博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 1509|回复: 1

非常规范全面细致的交换机配置

[复制链接]
发表于 2007-12-31 22:06:40 | 显示全部楼层 |阅读模式
非常规范全面细致的交换机配置

这个配置没什么复杂的,很简单,拓扑也就是2个3750堆叠后与一台路由器互联,都很容易。
值得学习的是,很多细节配置的很全面,很多安全性的feature都利用上了,而且也是很规范的配置。
是一个很有钱的企业请cisco写的,呵呵。杀鸡用牛刀了,呵呵。



Building configuration...
Current configuration : 44199 bytes
!
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname *************
!
logging buffered informational
no logging console
enable secret 5 *************
enable password 7 *************
!
no aaa new-model
clock timezone PST 8
no boot auto-copy-sw
switch 1 provision ws-c3750e-48td
switch 2 provision ws-c3750e-48td
stack-mac persistent timer 5
system mtu routing 1500
vtp domain BEIJING_DC
vtp mode transparent
udld aggressive
ip subnet-zero
no ip source-route
ip routing
ip icmp rate-limit unreachable 1000
ip tcp synwait-time 10
ip domain-name novartis.com
ip name-server *.*.*.*
!
ip ssh time-out 60
ip ssh version 2
!
no setup express
!
!
!         
!
errdisable recovery cause bpduguard
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 900
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 4096
!
vlan internal allocation policy ascending
!
vlan 10
name NetworkManagement
!
vlan 12
name Voice_UNUSED
!
vlan 13
name Video_UNUSED
!
vlan 15
name SERVER_VLAN1
!
vlan 16
name SERVER_VLAN2
!
vlan 17
name SERVER_VLAN3
!
vlan 18
name SERVER_VLAN4
!
vlan 19   
name BT_PRI
!
vlan 20
name BR_SEC
!
vlan 21
name DOM_WAN
!
vlan 22
name Firewall
!
vlan 999
name Unused
!
vlan 1001
name NativeVLAN
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1 - 47
switchport access vlan 18
switchport mode access
switchport port-security maximum 10
switchport port-security
switchport port-security aging time 2
switchport port-security aging type inactivity
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action trap
spanning-tree portfast
spanning-tree guard none
!
interface GigabitEthernet1/0/48
description Connection to China Telecom 100 Mbps
no switchport
ip address *.*.*.* 255.255.255.248
no ip redirects
no ip proxy-arp
ip ospf cost 1000
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!         
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface GigabitEthernet2/0/1 - 47
switchport access vlan 18
switchport mode access
switchport port-security maximum 10
switchport port-security
switchport port-security aging time 2
switchport port-security aging type inactivity
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action trap
spanning-tree portfast
spanning-tree guard none
!
interface GigabitEthernet2/0/48
description Connection to China Netcom 10 Mbps
no switchport
ip address *.*.*.* 255.255.255.248
no ip redirects
no ip proxy-arp
ip ospf cost 10000
!
interface GigabitEthernet2/0/49
!
interface GigabitEthernet2/0/50
!
interface GigabitEthernet2/0/51
!
interface GigabitEthernet2/0/52
!
interface TenGigabitEthernet2/0/1
!
interface TenGigabitEthernet2/0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address *.*.*.* 255.255.255.240
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
ntp broadcast
arp timeout 295
!
interface Vlan15
ip address *.*.*.* 255.255.255.192
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
ntp broadcast
arp timeout 295
!
interface Vlan16
ip address *.*.*.* 255.255.255.192
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
ntp broadcast
arp timeout 295
!
interface Vlan17
ip address *.*.*.* 255.255.255.192
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
ntp broadcast
arp timeout 295
!
interface Vlan18
ip address *.*.*.* 255.255.255.128
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
shutdown
ntp broadcast
arp timeout 295
!
interface Vlan19
ip address *.*.*.* 255.255.255.248
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
shutdown
ntp broadcast
arp timeout 295
!
interface Vlan20
ip address *.*.*.* 255.255.255.248
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
shutdown
ntp broadcast
arp timeout 295
!
interface Vlan21
ip address *.*.*.* 255.255.255.240
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
shutdown
ntp broadcast
arp timeout 295
!
interface Vlan22
ip address *.*.*.* 255.255.255.240
ip helper-address *.*.*.*
ip helper-address *.*.*.*
no ip redirects
no ip proxy-arp
load-interval 30
shutdown
ntp broadcast
arp timeout 295
!
router ospf 70
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet1/0/48
no passive-interface GigabitEthernet2/0/48
network *.*.*.* *.*.*.* area 0
network *.*.*.* *.*.*.* area 0
network *.*.*.* *.*.*.* area 0
network *.*.*.* *.*.*.* area 0
network *.*.*.* *.*.*.* area 0
network *.*.*.* *.*.*.* area 0
!
ip classless
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
!
!
snmp-server community DNDSONENET RO 5
snmp-server trap-source Vlan10
snmp-server contact Beijing_Local_IT
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps license
snmp-server enable traps cluster
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1-9
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps mac-notification
snmp-server enable traps stackwise
snmp-server enable traps bgp
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
!
control-plane
!
banner motd ^C
!
line con 0
password 7 ********
logging synchronous
login
transport output none
line vty 0 4
password 7 ********
logging synchronous
login   
transport input telnet
transport output telnet
line vty 5 15
password 7 ********
logging synchronous
login
transport input telnet
transport output telnet
!
end
 楼主| 发表于 2008-1-1 04:06:04 | 显示全部楼层
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 07:18 , Processed in 0.103320 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表