cisco 2960-48 (生产环境)

简介:

这是2012年的工程,放这里一个配置,留个纪念。。

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname bj4-2960-1w-1
!
boot-start-marker
boot-end-marker
!
enable password 7 021250D4848AC095D781A1N
!
no aaa new-model
clock timezone BeiJing 8
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
!
ip dhcp snooping vlan 114
no ip dhcp snooping information option
ip dhcp snooping
ip arp inspection vlan 114
!
!
crypto pki trustpoint TP-self-signed-809741952
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-809741952
 revocation-check none
 rsakeypair TP-self-signed-809741952
!
!
crypto pki certificate chain TP-self-signed-809741952
 certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 38303937 34313935 32301E17 0D393330 33303130 30303035 
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3830 39373431 
  39353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  EDCCC3D3 A9F43726 DB5384E6 280C1D2D 6FE1F899 CF24C3B3 B5CC3A64 1627CF24 
  1732C96F 998FBCA9 8F27AEDC 034EB623 18013D87 5F975ABB 3E866A8C 5CD54DE6 
  DCEE6428 7FC3856A F7C11132 C7014E28 5E019E8B B8729DC3 43ED1F41 C18FD9AB 
  E993864D E701B64E 373F9F05 FE95E1F8 02FC10D4 FE05D4C5 4BE552BD 7B32A793 
  02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D 
  11041230 10820E62 6A342D32 3936302D 31772D31 2E301F06 03551D23 04183016 
  80148156 F333DE40 4A63A05D B84A4719 3775120F D25B301D 0603551D 0E041604 
  148156F3 33DE404A 63A05DB8 4A471937 75120FD2 5B300D06 092A8648 86F70D01 
  01040500 03818100 33FB807D ABD9474B 64AC14C6 B8BB42BE 52279F89 D7CD9F09 
  4D699644 C39EE105 60F0473A 6BF52575 102D2460 FF1E7A8D 0EDEDB6B 4482CEAB 
  ADAD8E20 D9F0FCED 412D019B 111EA38C D949D028 B8788521 1B21A5D6 5C8C0553 
  30E96F80 B40E6003 4A0BA40D 9963E95B E4D294D0 89979E87 FF4D1D03 0C2E0247 
  4B6C58DC 15A80C83
  quit
!
!
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 600
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1-501
!
vlan internal allocation policy ascending
!
vlan 114,502 
!
!
!
interface FastEthernet0/1
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/2
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/3
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/4
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/5
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/6
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/7
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/8
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/9
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/10
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/11
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/12
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/13
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/14
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/15
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/16
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/17
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/18
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/19
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/20
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/21
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/22
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/23
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/24
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/25
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/26
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/27
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/28
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/29
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/30
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/31
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/32
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/33
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/34
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/35
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/36
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/37
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/38
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/39
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/40
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/41
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/42
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/43
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/44
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/45
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/46
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/47
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface FastEthernet0/48
 switchport access vlan 114
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 1
 ip arp inspection limit rate 15 burst interval 10
 ip access-group 115 in
 no cdp enable
 spanning-tree portfast
 ip verify source
!
interface GigabitEthernet0/1
 switchport mode trunk
 ip arp inspection trust
 ip dhcp snooping trust
!
interface GigabitEthernet0/2
 switchport mode trunk
 ip arp inspection trust
 ip dhcp snooping trust
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan502
 ip address 192.168.13.1 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.13.254
ip http server
ip http secure-server
access-list 10 permit 192.168.110.0 0.0.0.255
access-list 115 deny   udp any any eq 1434
access-list 115 deny   udp any any eq 1433
access-list 115 deny   tcp any any eq 135
access-list 115 deny   udp any any eq netbios-ns
access-list 115 deny   udp any any eq netbios-dgm
access-list 115 deny   tcp any any eq 139
access-list 115 deny   udp any any eq netbios-ss
access-list 115 deny   tcp any any eq 445
access-list 115 permit ip any any
snmp-server community public RO
!
control-plane
!
!
line con 0
line vty 0 4
 access-class 10 in
 password 7 14141B180F0B7872727F
 login
line vty 5 15
 access-class 10 in
 password 7 01100F1758045456771B
 login
!
ntp clock-period 36031751
ntp server 192.168.119.119
end



本文转自 古老 51CTO博客,原文链接:http://blog.51cto.com/yzmlinux/1926134,如需转载请自行联系原作者

相关文章
|
7月前
|
安全 网络性能优化 数据安全/隐私保护
Cisco lOS 路由器基本配置与优化指南
【4月更文挑战第22天】
86 0
|
安全 网络安全 网络虚拟化
详细探讨 Cisco ASA VPN 的故障排除和调试方法
详细探讨 Cisco ASA VPN 的故障排除和调试方法
320 0
详细探讨 Cisco ASA VPN 的故障排除和调试方法
|
网络协议 网络虚拟化
|
网络虚拟化 数据安全/隐私保护 网络协议
|
网络架构 数据安全/隐私保护
|
运维 安全 iOS开发