首页 > 学院 > 网络通信 > 正文

Catalyst 4006交换机的配置实例

2019-11-05 01:53:14
字体:
来源:转载
供稿:网友

  一、CAT4006引擎模块WS-X4013的配置清单
  
  (其中包括:基本设置、VLAN的配置、通道配置、以及端口镜像口的1/2设置连接千兆IDS)
  
  Cisco Systems, Inc. Console
  
  Enter passWord:
  CAT4006> enable
  
  Enter password:
  CAT40
  
  06> (enable)
  .......
  ..................
  ..................
  ....................
  ....................
  ..
  
  begin
  !
  # ***** NON-DEFAULT CONFIGURATION *****
  !
  !
  #time: Mon APR 11 2005, 22:02:13
  !
  #version 6.1(1)
  !
  !
  #system web interface version(s)
  set password *********************
  set enablepass *********************
  !
  #test
  !
  #system
  set system name CAT4006
  !
  #frame distribution method
  set port channel all distribution mac both
  !
  #vtp
  set vtp domain hngazk
  set vlan 1 name default type ethernet mtu 1500 said 100001 state active
  set vlan 16 name Old_Bangong type ethernet mtu 1500 said 100016 state active
  set vlan 17 name Server_Manage type ethernet mtu 1500 said 100017 state active
  set vlan 18 name New_Bangong type ethernet mtu 1500 said 100018 state active
  set vlan 19 name Library type ethernet mtu 1500 said 100019 state active
  set vlan 20 name New_Shiyanzhongxin type ethernet mtu 1500 said 100020 state active
  set vlan 22 name Old_Shiyanzhongxin type ethernet mtu 1500 said 100022 state active
  set vlan 23 name CaiZhuan_Jiashuyuan type ethernet mtu 1500 said 100023 state active
  set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
  set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee
  set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm
  set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 0 stemaxhop 0 backupcrf off
  !
  #ip
  set interface sc0 17 21x.xxx.17.253/255.255.255.0 21x.xxx.xxx.255
  
  set interface sl0 down
  set interface me1 down
  set ip route 0.0.0.0/0.0.0.0 21x.xxx.xxx.254
  !
  #dns
  set ip dns server 21x.xxx.xxx.2 primary
  set ip dns enable
  !
  #syslog
  set logging level cops 2 default
  !
  #set boot command
  set boot config-register 0x2
  set boot system Flash bootflash:cat4000.6-1-1.bin
  !
  #mls
  set mls nde disable
  !
  #port channel
  set port channel 3/1-4 636
  !
  #module 1 : 2-port 1000BaseX Supervisor
  set udld enable 1/1
  set trunk 1/1 nonegotiate dot1q 1-1005
  set trunk 1/2 nonegotiate dot1q 1-1005
  !
  #module 2 : 6-port 1000BaseX Ethernet
  set vlan 20 2/3
  set port name 2/1 Old_Shiyanzhongxin
  set port name 2/2 Library
  set port name 2/3 New_Shiyanzhongxin
  set port name 2/4 New_Bangong
  set port name 2/5 CaiZhuan_Jiashuyuan
  set port name 2/6 Old_Shiyanzhongxin
  set udld enable 2/6
  set udld disable 2/3
  set trunk 2/1 nonegotiate dot1q 1-1005
  set trunk 2/2 nonegotiate dot1q 1-1005
  set trunk 2/3 nonegotiate dot1q 1-1005
  set trunk 2/4 nonegotiate dot1q 1-1005
  set trunk 2/5 nonegotiate dot1q 1-1005
  set trunk 2/6 nonegotiate dot1q 1-1005
  !
  #module 3 : 34-port Router Switch Card
  set vlan 16 3/3-9,3/11-19,3/26-34
  set vlan 17 3/10,3/20
  set vlan 18 3/21
  set vlan 19 3/22
  set vlan 20 3/23
  set vlan 22 3/24
  set vlan 23 3/25
  set port name 3/1 Firewall_Talent
  set trunk 3/1 nonegotiate dot1q 1-1005
  set trunk 3/2 nonegotiate dot1q 1-1005
  set port channel 3/1-2 mode on
  !
  #module 4 : 34-port 10/100/1000 Ethernet
  set vlan 16 4/5-9,4/11,4/15-34
  set vlan 17 4/3-4,4/10,4/12-14
  set trunk 4/1 nonegotiate dot1q 1-1005
  set trunk 4/2 nonegotiate dot1q 1-1005
  !
  #module 5 empty
  !
  #module 6 empty
  !
  #switch port analyzer
  set span 2/1-6,3/1-34,4/1-34 1/2 both inpkts disable learning enable create
  end
  CAT4006> (enable)
  
