jinying8869 发表于 2018-7-15 15:19:20

cisco 2960-24 配置(生产环境)

  2010年项目,cisco 2960配置
  bj1#2960-2-1-1#show run
  Building configuration...
  Current configuration : 10160 bytes
  !
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  !
  hostname bj1#2960-2-1-1
  !
  boot-start-marker
  boot-end-marker
  !
  enable secret 5 $1$KLz2$yA02121elF8KX2/qyyZTWi/BAC
  enable password 7 060506324F415B405347020A1F173D24362B
  !
  no aaa new-model
  system mtu routing 1500
  vtp domain gaoshang
  vtp mode transparent
  ip subnet-zero
  !
  !
  ip dhcp snooping vlan 109
  no ip dhcp snooping information option
  ip dhcp snooping
  ip arp inspection vlan 109
  ip arp inspection validate src-mac dst-mac ip allow zeros
  ip arp inspection filter static vlan109
  !
  !
  crypto pki trustpoint TP-self-signed-2718202112
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2718202112
  revocation-check none
  rsakeypair TP-self-signed-2718202112
  !
  !
  crypto pki certificate chain TP-self-signed-2718202112
  certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373138 32303231 3132301E 170D3933 30333031 30303031
  30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313832
  30323131 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009668 FBAF2F53 A69D94F9 DCCB21B6 A462B020 85CCB495 218C7C33 5B2096DD
  7BD615CD 78C4948F A0AF136C D49249BD DBC210CA 4639BC77 64F6BAED 53C99F75
  24BEB712 AEC51193 5195F069 09AEB7EB E7251676 3BE1F4D4 1DBFC0E0 B2A6B450
  31D9D25D B1496055 FA8F49C7 7C202367 BF40CDCB F2AD7EAA F4941D78 D528D6FF
  6FDB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
  551D1104 13301182 0F626A31 23323936 302D322D 312D312E 301F0603 551D2304
  18301680 14FCA9CC 48415253 181F492B 340B43FC 7C752290 6D301D06 03551D0E
  04160414 FCA9CC48 41525318 1F492B34 0B43FC7C 7522906D 300D0609 2A864886
  F70D0101 04050003 81810080 B6C45593 981329EA 6F23DB6C C42ACA29 24918992
  66C1E3FD 4986D218 2FBA3F98 12EC5CB2 13893599 2B31D881 03BD9EAD 357124BA
  8DE3BCCB 9FF25294 33D625E0 A930EFCD C9640BC6 C402F31C D4AB9C4C E09A28B0
  35B81C34 EAF9C911 71D52EA4 519E1B32 D7B91F7C F9723958 D044A2C1 9E522125
  13ABC2A0 2CA9765E E5BBE9
  quit
  !
  !
  !
  !
  !
  errdisable recovery cause udld
  errdisable recovery cause bpduguard
  errdisable recovery cause security-violation
  errdisable recovery cause channel-misconfig
  errdisable recovery cause pagp-flap
  errdisable recovery cause dtp-flap
  errdisable recovery cause link-flap
  errdisable recovery cause sfp-config-mismatch
  errdisable recovery cause gbic-invalid
  errdisable recovery cause psecure-violation
  errdisable recovery cause port-mode-failure
  errdisable recovery cause dhcp-rate-limit
  errdisable recovery cause mac-limit
  errdisable recovery cause vmps
  errdisable recovery cause storm-control
  errdisable recovery cause inline-power
  errdisable recovery cause arp-inspection
  errdisable recovery cause loopback
  errdisable recovery cause small-frame
  spanning-tree mode pvst
  spanning-tree etherchannel guard misconfig
  spanning-tree extend system-id
  !
  vlan internal allocation policy ascending
  !
  vlan 2
  name ZGC
  !
  vlan 3
  name office
  !
  vlan 4
  name abc
  !
  vlan 5
  name tech
  !
  vlan 6
  name jifang
  !
  vlan 7
  name dcs
  !
  vlan 101
  name vlan101
  !
  vlan 102
  name vlan102
  !
  vlan 103
  name vlan103
  !
  vlan 104
  name vlan104
  !
  vlan 105
  !
  vlan 106
  name vlan106
  !
  vlan 107
  name vlan107
  !
  vlan 108
  name vlan108
  !
  vlan 109
  !
  vlan 500
  name vlan500
  !
  vlan 501
  name young501
  !
  vlan 506
  !
  vlan 508
  name vlan508
  !
  vlan 509
  !
  vlan 510
  name young510
  !
  vlan 511
  name young511
  !
  vlan 600
  name server
  !
  vlan 601
  name nic
  !
  vlan 602
  name vlan602
  !
  !
  !
  interface FastEthernet0/1
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/2
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/3
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/4
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/5
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/6
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/7
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/8
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/9
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/10
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/11
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/12
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/13
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/14
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/15
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/16
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/17
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/18
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/19
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/20
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/21
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/22
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/23
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface FastEthernet0/24
  switchport access vlan 109
  switchport mode access
  ip access-group 115 in
  no cdp enable
  spanning-tree portfast
  ip dhcp snooping limit rate 50
  !
  interface GigabitEthernet0/1
  switchport mode trunk
  ip arp inspection trust
  ip dhcp snooping trust
  !
  interface GigabitEthernet0/2
  !
  interface Vlan1
  no ip address
  no ip route-cache
  shutdown
  !
  interface Vlan602
  ip address 192.168.10.1 255.255.255.0
  no ip route-cache
  !
  ip default-gateway 192.168.10.254
  ip http server
  ip http access-class 10
  no ip http secure-server
  logging 192.168.119.119
  access-list 10 permit 192.168.110.0 0.0.0.255
  access-list 115 deny   udp any any eq 1434
  access-list 115 deny   udp any any eq 1433
  access-list 115 deny   tcp any any eq 135
  access-list 115 deny   udp any any eq netbios-ns
  access-list 115 deny   udp any any eq netbios-dgm
  access-list 115 deny   tcp any any eq 139
  access-list 115 deny   udp any any eq netbios-ss
  access-list 115 deny   tcp any any eq 445
  access-list 115 permit ip any any
  !
  arp access-list static
  permit ip host 192.168.198.1 mac host 001c.25c9.dfdb
  permit ip host 192.168.198.2 mac host 00e0.b800.0570
  permit ip host 192.168.198.3 mac host 00e0.b800.0580
  permit ip host 192.168.198.4 mac host 00e0.b800.0607
  permit ip host 192.168.198.5 mac host 0090.c2d0.00f5
  snmp-server community rcode RO 10
  snmp-server community public RO
  !
  control-plane
  !
  !
  line con 0
  line vty 0 4
  access-class 10 in
  password 7 14141B180F0B787272782334310010191108
  login
  line vty 5 15
  access-class 10 in
  password 7 14141B180F0B787272782334310010191108
  login
  !
  end
页: [1]
查看完整版本: cisco 2960-24 配置(生产环境)