核心交换机各项配置 Vlan划分、互访、ACL管控、链路聚合等
发布时间:2014-10-09 09:55:19 作者:佚名 
我要评论
我要评论这篇文章主要为大家介绍了核心交换机配置的方法,比如给核心交换机配置Vlan划分、互访、ACL管控、链路聚合等,需要的朋友可以参考下
#
!Software Version V200R001C00SPC300
sysname IT_ServerRoom #交换机名称#
#
vlan batch 10 20 30 40 50 60 70 80 90 99 to 100 #设置Vlan#
vlan batch 110
#
lacp priority 100 #链路聚合优先级设定#
#
undo http server enable
#
undo nap slave enable
#
dhcp enable #打开DHCP功能#
#
acl number 3001 #配置ACL访控#
rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#
rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389
rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389
rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet
rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet
rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 100 deny tcp destination-port eq 3389 #关闭远程协助端口#
rule 105 deny tcp destination-port eq telnet #关闭Telnet端口#
#
ip pool 1 #设置IP地址池#
gateway-list 192.168.11.254 #设置网关#
network 192.168.11.0 mask 255.255.255.0 #子网掩码及IP区段#
excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#
lease day 10 hour 0 minute 0 #IP地址有效时间#
dns-list 192.168.11.2 192.168.11.5 #DNS配置#
#
ip pool 2
gateway-list 192.168.21.254
network 192.168.21.0 mask 255.255.255.0
excluded-ip-address 192.168.21.1 192.168.21.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 3
gateway-list 192.168.31.254
network 192.168.31.0 mask 255.255.255.0
excluded-ip-address 192.168.31.1 192.168.31.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 4
gateway-list 192.168.41.254
network 192.168.41.0 mask 255.255.255.0
excluded-ip-address 192.168.41.1 192.168.41.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 5
gateway-list 192.168.51.254
network 192.168.51.0 mask 255.255.255.0
excluded-ip-address 192.168.51.1 192.168.51.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 6
gateway-list 192.168.61.254
network 192.168.61.0 mask 255.255.255.0
excluded-ip-address 192.168.61.1 192.168.61.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 7
gateway-list 192.168.71.254
network 192.168.71.0 mask 255.255.255.0
excluded-ip-address 192.168.71.1 192.168.71.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 8
gateway-list 192.168.81.254
network 192.168.81.0 mask 255.255.255.0
excluded-ip-address 192.168.81.1 192.168.81.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 9
gateway-list 192.168.91.254
network 192.168.91.0 mask 255.255.255.0
excluded-ip-address 192.168.91.1 192.168.91.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 10
gateway-list 192.168.101.254
network 192.168.101.0 mask 255.255.255.0
excluded-ip-address 192.168.101.1 192.168.101.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 11
gateway-list 192.168.111.254
network 192.168.111.0 mask 255.255.255.0
excluded-ip-address 192.168.111.1 192.168.111.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$
local-user admin service-type http
#
interface Vlanif1
ip address 192.168.66.254 255.255.255.0
#
interface Vlanif10 #实现Vlan间互访#
ip address 192.168.11.254 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 192.168.21.254 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.31.254 255.255.255.0
dhcp select global
#
interface Vlanif40
ip address 192.168.41.254 255.255.255.0
dhcp select global
#
interface Vlanif50
ip address 192.168.51.254 255.255.255.0
dhcp select global
#
interface Vlanif60
ip address 192.168.61.254 255.255.255.0
dhcp select global
#
interface Vlanif70
ip address 192.168.71.254 255.255.255.0
dhcp select global
#
interface Vlanif80
ip address 192.168.81.254 255.255.255.0
dhcp select global
#
interface Vlanif90
ip address 192.168.91.254 255.255.255.0
dhcp select global
#
interface Vlanif99
ip address 10.0.0.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.101.254 255.255.255.0
dhcp select global
#
interface Vlanif110
ip address 192.168.111.254 255.255.255.0
dhcp select global
#
interface MEth0/0/1
ip address 192.168.88.1 255.255.255.0
#
interface Eth-Trunk1 #链路聚合设置#
port link-type trunk #链路聚合后的模式#
port trunk allow-pass vlan 2 to 4094 #允许通过的Vlan标签#
mode lacp-static #链路聚合模式#
max active-linknumber 2 #最大在线端口#
#
interface GigabitEthernet0/0/1 #各端口配置#
port link-type access
port default vlan 10
loopback-detect enable #环路检测#
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 70
loopback-detect enable
#
interface GigabitEthernet0/0/14
loopback-detect enable
#
interface GigabitEthernet0/0/15
loopback-detect enable
#
interface GigabitEthernet0/0/16
loopback-detect enable
