- 论坛徽章:
- 0
|
华为三层交换配置实例
[HUAWEI-S3928]dis cur
#
sysname HUAWEI-S3928
#
super password level 3 cipher V_$D$4N:*#F/$ATR*`+,;!!!
#
dhcp-server 1 ip 192.168.8.2
dhcp relay information enable
#
ip http shutdown
#
radius scheme system
#
domain system
#
stp enable
#
acl number 3400
rule 0 deny tcp destination-port eq exec
rule 1 deny tcp destination-port eq 135
rule 2 deny tcp destination-port eq 139
rule 3 deny tcp destination-port eq 445
rule 4 deny tcp destination-port eq 64444
rule 5 deny tcp destination-port eq 8080
rule 6 deny udp destination-port eq 135
rule 7 deny udp destination-port eq netbios-ssn
rule 8 deny udp destination-port eq 445
rule 9 deny udp destination-port eq 539
acl number 3500
rule 0 deny tcp destination-port eq 135
rule 1 deny tcp destination-port eq 136
rule 2 deny tcp destination-port eq 137
rule 3 deny tcp destination-port eq 138
rule 4 deny tcp destination-port eq 139
rule 5 deny tcp destination-port eq 445
rule 6 deny tcp destination-port eq 593
rule 7 deny tcp destination-port eq 5554
rule 8 deny tcp destination-port eq 9995
rule 9 deny tcp destination-port eq 9996
rule 10 deny tcp destination-port eq 1068
rule 11 deny tcp destination-port eq 5800
rule 12 deny tcp destination-port eq 455
rule 13 deny udp destination-port eq tftp
rule 14 deny udp destination-port eq 135
rule 15 deny udp destination-port eq 136
rule 16 deny udp destination-port eq netbios-ns
rule 17 deny udp destination-port eq netbios-dgm
rule 18 deny udp destination-port eq netbios-ssn
rule 19 deny udp destination-port eq 445
rule 20 deny udp destination-port eq 593
rule 21 deny udp destination-port eq 1434
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 60
#
vlan 70
#
vlan 80
#
vlan 90
#
interface Vlan-interface1
#
interface Vlan-interface10
ip address 192.168.1.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface20
ip address 192.168.2.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface30
ip address 192.168.3.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface40
ip address 192.168.4.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface50
ip address 192.168.5.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface60
ip address 192.168.6.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface70
ip address 192.168.7.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface80
description Line to router this vlan
ip address 192.168.8.1 255.255.255.0
#
interface Vlan-interface90
ip address 192.168.100.1 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 10
#
interface Ethernet1/0/2
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 10
#
interface Ethernet1/0/3
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 10
#
interface Ethernet1/0/4
port access vlan 20
#
interface Ethernet1/0/5
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 20
#
interface Ethernet1/0/6
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 20
#
interface Ethernet1/0/7
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 30
#
interface Ethernet1/0/8
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 30
#
interface Ethernet1/0/9
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 30
#
interface Ethernet1/0/10
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 40
#
interface Ethernet1/0/11
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 40
#
interface Ethernet1/0/12
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 40
#
interface Ethernet1/0/13
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 50
#
interface Ethernet1/0/14
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 50
#
interface Ethernet1/0/15
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 50
#
interface Ethernet1/0/16
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 60
#
interface Ethernet1/0/17
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 60
#
interface Ethernet1/0/18
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 60
#
interface Ethernet1/0/19
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 70
#
interface Ethernet1/0/20
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 70
