<Nzb_LB1_13> <Nzb_LB1_13> <Nzb_LB1_13>dis cur # version 7.1.045, Release 1122 # sysname Nzb_LB1_13 # clock timezone BeiJing add 08:00:00 # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 10 irf member 2 priority 1 # ospf 2 router-id 10.0.1.13 silent-interface Vlan-interface400 silent-interface Vlan-interface401 silent-interface Vlan-interface402 silent-interface Vlan-interface403 area 0.0.0.0 network 10.0.1.13 0.0.0.0 network 10.0.29.0 0.0.0.3 network 10.0.29.4 0.0.0.3 area 0.0.0.1 network 10.21.0.0 0.0.3.255 # ip unreachables enable ip ttl-expires enable # dhcp enable # dhcp snooping enable # lldp global enable # fan prefer-direction slot 1 port-to-power fan prefer-direction slot 2 port-to-power password-recovery enable # vlan 1 # vlan 4 description SVR_OA # vlan 400 to 402 # vlan 403 description LB1_AP_mgt_add # vlan 406 description WLAN # vlan 800 description to NzbCore_MDF_5 # vlan 999 description DB_RAC # irf-port 1/1 port group interface Ten-GigabitEthernet1/0/51 port group interface Ten-GigabitEthernet1/0/52 # irf-port 2/2 port group interface Ten-GigabitEthernet2/0/51 port group interface Ten-GigabitEthernet2/0/52 # stp instance 0 priority 4096 将交换机变为根桥 stp bpdu-protection 定义为边延端口,收到BPDU会定义为攻击 stp global enable # interface Bridge-Aggregation1 description to_SZA-A-DIS-S210 port access vlan 800 link-aggregation mode dynamic undo stp enable dhcp snooping trust # interface NULL0 # interface LoopBack0 description RouterId ip address 10.0.1.13 255.255.255.255 # interface Vlan-interface1 shutdown # interface Vlan-interface400 ip address 10.21.0.1 255.255.255.0 dhcp select relay dhcp relay server-address 10.12.10.101 # interface Vlan-interface401 ip address 10.21.1.1 255.255.255.0 dhcp select relay dhcp relay server-address 10.12.10.101 # interface Vlan-interface402 ip address 10.21.2.1 255.255.255.0 dhcp select relay dhcp relay server-address 10.12.10.101 # interface Vlan-interface403 ip address 10.21.3.1 255.255.255.0 dhcp select relay dhcp relay server-address 10.12.10.101 # interface Vlan-interface800 description to NzbCore_MDF_5 ip address 10.0.29.2 255.255.255.252 # interface GigabitEthernet1/0/1 port link-mode bridge description P_LB113_D1-109 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/2 port link-mode bridge description P_LB113_D1-110 port access vlan 401 broadcast-suppression 5 广播包的流量限制为5% stp edged-port 端口为边缘端口 arp rate-limit 10 arp 的速率限制为10 # interface GigabitEthernet1/0/3 port link-mode bridge description P_LB113_D1-111 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/4 port link-mode bridge description P_LB113_D1-112 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/6 port link-mode bridge port link-type trunk port trunk permit vlan all dhcp snooping trust # interface GigabitEthernet1/0/7 port link-mode bridge port link-type trunk port trunk permit vlan all dhcp snooping trust # interface GigabitEthernet1/0/8 port link-mode bridge port link-type trunk port trunk permit vlan all dhcp snooping trust # interface GigabitEthernet1/0/9 port link-mode bridge port link-type trunk port trunk permit vlan all dhcp snooping trust # interface GigabitEthernet1/0/10 port link-mode bridge description M_LB1_116_D22 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/11 port link-mode bridge description P_LB113_D1-113 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/12 port link-mode bridge description P_LB113_D1-114 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/13 port link-mode bridge description P_LB113_D1-115 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/14 port link-mode bridge description P_LB113_D1-116 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/19 port link-mode bridge description P_LB1_218_D77 port access vlan 400 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port # interface GigabitEthernet1/0/21 port link-mode bridge description P_LB1_222_D85 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/22 port link-mode bridge description P_LB1_226_D91 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/25 port link-mode bridge description P_LB111_D11 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/26 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/27 port link-mode bridge description P_LB211_GaoBo_D50 port access vlan 400 # interface GigabitEthernet1/0/28 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/29 port link-mode bridge description M_LB1_116_D21 port access vlan 400 broadcast-suppression 5 stp edged-port 定义为边沿端口 arp rate-limit 10 # interface GigabitEthernet1/0/30 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/31 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/32 port link-mode bridge description S_LB117_10.21.1.240 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/33 port link-mode bridge description M_LB1_116_D24 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/34 port link-mode bridge description P_LB1_222_D86 