begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Mon APR 11 2005, 22:02:13 ! #version 6.1(1) ! ! #system web interface version(s) set password ********************* set enablepass ********************* ! #test ! #system set system name CAT4006 ! #frame distribution method set port channel all distribution mac both ! #vtp set vtp domain hngazk set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 16 name Old_Bangong type ethernet mtu 1500 said 100016 state active set vlan 17 name Server_Manage type ethernet mtu 1500 said 100017 state active set vlan 18 name New_Bangong type ethernet mtu 1500 said 100018 state active set vlan 19 name Library type ethernet mtu 1500 said 100019 state active set vlan 20 name New_Shiyanzhongxin type ethernet mtu 1500 said 100020 state active set vlan 22 name Old_Shiyanzhongxin type ethernet mtu 1500 said 100022 state active set vlan 23 name CaiZhuan_Jiashuyuan type ethernet mtu 1500 said 100023 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 17 21x.xxx.17.253/255.255.255.0 21x.xxx.xxx.255
set interface sl0 down set interface me1 down set ip route 0.0.0.0/0.0.0.0 21x.xxx.xxx.254 ! #dns set ip dns server 21x.xxx.xxx.2 primary set ip dns enable ! #syslog set logging level cops 2 default ! #set boot command set boot config-register 0x2 set boot system Flash bootflash:cat4000.6-1-1.bin ! #mls set mls nde disable ! #port channel set port channel 3/1-4 636 ! #module 1 : 2-port 1000BaseX Supervisor set udld enable 1/1 set trunk 1/1 nonegotiate dot1q 1-1005 set trunk 1/2 nonegotiate dot1q 1-1005 ! #module 2 : 6-port 1000BaseX Ethernet set vlan 20 2/3 set port name 2/1 Old_Shiyanzhongxin set port name 2/2 Library set port name 2/3 New_Shiyanzhongxin set port name 2/4 New_Bangong set port name 2/5 CaiZhuan_Jiashuyuan set port name 2/6 Old_Shiyanzhongxin set udld enable 2/6 set udld disable 2/3 set trunk 2/1 nonegotiate dot1q 1-1005 set trunk 2/2 nonegotiate dot1q 1-1005 set trunk 2/3 nonegotiate dot1q 1-1005 set trunk 2/4 nonegotiate dot1q 1-1005 set trunk 2/5 nonegotiate dot1q 1-1005 set trunk 2/6 nonegotiate dot1q 1-1005 ! #module 3 : 34-port Router Switch Card set vlan 16 3/3-9,3/11-19,3/26-34 set vlan 17 3/10,3/20 set vlan 18 3/21 set vlan 19 3/22 set vlan 20 3/23 set vlan 22 3/24 set vlan 23 3/25 set port name 3/1 Firewall_Talent set trunk 3/1 nonegotiate dot1q 1-1005 set trunk 3/2 nonegotiate dot1q 1-1005 set port channel 3/1-2 mode on ! #module 4 : 34-port 10/100/1000 Ethernet set vlan 16 4/5-9,4/11,4/15-34 set vlan 17 4/3-4,4/10,4/12-14 set trunk 4/1 nonegotiate dot1q 1-1005 set trunk 4/2 nonegotiate dot1q 1-1005 ! #module 5 empty ! #module 6 empty ! #switch port analyzer set span 2/1-6,3/1-34,4/1-34 1/2 both inpkts disable learning enable create end CAT4006> (enable)
二、WS-X4232-L3三层路由模块的配置清单
(其中包括:VLAN路由、访问控制列表、三层模块与交换机背板通道的配置等等)
WS-X4232-L3# Using 4055 out of 126968 bytes ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname WS-X4232-L3 ! enable secret 5 ***************** enable password ********** ! ip subnet-zero ! ! ! interface Port-channel1 no ip address no ip directed-broadcast hold-queue 300 in ! interface Port-channel1.1 encapsulation dot1Q 1 native ip address 10.10.1.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.16 encapsulation dot1Q 16 ip address 21x.xxx.16.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.17 encapsulation dot1Q 17 ip address 21x.xxx.17.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.18 encapsulation dot1Q 18 ip address 21x.xxx.18.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.19 encapsulation dot1Q 19 ip address 21x.xxx.19.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.20 encapsulation dot1Q 20 ip address 21x.xxx.21.254 255.255.254.0 secondary ip address 21x.xxx.20.254 255.255.254.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.22 encapsulation dot1Q 22 ip address 21x.xxx.22.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface Port-channel1.23 encapsulation dot1Q 23 ip address 21x.xxx.23.254 255.255.255.0 ip access-group 110 in ip access-group 110 out no ip redirects no ip directed-broadcast ! interface FastEthernet1 no ip address no ip directed-broadcast shutdown ! interface GigabitEthernet1 ip address 21x.xxx.xxx.xxx 255.255.255.240 ip access-group 110 in ip access-group 110 out no ip directed-broadcast ! interface GigabitEthernet2 no ip address no ip directed-broadcast ! interface GigabitEthernet3 no ip address no ip directed-broadcast no negotiation auto channel-group 1 ! interface GigabitEthernet4 no ip address no ip directed-broadcast no negotiation auto channel-group 1 ! ip classless ip route 0.0.0.0 0.0.0.0 2xx.xxx.xxx.xxx ! access-list 110 deny tcp any any eq echo access-list 110 deny tcp any any eq chargen access-list 110 deny tcp any any eq 135 access-list 110 deny tcp any any eq 136 access-list 110 deny tcp any any eq 137 access-list 110 deny tcp any any eq 138 access-list 110 deny tcp any any eq 139 access-list 110 deny tcp any any eq 389 access-list 110 deny tcp any any eq 445 access-list 110 deny tcp any any eq 4444 access-list 110 deny udp any any eq tFTP access-list 110 deny udp any any eq 135 access-list 110 deny udp any any eq 136 access-list 110 deny udp any any eq netbios-ns access-list 110 deny udp any any eq netbios-dgm access-list 110 deny udp any any eq netbios-ss access-list 110 deny udp any any eq 389 access-list 110 deny udp any any eq 445 access-list 110 deny udp any any eq 1434 access-list 110 deny udp any any eq 1433 access-list 110 deny udp any any eq 1025 access-list 110 deny udp any any eq 455 access-list 110 deny udp any any eq 5554 access-list 110 deny udp any any eq 9996 access-list 110 deny udp any any eq 6129 access-list 110 deny udp any any eq 3127 access-list 110 deny udp any any eq 2745 access-list 110 deny tcp any any eq 6669 access-list 110 deny tcp any any eq 1023 access-list 110 deny tcp any any eq 1024 access-list 110 deny tcp any any eq 3332 access-list 110 deny tcp any any eq 69 access-list 110 deny udp any any eq 593 access-list 110 deny tcp any any eq 593 access-list 110 permit ip any any arp 127.0.0.2 0005.5e73.9300 ARPA ! line con 0 transport input none line aux 0 line vty 0 4 password ********** login ! end