这是以前工作总结出来的配置代码,当时是为了方便所带的人容易上手。
代码以交换为主,架构上分为核心层、分布层、接入层三层,部分相同的代码有简略。
简单的几条指令,你即可快速上手,在工作中即可应用。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#-----------虚拟接口---------------------------
#1)管理地址
interface Vlanif1
description Management
ip address 192.168.250.197 255.255.255.0
dhcp
select
relay
dhcp relay server-
select
dhcpgroup1
#
#2)核心交换虚拟网关接口
interface Vlanif2
description Server
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif3
description office
ip address 192.168.0.2 255.255.255.0
dhcp
select
relay
dhcp relay server-
select
dhcpgroup1
#-----------Trunk------------------------------------
interface GigabitEthernet0
/0/24
port link-
type
trunk
port trunk allow-pass vlan 2 to 100
ntdp
enable
ndp
enable
bpdu
enable
#-----------Eth Trunk-------------------------------
interface Eth-Trunk1
port link-
type
trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0
/0/1
eth-trunk 1
interface GigabitEthernet0
/0/2
eth-trunk 1
#-----------IP ROUTE---------------------
1)核心交换静态路由
ip route-static 0.0.0.0 0.0.0.0 10.16.0.1
ip route-static 1.1.1.0 255.255.255.0 192.168.9.101
ip route-static 10.0.0.0 255.255.0.0 192.168.9.100
1)分布层接入层
ip route-static 0.0.0.0 0.0.0.0 192.168.250.1
#-----------VLAN-----------------------------
vlan 1
description Management
vlan 2
description Server
vlan 3
description office
interface GigabitEthernet 0
/0/11
#-----------DHCP服务器声明-----------------------------
dhcp server group dhcpgroup1
dhcp-server 192.168.1.250 0
#-----------Access Port------------------------------
#1)defaule
interface GigabitEthernet0
/0/1
port link-
type
access
port default vlan 3
stp disable
stp edged-port
enable
ntdp
enable
ndp
enable
#2)POE config
interface GigabitEthernet0
/0/1
port hybrid pvid vlan 2
port hybrid tagged vlan 9 92
port hybrid untagged vlan 2
stp edged-port
enable
undo poe
enable
#-----------认证---------------------------------------------------
#1)全局配置
super password level 1 cipher ***
super password level 2 cipher ***
super password level 3 cipher ***
#2)Console配置
user-interface con 0
authentication-mode password
set
authentication password cipher a:FL2
/KX
#^;Q=^Q`MAF4<1!!
idle-timeout 5 0
#3)VTY配置
user-interface vty 0 4
authentication-mode password
idle-timeout 15 0
user privilege level 3
#-----------STP---------------------------------------------------
#1)公共配置
stp mode rstp
stp
enable
stp pathcost-standard legacy
#2)核心层交换
stp instance 0 root primary
stp
enable
#3)分布层交换
stp instance 0 priority 8192
stp
enable
#4)接入层交换
stp instance 0 priority 16384
stp
enable
stp mode mstp
#5)接入端口配置
stp edged-port
enable
#-----------LLDP--------------------------------------------------
lldp
enable
#-----------VRRP--------------------------------------------------
#1)Master交换机:
interface Vlanif1
description Management
ip address 192.168.250.250 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.250.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#2)Slave交换机:
interface Vlanif1
description Management
ip address 192.168.250.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.250.1
#-----------SystemName------------------------------------------------------
systemname XXXX 192.168.2.X
#---------------------------------------------------------------
storm-control broadcast min-rate 1000 max-rate 2000
storm-control multicast min-rate 1000 max-rate 2000
storm-control unicast min-rate 1000 max-rate 2000
storm-control interval 90
storm-control action block
storm-control
enable
log
|
本文转自 tanzhenchao 51CTO博客,原文链接:http://blog.51cto.com/cmdschool/1701719,如需转载请自行联系原作者