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/35 port link-mode bridge description M_LB1_206_D64 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/36 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/37 port link-mode bridge description P_LB1_211_D50 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/38 port link-mode bridge description P_LB1_PZ101 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/39 port link-mode bridge description P_LB1_MJ port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/40 port link-mode bridge description P_LB1_216_D73 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/41 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/42 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/43 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/44 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/45 port link-mode bridge description SZA_SW_WALN_LB1 port access vlan 403 undo lldp enable # interface GigabitEthernet1/0/46 port link-mode bridge port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet1/0/47 port link-mode bridge description S_LB1_10.0.1.80_F1/0/47 port link-type trunk port trunk permit vlan all port trunk pvid vlan 400 arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/48 port link-mode bridge description S_LB115_10.0.16.117 port access vlan 403 undo lldp enable # interface GigabitEthernet2/0/1 port link-mode bridge description AP_LB1F1_10.0.1.81 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/2 port link-mode bridge description AP_LB1F2_10.0.1.80 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/3 port link-mode bridge description AP_LB1F3_10.0.1.86 port access vlan 400 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/4 port link-mode bridge description AP_LB2F1_10.0.1.82 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/5 port link-mode bridge description AP_LB2F2_10.0.1.83 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/6 port link-mode bridge description AP_LB2F3_10.0.1.84 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/7 port link-mode bridge description AP_LB2F4_10.0.1.85 port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/8 port link-mode bridge description P_LB210_D70 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/9 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/10 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/11 port link-mode bridge description V_LB1_206_D101 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/12 port link-mode bridge description V_LB1_206_D102 port access vlan 401 stp edged-port # interface GigabitEthernet2/0/13 port link-mode bridge description V_LB1_206_D103 port access vlan 403 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/14 port link-mode bridge port access vlan 402 shutdown broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/15 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/16 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/17 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/18 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/19 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/20 port link-mode bridge description S_LB203(1)_10.21.1.243 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/21 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/22 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/23 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port # interface GigabitEthernet2/0/24 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/25 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/26 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/27 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/28 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/29 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/30 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/31 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port # interface GigabitEthernet2/0/32 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/33 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/34 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/35 port link-mode bridge description P_LB113 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/36 port link-mode bridge description S_LB109_10.21.1.232 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/37 port link-mode bridge description S_LB123_10.21.1.237 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/38 port link-mode bridge description S_YF2_10.21.1.235 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/39 port link-mode bridge description S_YF3_10.21.1.233 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/40 port link-mode bridge description S_YF4_10.21.1.231 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/41 port link-mode bridge description S_YF1_10.21.1.241 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/42 port link-mode bridge port access vlan 401 stp edged-port # interface GigabitEthernet2/0/43 