#
interface GigabitEthernet0/0/17 #链路聚合端口配置1#
eth-trunk 1
lacp priority 100 #高优先级#
#
interface GigabitEthernet0/0/18 #链路聚合端口配置2#
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/19 #链路聚合端口配置3#
eth-trunk 1 #备用链路,2用1备#
#
interface GigabitEthernet0/0/20
loopback-detect enable
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/23 #连接防火墙配置#
port link-type access
port default vlan 99
loopback-detect enable
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 99
loopback-detect enable
#
interface NULL0
#
arp static 192.168.81.13 7427-ea35-eedf
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 #静态路由#
ip route-static 192.168.10.0 255.255.255.0 192.168.71.1
ip route-static 192.168.12.0 255.255.255.0 192.168.71.2
ip route-static 192.168.118.0 255.255.255.0 192.168.111.1
#
traffic-filter inbound acl 3001 #全局启用ACL管控#
#
snmp-agent #利用Cacti监控192.168.11.151,配置SNMP#
snmp-agent local-engineid 800007DB037054F5DFC580
snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJ\SJ%$%$
snmp-agent sys-info version all
snmp-agent group v3 public
snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public
#
user-interface con 0 #console口密码#
authentication-mode password
set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@#
user-interface vty 0 4 #Telnet密码#
authentication-mode password
user privilege level 3
set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$#
user-interface vty 16 20
#
!Software Version V200R001C00SPC300
sysname IT_ServerRoom #交换机名称#
#
vlan batch 10 20 30 40 50 60 70 80 90 99 to 100 #设置Vlan#
vlan batch 110
#
lacp priority 100 #链路聚合优先级设定#
#
undo http server enable
#
undo nap slave enable
#
dhcp enable #打开DHCP功能#
#
acl number 3001 #配置ACL访控#
rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#
rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389
rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389
rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389
rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet
rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet
rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389
rule 100 deny tcp destination-port eq 3389 #关闭远程协助端口#
rule 105 deny tcp destination-port eq telnet #关闭Telnet端口#
#
ip pool 1 #设置IP地址池#
gateway-list 192.168.11.254 #设置网关#
network 192.168.11.0 mask 255.255.255.0 #子网掩码及IP区段#
excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#
lease day 10 hour 0 minute 0 #IP地址有效时间#
dns-list 192.168.11.2 192.168.11.5 #DNS配置#
#
ip pool 2
gateway-list 192.168.21.254
network 192.168.21.0 mask 255.255.255.0
excluded-ip-address 192.168.21.1 192.168.21.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 3
gateway-list 192.168.31.254
network 192.168.31.0 mask 255.255.255.0
excluded-ip-address 192.168.31.1 192.168.31.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 4
gateway-list 192.168.41.254
network 192.168.41.0 mask 255.255.255.0
excluded-ip-address 192.168.41.1 192.168.41.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 5
gateway-list 192.168.51.254
network 192.168.51.0 mask 255.255.255.0
excluded-ip-address 192.168.51.1 192.168.51.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 6
gateway-list 192.168.61.254
network 192.168.61.0 mask 255.255.255.0
excluded-ip-address 192.168.61.1 192.168.61.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 7
gateway-list 192.168.71.254
network 192.168.71.0 mask 255.255.255.0
excluded-ip-address 192.168.71.1 192.168.71.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 8
gateway-list 192.168.81.254
network 192.168.81.0 mask 255.255.255.0
excluded-ip-address 192.168.81.1 192.168.81.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 9
gateway-list 192.168.91.254
network 192.168.91.0 mask 255.255.255.0
excluded-ip-address 192.168.91.1 192.168.91.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 10
gateway-list 192.168.101.254
network 192.168.101.0 mask 255.255.255.0
excluded-ip-address 192.168.101.1 192.168.101.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
ip pool 11
gateway-list 192.168.111.254
network 192.168.111.0 mask 255.255.255.0
excluded-ip-address 192.168.111.1 192.168.111.60
lease day 10 hour 0 minute 0
dns-list 192.168.11.2 192.168.11.5
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$O9hP7mbdf4Q#E\vU4j#wX3ypg%$%$@!@$
local-user admin service-type http
#
interface Vlanif1
ip address 192.168.66.254 255.255.255.0
#
interface Vlanif10 #实现Vlan间互访#
