西电华为交换设备的配置（5516）

华为　5516交换配置细节

#
 sysname XD-JSQ-S5516-02
#
radius scheme system
 server-type huawei
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain

domain system
 radius-scheme system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
 messenger time disable

 domain default enable system
#
 local-server nas-ip 127.0.0.1 key huawei

local-user huawei
 password simple huawei
 service-type telnet level 3
#
 dhcp-server 1 ip 128.168.10.3
#
acl number 3000 match-order auto
 rule 0 deny tcp destination-port eq 4444
 rule 1 deny udp destination-port eq 4444
 rule 2 deny udp destination-port eq tftp
 rule 3 deny tcp destination-port eq 135
 rule 4 deny udp destination-port eq 135
 rule 5 deny tcp destination-port eq 139
 rule 6 deny udp destination-port eq netbios-ssn
 rule 7 deny tcp destination-port eq 445
 rule 8 deny udp destination-port eq 445
 rule 9 deny udp destination-port eq 593
 rule 10 deny tcp destination-port eq 593
 rule 11 deny tcp destination-port eq 1434
 rule 12 deny udp destination-port eq 1434
 rule 13 deny udp destination-port eq 5554
 rule 14 deny tcp destination-port eq 5554
 rule 15 deny udp destination-port eq 9996
 rule 16 deny tcp destination-port eq 9996
#
vlan 1
#
vlan 99
 description shebeiguanli
#
vlan 100
 description to_dr.com
#
vlan 130
 description yonghu1#_1
#
vlan 131
 description yonghu1#_2
#
vlan 132
 description yonghu2#_1
#
vlan 133
 description yonghu2#_2
#
vlan 134
 description yonghu3#_1
#
vlan 135
 description yonghu3#_2
#
vlan 136
 description yonghu4#_1
#
vlan 137
 description yonghu4#_2
#
vlan 138
 description yonghu5#
#
vlan 139
 description yonghu6#
#
interface Vlan-interface99
 description shebeiguanli
 ip address 192.168.10.59 255.255.255.0
#
interface Vlan-interface100
 description to_dr.com
 ip address 128.168.10.223 255.255.0.0
ip address 128.168.10.223 255.255.0.0
#
interface Vlan-interface130
 ip address 100.100.15.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface131
 ip address 100.100.16.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface132
 ip address 100.100.17.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface133
 ip address 100.100.18.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface134
 ip address 100.100.19.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface135
interface Vlan-interface135
 ip address 100.100.20.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface136
 ip address 100.100.21.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface137
 ip address 100.100.22.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface138
 ip address 100.100.23.254 255.255.255.0
 dhcp-server 1
#
interface Vlan-interface139
 ip address 100.100.24.254 255.255.255.0
 dhcp-server 1
#
interface Aux0/0
#
interface GigabitEthernet1/1
 description to_dr.com
 speed 1000
 port access vlan 100
#
interface GigabitEthernet1/2
 description to_jsqgc1_2_3
 port link-type trunk
 port trunk permit vlan 99 130 to 135
#
interface GigabitEthernet1/3
 description to_jsqgc4
 port link-type trunk
 port trunk permit vlan 99 136 to 137
#
interface GigabitEthernet1/4
 description to_jsqgc5_6
 port link-type trunk
 port trunk permit vlan 99 138 to 139
#
interface GigabitEthernet2/1
#
interface GigabitEthernet2/2
#
interface GigabitEthernet2/3
#
interface GigabitEthernet2/4
#
interface GigabitEthernet3/1
#
interface GigabitEthernet3/2
#
interface GigabitEthernet3/3
#
interface GigabitEthernet3/4
#
interface GigabitEthernet4/1
 description test
 port access vlan 130
#
interface GigabitEthernet4/2
#
interface GigabitEthernet4/3
#
interface GigabitEthernet4/4
 description to_dr.com(backup)
 port access vlan 100
#
interface NULL0
#
 packet-filter ip-group 3000 rule 0
 packet-filter ip-group 3000 rule 1
 packet-filter ip-group 3000 rule 2
 packet-filter ip-group 3000 rule 3
 packet-filter ip-group 3000 rule 4
 packet-filter ip-group 3000 rule 5
 packet-filter ip-group 3000 rule 6
 packet-filter ip-group 3000 rule 7
 packet-filter ip-group 3000 rule 8
 packet-filter ip-group 3000 rule 9
 packet-filter ip-group 3000 rule 10
 packet-filter ip-group 3000 rule 11
 packet-filter ip-group 3000 rule 12
 packet-filter ip-group 3000 rule 13
 packet-filter ip-group 3000 rule 14
 packet-filter ip-group 3000 rule 15
 packet-filter ip-group 3000 rule 16
#
 ip route-static 0.0.0.0 0.0.0.0 128.168.10.3 preference 60
#
user-interface aux 0
user-interface vty 0 4
 authentication-mode scheme
#
return