- 论坛徽章:
- 0
|
sysname 5528-EI
#汇聚5528交换机通用配置
#DHCP 配置
dhcp enable
dhcp relay server-group 0 ip 202.117.144.21
#组播路由启用
multicast routing-enable
#群集交换机管理配置
cluster
ip-pool 192.168.4.1 255.255.255.0
build SE-D
#SNMP 配置
snmp-agent
snmp-agent community write lyqx.rw
snmp-agent community read
[email=public@cm0]public@cm0[/email]
snmp-agent community write
[email=private@cm0]private@cm0[/email]
snmp-agent sys-info version all
#NTP 时间服务器
ntp-service unicast-server 192.43.244.18 priority
#交换机管理认证方式
local-user admin
authorization-attribute level 3
password cipher snnu.stu
service-type telnet
#
user-interface vty 0 4
authentication-mode scheme
#acl 交换机安全控制
acl nu 3001 name anti-virus
rule deny tcp source any destination any destination-port eq 135
rule deny tcp source any destination any destination-port eq 335
rule deny tcp source any destination any destination-port eq 4444
rule deny udp source any destination any destination-port eq tftp
rule deny udp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq netbios-ssn
rule deny udp source any destination any destination-port eq 1434
rule deny tcp source any destination any destination-port eq 3389
rule deny udp source any destination any destination-port eq 136
rule deny udp source any destination any destination-port eq netbios-ns
rule deny tcp source any destination any destination-port eq 139
rule deny tcp source any destination any destination-port eq ftp
rule deny tcp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq netbios-dgm
rule deny udp source any destination any destination-port eq 593
rule deny tcp source any destination any destination-port eq 593
rule deny tcp source any destination any destination-port eq 9995
rule deny tcp source any destination any destination-port eq 9996
rule deny tcp source any destination any destination-port eq 5554
#交换机安全控制
traffic classifier anti-virus
if-match acl 3001
traffic behavior anti-virus
filter deny
qos policy anti-virus
classifier anti-virus behavior anti-virus
quit
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/107924/showart_2119893.html |
|
免费注册
发表于 2009-12-13 14:06