#
interface Ethernet1/0/21
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 70
#
interface Ethernet1/0/22
stp disable
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 80
monitor-port
#
interface Ethernet1/0/23
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 80
#
interface Ethernet1/0/24
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 80
packet-filter inbound ip-group 3500 rule 0
packet-filter inbound ip-group 3500 rule 1
packet-filter inbound ip-group 3500 rule 2
packet-filter inbound ip-group 3500 rule 3
packet-filter inbound ip-group 3500 rule 4
packet-filter inbound ip-group 3500 rule 5
packet-filter inbound ip-group 3500 rule 6
packet-filter inbound ip-group 3500 rule 7
packet-filter inbound ip-group 3500 rule 8
packet-filter inbound ip-group 3500 rule 9
packet-filter inbound ip-group 3500 rule 10
packet-filter inbound ip-group 3500 rule 11
packet-filter inbound ip-group 3500 rule 12
packet-filter inbound ip-group 3500 rule 13
packet-filter inbound ip-group 3500 rule 14
packet-filter inbound ip-group 3500 rule 15
packet-filter inbound ip-group 3500 rule 16
packet-filter inbound ip-group 3500 rule 17
packet-filter inbound ip-group 3500 rule 18
packet-filter inbound ip-group 3500 rule 19
packet-filter inbound ip-group 3500 rule 20
packet-filter inbound ip-group 3500 rule 21
mirroring-port both
#
interface GigabitEthernet1/1/1
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 90
#
interface GigabitEthernet1/1/2
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 90
#
interface GigabitEthernet1/1/3
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 90
packet-filter inbound ip-group 3500 rule 0
packet-filter inbound ip-group 3500 rule 1
packet-filter inbound ip-group 3500 rule 2
packet-filter inbound ip-group 3500 rule 3
packet-filter inbound ip-group 3500 rule 4
packet-filter inbound ip-group 3500 rule 5
packet-filter inbound ip-group 3500 rule 6
packet-filter inbound ip-group 3500 rule 7
packet-filter inbound ip-group 3500 rule 8
packet-filter inbound ip-group 3500 rule 9
packet-filter inbound ip-group 3500 rule 10
packet-filter inbound ip-group 3500 rule 11
packet-filter inbound ip-group 3500 rule 12
packet-filter inbound ip-group 3500 rule 13
packet-filter inbound ip-group 3500 rule 14
packet-filter inbound ip-group 3500 rule 15
packet-filter inbound ip-group 3500 rule 16
packet-filter inbound ip-group 3500 rule 17
packet-filter inbound ip-group 3500 rule 18
packet-filter inbound ip-group 3500 rule 19
packet-filter inbound ip-group 3500 rule 20
packet-filter inbound ip-group 3500 rule 21
#
interface GigabitEthernet1/1/4
broadcast-suppression 5
multicast-suppression 10
unicast-suppression 90
port access vlan 90
packet-filter inbound ip-group 3500 rule 0
packet-filter inbound ip-group 3500 rule 1
packet-filter inbound ip-group 3500 rule 2
packet-filter inbound ip-group 3500 rule 3
packet-filter inbound ip-group 3500 rule 4
packet-filter inbound ip-group 3500 rule 5
packet-filter inbound ip-group 3500 rule 6
packet-filter inbound ip-group 3500 rule 7
packet-filter inbound ip-group 3500 rule 8
packet-filter inbound ip-group 3500 rule 9
packet-filter inbound ip-group 3500 rule 10
packet-filter inbound ip-group 3500 rule 11
packet-filter inbound ip-group 3500 rule 12
packet-filter inbound ip-group 3500 rule 13
packet-filter inbound ip-group 3500 rule 14
packet-filter inbound ip-group 3500 rule 15
packet-filter inbound ip-group 3500 rule 16
packet-filter inbound ip-group 3500 rule 17
packet-filter inbound ip-group 3500 rule 18
packet-filter inbound ip-group 3500 rule 19
packet-filter inbound ip-group 3500 rule 20
packet-filter inbound ip-group 3500 rule 21
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
ip route-static 0.0.0.0 0.0.0.0 192.168.8.2 preference 60
#
user-interface aux 0 7
set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!
idle-timeout 2 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!
idle-timeout 2 0
#
return
[HUAWEI-S3928]
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/60772/showart_474519.html |
|
免费注册
发表于 2008-02-01 11:34