International - English

Topic Center

Contact Sales

Core switches are configured with VLAN division, mutual access, ACL control, and link aggregation.

Last Update:2014-09-18 Source: Internet

Author: User

Tags snmp

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

#

! Software Version v200r001c00spc300

Sysname it_serverroom # Switch name #

#

VLAN batch 10 20 30 40 50 60 70 80 90 99 to 100 # Set VLAN #

VLAN, batch, 110

#

Lacp priority 100 # Link aggregation priority setting #

#

Undo HTTP server enable

#

Undo nap slave enable

#

DHCP enable # enable DHCP #

#

ACL number 3001 # configure ACL access control #

Rule 4 permit TCP source 0.0.0.0 192.168.21.11 destination-port EQ 3389 # Allow Remote Assistance from specified IP addresses #

Rule 5 Permit TCP source 0.0.0.0 192.168.21.13 destination-port EQ 3389

Rule 6 permit TCP source 0.0.0.1 192.168.11.254 destination-port EQ 3389

Rule 7 permit TCP source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port EQ 3389

Rule 8 permit TCP source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port EQ 3389

Rule 9 permit TCP source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port EQ 3389

Rule 10 permit TCP source 0.0.3 192.168.21.12 destination-port EQ Telnet

Rule 11 permit TCP source 0.0.0.1 192.168.11.254 destination-port EQ Telnet

Rule 12 permit TCP source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port EQ 3389

Rule 100 deny TCP destination-port EQ 3389 # Disable Remote Assistance port #

Rule 105 deny TCP destination-port EQ Telnet # disable the Telnet port #

#

IP pool 1 # Set an IP address pool #

Gateway-list 192.168.11.254 # Set gateway #

Network 192.168.11.0 mask 255.255.255.255.0 # subnet mask and IP segment #

Excluded-IP-address 192.168.11.1 192.168.11.60 # IP address exempted from DHCP allocation #

Lease day 10 hour 0 minute 0 # IP address validity period #

DNS-list 192.168.11.2 192.168.11.5 # DNS configuration #

#

IP pool 2

Gateway-list 192.168.21.254

Network 192.168.21.0 mask 255.255.255.0

Excluded-IP-address 192.168.21.1 192.168.21.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 3

Gateway-list 192.168.31.254

Network 192.168.31.0 mask 255.255.255.0

Excluded-IP-address 192.168.31.1 192.168.31.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 4

Gateway-list 192.168.41.254

Network 192.168.41.0 mask 255.255.255.0

Excluded-IP-address 192.168.41.1 192.168.41.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 5

Gateway-list 192.168.51.254

Network 192.168.51.0 mask 255.255.255.0

Excluded-IP-address 192.168.51.1 192.168.51.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 6

Gateway-list 192.168.61.254

Network 192.168.61.0 mask 255.255.255.0

Excluded-IP-address 192.168.61.1 192.168.61.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 7

Gateway-list 192.168.71.254

Network 192.168.71.0 mask 255.255.255.0

Excluded-IP-address 192.168.71.1 192.168.71.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 8

Gateway-list 192.168.81.254

Network 192.168.81.0 mask 255.255.255.0

Excluded-IP-address 192.168.81.1 192.168.81.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 9

Gateway-list 192.168.91.254

Network 192.168.91.0 mask 255.255.255.0

Excluded-IP-address 192.168.91.1 192.168.91.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 10

Gateway-list 192.168.101.254

Network 192.168.101.0 mask 255.255.255.0

Excluded-IP-address 192.168.101.1 192.168.101.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

IP pool 11

Gateway-list 192.168.111.254

Network 192.168.111.0 mask 255.255.255.0

Excluded-IP-address 192.168.111.1 192.168.111.60

Lease day 10 hour 0 minute 0

DNS-list 192.168.11.2 192.168.11.5

#

Aaa

Authentication-scheme default

Authorization-scheme default

Accounting-scheme default

Domain default

Domain default_admin

Local-user admin password cipher % $ o9hp7mbdf4q # E \ vu4j # wx3ypg % $ % [email protected] [email protected] $