port link-mode bridge description S_LB203(2)_10.21.1.239 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/44 port link-mode bridge description S_LB207_10.21.1.238 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/45 port link-mode bridge description T_LB1_MJ_10.0.194.11 port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/46 port link-mode bridge description S_UPS_10.21.1.222 port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet2/0/47 port link-mode bridge port access vlan 402 shutdown broadcast-suppression 5 undo stp enable stp edged-port arp rate-limit 10 # interface GigabitEthernet2/0/48 port link-mode bridge port access vlan 401 broadcast-suppression 5 stp edged-port arp rate-limit 10 # interface M-GigabitEthernet0/0/0 # interface M-GigabitEthernet0/0/1 # interface Ten-GigabitEthernet1/0/49 port link-mode bridge port access vlan 800 undo stp enable port link-aggregation group 1 dhcp snooping trust # interface Ten-GigabitEthernet1/0/50 port link-mode bridge # interface Ten-GigabitEthernet2/0/49 port link-mode bridge port access vlan 800 undo stp enable port link-aggregation group 1 dhcp snooping trust # interface Ten-GigabitEthernet2/0/50 port link-mode bridge description To_meiqizhan port link-type trunk port trunk permit vlan all dhcp snooping trust # interface Ten-GigabitEthernet1/0/51 # interface Ten-GigabitEthernet1/0/52 # interface Ten-GigabitEthernet2/0/51 # interface Ten-GigabitEthernet2/0/52 # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 1 user-role network-admin # line vty 0 4 authentication-mode scheme user-role level-15 user-role network-operator set authentication password hash $h$6$Tyub88EvE4m1Pfk4$Q4tuAxJhIc6c2fyBVlwa/Q/Nj8eNa6gS9eG9sYX0xGdEj7Qp8RSttqz9E2X3b4jEbhwVn997cMdEIEeAq4Xs0g== idle-timeout 5 0 # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 10.0.29.1 # info-center loghost source LoopBack0 info-center loghost 10.0.1.200 info-center loghost 10.10.65.249 info-center source SNMP logbuffer level notification # snmp-agent snmp-agent local-engineid 800063A23822D6B2BE436877 snmp-agent community read shenzhen snmp-agent sys-info contact netadmin snmp-agent sys-info location IDF-ZH4 snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 10.10.64.249 params securityname admin snmp-agent target-host trap address udp-domain 10.0.1.200 udp-port 5000 params securityname shenzhen snmp-agent target-host trap address udp-domain 10.10.10.92 params securityname shenzhen snmp-agent target-host trap address udp-domain 10.10.65.249 params securityname shenzhen snmp-agent mib-view included myview internet snmp-agent trap if-mib link extended snmp-agent trap source LoopBack0 # ssh server enable # ntp-service enable ntp-service unicast-server 10.12.10.109 # acl number 3000 rule 1 deny tcp destination-port eq 445 rule 2 deny tcp source-port eq 445 rule 3 deny udp destination-port eq 445 rule 4 deny udp source-port eq 445 rule 5 permit ip # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user A06986 class manage password hash $h$6$g373HfcV32/GPje+$XmLA3e8ux0KyxJuPt2MJEJHSJL9Q722EynJw1GjtuyHaXUR9azhNrvgCl8eouQ0stCPxkCEbTNPiox0s1yEMeQ== service-type ssh telnet authorization-attribute user-role network-admin # local-user A08907 class manage password hash $h$6$eBmM+R/kNKqtbkwR$ccphpyZk2Yr0b4YBWhpaoFmrSO6uB6OKwHt/UlIk4jtHdNY2CnPFCzetfThKLorC7j+p+P18x4sBuN+gKWRjHw== service-type ssh telnet authorization-attribute user-role network-admin # local-user A11907 class manage password hash $h$6$8iTDKkBGcfxtV1PA$rIWpjor7maanhKLHAQvzgkpHu0SadAkf0JaM72dqOU2ZSNu0SL01e0mUUSWnx8upWAuIi2QPUPEIcCWh++BUJg== service-type ssh telnet authorization-attribute user-role network-admin # local-user admin class manage password hash $h$6$jvCtiR8XIJ/V7VCz$7xEnTNFG3q7q97UkOapzO+KdN5KmFkVYEVnWlUwIW4QTenKCd9RoHA9NC2XUWyvZdpXzb03erS3hXvDnpDYlFw== authorization-attribute user-role network-admin # local-user wuhz class manage password hash $h$6$t4KdkHY6zXNhxCLq$HwsHbcwjaRemiiKG7sFjcA4sj2B7RM/QvK8MOuelW0gtvdqNQ24v7+RIYgYwybqVMUKT42RyZzFoAyXX1+Qj3g== service-type ssh telnet authorization-attribute user-role network-admin # local-user yunwei class manage password hash $h$6$LvxQQYuqF1KRhurz$Kf3eV3bPLR9fjLFIcAa1TGuqwW+XbhpwqKFGQFkmkqjHULycbxdUPqhthP62KvPb7BxG8jK3Ju0eMOXZ/7XTuA== service-type ssh telnet terminal authorization-attribute user-role level-1 authorization-attribute user-role level-15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # public-key peer 127.0.0.1 public-key-code begin 30819F300D06092A864886F70D010101050003818D0030818902818100D4BD9C9D0A216D49 91437769167B5A0B05FD4F7B721D8E178C05CC453A69780CCBF65214592ADFF25588C379CD 3C3D1302534AEF098EF5B9F820400C7F85119F823D047C1EE2BF348CC7B39BDB4961FFB167 91256D569C06D03188D487C67CC0D154E44C76ADEE386F434C40240C69F798C0B435968418 0A1359A9B3868914F30203010001 public-key-code end peer-public-key end # return
这个交换机配置的ACL起作用吗,好象没有调用ACL的命令
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论