ip address 192.168.11.254 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 192.168.21.254 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.31.254 255.255.255.0
dhcp select global
#
interface Vlanif40
ip address 192.168.41.254 255.255.255.0
dhcp select global
#
interface Vlanif50
ip address 192.168.51.254 255.255.255.0
dhcp select global
#
interface Vlanif60
ip address 192.168.61.254 255.255.255.0
dhcp select global
#
interface Vlanif70
ip address 192.168.71.254 255.255.255.0
dhcp select global
#
interface Vlanif80
ip address 192.168.81.254 255.255.255.0
dhcp select global
#
interface Vlanif90
ip address 192.168.91.254 255.255.255.0
dhcp select global
#
interface Vlanif99
ip address 10.0.0.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.101.254 255.255.255.0
dhcp select global
#
interface Vlanif110
ip address 192.168.111.254 255.255.255.0
dhcp select global
#
interface MEth0/0/1
ip address 192.168.88.1 255.255.255.0
#
interface Eth-Trunk1 #链路聚合设置#
port link-type trunk #链路聚合后的模式#
port trunk allow-pass vlan 2 to 4094 #允许通过的Vlan标签#
mode lacp-static #链路聚合模式#
max active-linknumber 2 #最大在线端口#
#
interface GigabitEthernet0/0/1 #各端口配置#
port link-type access
port default vlan 10
loopback-detect enable #环路检测#
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
loopback-detect enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 110
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 100
loopback-detect enable
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 90
loopback-detect enable
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 60
loopback-detect enable
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 70
loopback-detect enable
#
interface GigabitEthernet0/0/14
loopback-detect enable
#
interface GigabitEthernet0/0/15
loopback-detect enable
#
interface GigabitEthernet0/0/16
loopback-detect enable
#
interface GigabitEthernet0/0/17 #链路聚合端口配置1#
eth-trunk 1
lacp priority 100 #高优先级#
#
interface GigabitEthernet0/0/18 #链路聚合端口配置2#
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet0/0/19 #链路聚合端口配置3#
eth-trunk 1 #备用链路,2用1备#
#
interface GigabitEthernet0/0/20
loopback-detect enable
#
interface GigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60 70 80 90 100
port trunk allow-pass vlan 110
loopback-detect enable
#
interface GigabitEthernet0/0/23 #连接防火墙配置#
port link-type access
port default vlan 99
loopback-detect enable
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 99
loopback-detect enable
#
interface NULL0
#
arp static 192.168.81.13 7427-ea35-eedf
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 #静态路由#
ip route-static 192.168.10.0 255.255.255.0 192.168.71.1
ip route-static 192.168.12.0 255.255.255.0 192.168.71.2
ip route-static 192.168.118.0 255.255.255.0 192.168.111.1
#
traffic-filter inbound acl 3001 #全局启用ACL管控#
#
snmp-agent #利用Cacti监控192.168.11.151,配置SNMP#
snmp-agent local-engineid 800007DB037054F5DFC580
snmp-agent community read cipher %$%$@(=VHL9T2A-VkMN9{/I'MJ\SJ%$%$
snmp-agent sys-info version all
snmp-agent group v3 public
snmp-agent target-host trap address udp-domain 192.168.11.151 params securityname public
#
user-interface con 0 #console口密码#
authentication-mode password
set authentication password cipher %$%$Q]]8BRT8^WMuCf9~]%QX~@7.\~)c#$!;K>.194{FaqXM&$F=8%$%$@#
user-interface vty 0 4 #Telnet密码#
authentication-mode password
user privilege level 3
set authentication password cipher %$%$%'cJU]0{$8$:m91'RKYxGYsja6iDE%48L>!hl'$Av[8vK6ypk%$%$@#$#
user-interface vty 16 20
#
相关文章
2.5G/万兆交换机性价比清单推荐! 百元出头就能搭建万兆局域网
2.5G交换机价格降下来了,在选择交换机和路由器的时候,很纠结,我们搜集、推荐一下有哪些性价比2.5G/万兆交换机,这些均在百元出头,还带万兆口2024-08-26
这款交换机现在价格是129元,很懂盆友不知道该不该购买,下面我们就来看看小米千兆交换机SW-108G详细的拆机图2024-07-26
今天我们来看看TPLINK万兆上联的2.5G网管交换机TL-SE2109,做一个简单开箱和拆解测评,这款交换机有8个2.5电口,1个万兆SFP+口,详细请看下文介绍2024-07-16
10G电口和轻网管! hasivo海思视讯2.5G交换机拆机测评
S600W-4GT-1SX-1XGT-SE这款2.5G 万兆上行轻网管交换机怎么样?值得购买吗?下面我们就来看看详细的拆机测评2024-07-10
hasivo交换机怎么样? 200出头的海思视讯8口2.5G轻网管交换机评测
这款交换机具备出色的性能,提供了 8 个 2.5G 电口和 1 个万兆光口,能够满足高速数据传输的需求,无论是处理大文件传输、视频会议还是在线游戏,这款交换机都能够提供快速2024-07-10
小米5月底上架了一款万兆交换机,双万兆口、4个2.5G网口,首发价299元,该万兆交换机采用居家美学设计,小巧轻薄,简约百搭,下面我们就来看看这款万兆交换机拆机测评2024-07-09
水星SE106整机最大PoE供电功率55W,单端口最大PoE供电功率30W,桌面钢壳设计,即插即用,无需配置,简单方便,支持MAC地址自学习;支持全双工模式,下面我们就来看看详细的2024-07-03
了解到市面上两三百价位的2.5G交换机基本都是公版方案,无非就是壳子和品牌不同而已,所以选的是双十二最便宜的海思视讯,200出头拿下,比之前5口的还便宜,带轻网管功能2024-06-28
最近很多朋友很好奇磊科GS10用的是啥芯片?正好趁着现在价格合适,我们入手一台并进行拆机测评,详细请看下文介绍2024-06-28
全万兆三层网管交换机TL-ST5008F怎么样? TPLINK TLST5008F拆机测评
TL-ST5008F是TP-LINK推出的全万兆三层网管交换机,采用新一代高性能硬件和软件平台,提供全万兆光口,支持三层路由协议,下面我们就来看看这款交换机的拆机测评2024-03-05
最新评论