2010年项目,cisco 2960配置
bj1#2960-2-1-1#show run
Building configuration...
Current configuration : 10160 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname bj1#2960-2-1-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$KLz2$yA02121elF8KX2/qyyZTWi/BAC
enable password 7 060506324F415B405347020A1F173D24362B
!
no aaa new-model
system mtu routing 1500
vtp domain gaoshang
vtp mode transparent
ip subnet-zero
!
!
ip dhcp snooping vlan 109
no ip dhcp snooping information option
ip dhcp snooping
ip arp inspection vlan 109
ip arp inspection validate src-mac dst-mac ip allow zeros
ip arp inspection filter static vlan 109
!
!
crypto pki trustpoint TP-self-signed-2718202112
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2718202112
revocation-check none
rsakeypair TP-self-signed-2718202112
!
!
crypto pki certificate chain TP-self-signed-2718202112
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373138 32303231 3132301E 170D3933 30333031 30303031
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313832
30323131 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009668 FBAF2F53 A69D94F9 DCCB21B6 A462B020 85CCB495 218C7C33 5B2096DD
7BD615CD 78C4948F A0AF136C D49249BD DBC210CA 4639BC77 64F6BAED 53C99F75
24BEB712 AEC51193 5195F069 09AEB7EB E7251676 3BE1F4D4 1DBFC0E0 B2A6B450
31D9D25D B1496055 FA8F49C7 7C202367 BF40CDCB F2AD7EAA F4941D78 D528D6FF
6FDB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F626A31 23323936 302D322D 312D312E 301F0603 551D2304
18301680 14FCA9CC 48415253 181F492B 340B43FC 7C752290 6D301D06 03551D0E
04160414 FCA9CC48 41525318 1F492B34 0B43FC7C 7522906D 300D0609 2A864886
F70D0101 04050003 81810080 B6C45593 981329EA 6F23DB6C C42ACA29 24918992
66C1E3FD 4986D218 2FBA3F98 12EC5CB2 13893599 2B31D881 03BD9EAD 357124BA
8DE3BCCB 9FF25294 33D625E0 A930EFCD C9640BC6 C402F31C D4AB9C4C E09A28B0
35B81C34 EAF9C911 71D52EA4 519E1B32 D7B91F7C F9723958 D044A2C1 9E522125
13ABC2A0 2CA9765E E5BBE9
quit
!
!
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name ZGC
!
vlan 3
name office
!
vlan 4
name abc
!
vlan 5
name tech
!
vlan 6
name jifang
!
vlan 7
name dcs
!
vlan 101
name vlan101
!
vlan 102
name vlan102
!
vlan 103
name vlan103
!
vlan 104
name vlan104
!
vlan 105
!
vlan 106
name vlan106
!
vlan 107
name vlan107
!
vlan 108
name vlan108
!
vlan 109
!
vlan 500
name vlan500
!
vlan 501
name young501
!
vlan 506
!
vlan 508
name vlan508
!
vlan 509
!
vlan 510
name young510
!
vlan 511
name young511
!
vlan 600
name server
!
vlan 601
name nic
!
vlan 602
name vlan602
!
!
!
interface FastEthernet0/1
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/2
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/3
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/4
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/5
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/6
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/7
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/8
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/9
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/10
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/11
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/12
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/13
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/14
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/15
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/16
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/17
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/18
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/19
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/20
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/21
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/22
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/23
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface FastEthernet0/24
switchport access vlan 109
switchport mode access
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip dhcp snooping limit rate 50
!
interface GigabitEthernet0/1
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan602
ip address 192.168.10.1 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.254
ip http server
ip http access-class 10
no ip http secure-server
logging 192.168.119.119
access-list 10 permit 192.168.110.0 0.0.0.255
access-list 115 deny udp any any eq 1434
access-list 115 deny udp any any eq 1433
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny tcp any any eq 445
access-list 115 permit ip any any
!
arp access-list static
permit ip host 192.168.198.1 mac host 001c.25c9.dfdb
permit ip host 192.168.198.2 mac host 00e0.b800.0570
permit ip host 192.168.198.3 mac host 00e0.b800.0580
permit ip host 192.168.198.4 mac host 00e0.b800.0607
permit ip host 192.168.198.5 mac host 0090.c2d0.00f5
snmp-server community rcode RO 10
snmp-server community public RO
!
control-plane
!
!
line con 0
line vty 0 4
access-class 10 in
password 7 14141B180F0B787272782334310010191108
login
line vty 5 15
access-class 10 in
password 7 14141B180F0B787272782334310010191108
login
!
end
本文转自 古老 51CTO博客,原文链接:http://blog.51cto.com/yzmlinux/1926129,如需转载请自行联系原作者