Local-user admin service-type HTTP

#

Interface vlanif1

IP address 192.168.66.254 255.255.255.0

#

Interface vlanif10 # implement mutual VLAN access #

IP address 192.168.11.254 255.255.255.0

DHCP Select Global

#

Interface vlanif20

IP address 192.168.21.254 255.255.255.0

DHCP Select Global

#

Interface vlanif30

IP address 192.168.31.254 255.255.255.0

DHCP Select Global

#

Interface vlanif40

IP address 192.168.41.254 255.255.255.0

DHCP Select Global

#

Interface vlanif50

IP address 192.168.51.254 255.255.255.0

DHCP Select Global

#

Interface vlanif60

IP address 192.168.61.254 255.255.255.0

DHCP Select Global

#

Interface vlanif70

IP address 192.168.71.254 255.255.255.0

DHCP Select Global

#

Interface vlanif80

IP address 192.168.81.254 255.255.255.0

DHCP Select Global

#

Interface vlanif90

IP address 192.168.91.254 255.255.255.0

DHCP Select Global

#

Interface vlanif99

IP address 10.0.0.2 255.255.255.0

#

Interface vlanif100

IP address 192.168.101.254 255.255.255.0

DHCP Select Global

#

Interface vlanif110

IP address 192.168.111.254 255.255.255.0

DHCP Select Global

#

Interface meth0/0/1

IP address 192.168.88.1 255.255.255.0

#

Interface Eth-Trunk1 # Link aggregation settings #

Port Link-type trunk # mode after link aggregation #

Port trunk allow-pass VLAN 2 to 4094 # VLAN tags that are allowed to pass #

Mode lacp-static # Link aggregation mode #

Max active-linknumber 2 # maximum online port #

#

Interface gigabitethernet0/0/1 # port configurations #

Port Link-type access

Port default VLAN 10

Loopback-detect enable # loop detection #

#

Interface gigabitethernet0/0/2

Port Link-type access

Port default VLAN 10

Loopback-detect enable

#

Interface gigabitethernet0/0/3

Port Link-type access

Port default VLAN 10

Loopback-detect enable

#

Interface gigabitethernet0/0/4

Port Link-type access

Port default VLAN 10

Loopback-detect enable

#

Interface gigabitethernet0/0/5

Port Link-type access

Port default, VLAN 110

#

Interface gigabitethernet0/0/6

Port Link-type access

Port default, VLAN 110

Loopback-detect enable

#

Interface gigabitethernet0/0/7

Port Link-type access

Port default, VLAN 100

Loopback-detect enable

#

Interface gigabitethernet0/0/8

Port Link-type access

Port default, VLAN 100

Loopback-detect enable

#

Interface gigabitethernet0/0/9

Port Link-type access

Port default VLAN 90

Loopback-detect enable

#

Interface gigabitethernet0/0/10

Port Link-type access

Port default VLAN 90

Loopback-detect enable

#

Interface gigabitethernet0/0/11

Port Link-type access

Port default VLAN 60

Loopback-detect enable

#

Interface gigabitethernet0/0/12

Port Link-type access

Port default VLAN 60

Loopback-detect enable

#

Interface gigabitethernet0/0/13

Port Link-type access

Port default VLAN 70

Loopback-detect enable

#

Interface gigabitethernet0/0/14

Loopback-detect enable

#

Interface gigabitethernet0/0/15

Loopback-detect enable

#

Interface gigabitethernet0/0/16

Loopback-detect enable

#

Interface gigabitethernet0/0/17 # Link aggregation port configuration 1 #

ETH-trunk 1

Lacp priority 100 # High Priority #

#

Interface gigabitethernet0/0/18 # Link aggregation port configuration 2 #

ETH-trunk 1

Lacp priority 100

#

Interface gigabitethernet0/0/19 # Link aggregation port configuration 3 #

ETH-trunk 1 # slave link, 2 with 1 slave #

#

Interface gigabitethernet0/0/20

Loopback-detect enable

#

Interface gigabitethernet0/0/21

Port Link-type trunk

Port trunk allow-pass VLAN 10 20 30 40 60 70 80 90 100

Port trunk allow-pass VLAN 110

Loopback-detect enable

#

Interface gigabitethernet0/0/22

Port Link-type trunk

Port trunk allow-pass VLAN 10 20 30 40 60 70 80 90 100

Port trunk allow-pass VLAN 110

Loopback-detect enable

#

Interface gigabitethernet0/0/0 # connect to the firewall configuration #

Port Link-type access

Port default VLAN 99

Loopback-detect enable

#

Interface gigabitethernet0/0/24

Port Link-type access

Port default VLAN 99

Loopback-detect enable

#

Interface null0

#

ARP static 192.168.81.13 7427-ea35-eedf

#

IP route-static 0.0.0.0 0.0.0.0 10.0.0.1 # static route #

IP route-static 192.168.10.0 255.255.255.0 192.168.71.1

IP route-static 192.168.12.0 255.255.255.0 192.168.71.2

IP route-static 192.168.118.0 255.255.255.0 192.168.111.1

#

Traffic-filter inbound ACL 3001 # enable ACL control globally #

#

SNMP-Agent # Use cacti to monitor 192.168.11.151 and Configure SNMP #

SNMP-Agent local-engineid 800007db037054f5dfc580

SNMP-Agent Community read cipher % $ % [email protected] (= VHL9T2A-VkMN9 {/I 'mj \ SJ % $

SNMP-Agent sys-Info version all

SNMP-agent group V3 public

SNMP-Agent target-host trap address UDP-domain 192.168.11.151 Params securityname public

#

User-interface con 0 # Console port password #

Authentication-mode password

Set authentication password cipher % $ q] 8brt8 ^ wmucf9 ~] % [Email protected] \ ~) C # $ !; K>. 194 {faqxm & $ F = 8% $ % [email protected] #

User-interface vty 0 4 # telnet password #

Authentication-mode password

User Privilege level 3

Set authentication password cipher % $ % 'cju] 0 {$8 $: M91 'rkyxgysja6ide % 48l>! Hl '$ AV [8vk6ypk % $ % [email protected #

User-interface vty 16 20

#

This article is from the "8737404" blog, please be sure to keep this source http://8747404.blog.51cto.com/8737404/1554552

Core switches are configured with VLAN division, mutual access, ACL control, and link aggregation.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:

wan link aggregation router link aggregation router wireless router link aggregation tp link vlan router synology link aggregation switch gigabit switch link aggregation bonding link aggregation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending

Top 10 Tags

datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling

Top 10 Keywords

microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More