  二、WS-X4232-L3三层路由模块的配置清单
  
  (其中包括:VLAN路由、访问控制列表、三层模块与交换机背板通道的配置等等)
  
  WS-X4232-L3#
  Using 4055 out of 126968 bytes
  !
  version 12.0
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname WS-X4232-L3
  !
  enable secret 5 *****************
  enable password **********
  !
  ip subnet-zero
  !
  !
  !
  interface Port-channel1
  no ip address
  no ip directed-broadcast
  hold-queue 300 in
  !
  interface Port-channel1.1
  encapsulation dot1Q 1 native
  ip address 10.10.1.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.16
  encapsulation dot1Q 16
  ip address 21x.xxx.16.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.17
  encapsulation dot1Q 17
  ip address 21x.xxx.17.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.18
  encapsulation dot1Q 18
  ip address 21x.xxx.18.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.19
  encapsulation dot1Q 19
  ip address 21x.xxx.19.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.20
  encapsulation dot1Q 20
  ip address 21x.xxx.21.254 255.255.254.0 secondary
  ip address 21x.xxx.20.254 255.255.254.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.22
  encapsulation dot1Q 22
  ip address 21x.xxx.22.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface Port-channel1.23
  encapsulation dot1Q 23
  ip address 21x.xxx.23.254 255.255.255.0
  ip access-group 110 in
  ip access-group 110 out
  no ip redirects
  no ip directed-broadcast
  !
  interface FastEthernet1
  no ip address
  no ip directed-broadcast
  shutdown
  !
  interface GigabitEthernet1
  ip address 21x.xxx.xxx.xxx 255.255.255.240
  ip access-group 110 in
  ip access-group 110 out
  no ip directed-broadcast
  !
  interface GigabitEthernet2
  no ip address
  no ip directed-broadcast
  !
  interface GigabitEthernet3
  no ip address
  no ip directed-broadcast
  no negotiation auto
  channel-group 1
  !
  interface GigabitEthernet4
  no ip address
  no ip directed-broadcast
  no negotiation auto
  channel-group 1
  !
  ip classless
  ip route 0.0.0.0 0.0.0.0 2xx.xxx.xxx.xxx
  !
  access-list 110 deny tcp any any eq echo
  access-list 110 deny tcp any any eq chargen
  access-list 110 deny tcp any any eq 135
  access-list 110 deny tcp any any eq 136
  access-list 110 deny tcp any any eq 137
  access-list 110 deny tcp any any eq 138
  access-list 110 deny tcp any any eq 139
  access-list 110 deny tcp any any eq 389
  access-list 110 deny tcp any any eq 445
  access-list 110 deny tcp any any eq 4444
  access-list 110 deny udp any any eq tFTP
  access-list 110 deny udp any any eq 135
  access-list 110 deny udp any any eq 136
  access-list 110 deny udp any any eq netbios-ns
  access-list 110 deny udp any any eq netbios-dgm
  access-list 110 deny udp any any eq netbios-ss
  access-list 110 deny udp any any eq 389
  access-list 110 deny udp any any eq 445
  access-list 110 deny udp any any eq 1434
  access-list 110 deny udp any any eq 1433
  access-list 110 deny udp any any eq 1025
  access-list 110 deny udp any any eq 455
  access-list 110 deny udp any any eq 5554
  access-list 110 deny udp any any eq 9996
  access-list 110 deny udp any any eq 6129
  access-list 110 deny udp any any eq 3127
  access-list 110 deny udp any any eq 2745
  access-list 110 deny tcp any any eq 6669
  access-list 110 deny tcp any any eq 1023
  access-list 110 deny tcp any any eq 1024
  access-list 110 deny tcp any any eq 3332
  access-list 110 deny tcp any any eq 69
  access-list 110 deny udp any any eq 593
  access-list 110 deny tcp any any eq 593
  access-list 110 permit ip any any
  arp 127.0.0.2 0005.5e73.9300 ARPA
  !
  line con 0
  transport input none
  line aux 0
  line vty 0 4
  password **********
  login
  !
  end
  
  WS-X4332-L3#


发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表