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 99
loopback-detect enable??????????????????
#
interface NULL0
#
arp static 192.168.81.13 7427-ea35-eedf
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1?? #靜態(tài)路由#
ip route-static 192.168.10.0 255.255.255.0 192.168.71.1
ip route-static 192.168.12.0 255.255.255.0 192.168.71.2
ip route-static 192.168.118.0 255.255.255.0 192.168.111.1
#
traffic-filter inbound acl 3001? #全局啟用ACL管控#
#
snmp-agent????? #利用Cacti監(jiān)控192.168.11.151，配置SNMP#
snmp-agent local-engineid 800007DB037054F5DFC580
snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJ\SJ%$%$
snmp-agent sys-info version all
snmp-agent group v3 public
snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public
#
user-interface con 0??? #console口密碼#
authentication-mode password
set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@#
user-interface vty 0 4? #Telnet密碼#
authentication-mode password????????????
user privilege level 3
set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$#
user-interface vty 16 20
#

文章來源地址http://www.zghlxwxcb.cn/news/detail-467095.html

到了這里，關(guān)于核心交換機各項配置 Vlan劃分、互訪、ACL管控、鏈路聚合等的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！