Elenada
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Вот конфигурация стека 3750. [more]
Current configuration : 25286 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname m12.2-sw1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$U7BQ$XB3WP9RMaYXaLfLIkQ0UU1
!
username *** privilege 15 secret 5
aaa new-model
!
!
aaa authentication login default local enable
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
!
!
!
aaa session-id common
clock timezone YEKT 5
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
switch 3 provision ws-c3750g-48ts
switch 4 provision ws-c3750g-24t
system mtu routing 1500
vtp domain VTP_FCSSH
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
ip domain-name permheart.com
ip dhcp smart-relay
!
!
!
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
vlan internal allocation policy ascending
!
vlan 2
name Mng
!
vlan 10
name Med-a-10
!
vlan 11
name Med-a-11
!
vlan 30
name Common-30
!
vlan 40
name Srv-40
!
!
!
interface Loopback0
ip address 10.5.255.254 255.255.255.255
!
interface Port-channel1
description m1.1-sw1
no switchport
ip address 10.5.253.1 255.255.255.252
!
interface Port-channel2
description m1.2-sw1
no switchport
ip address 10.5.253.5 255.255.255.252
!
interface Port-channel3
description m1.3-sw1
no switchport
ip address 10.5.253.9 255.255.255.252
!
interface Port-channel4
description m2.1-sw1
no switchport
ip address 10.5.253.13 255.255.255.252
!
interface Port-channel5
description m2.2-sw1
no switchport
ip address 10.5.253.17 255.255.255.252
!
interface Port-channel6
description m2.3-sw1
no switchport
ip address 10.5.253.21 255.255.255.252
!
interface Port-channel7
description m3.4-sw1
no switchport
ip address 10.5.253.25 255.255.255.252
!
interface Port-channel8
description m5.1-sw1
no switchport
ip address 10.5.253.29 255.255.255.252
!
interface Port-channel9
description m5.2-sw1
no switchport
ip address 10.5.253.33 255.255.255.252
!
interface Port-channel10
description m6.1-sw1
no switchport
ip address 10.5.253.37 255.255.255.252
!
interface Port-channel11
description m6.2-sw1
no switchport
ip address 10.5.253.41 255.255.255.252
!
interface GigabitEthernet1/0/1
description m1.1-sw1 Port-Channel1
no switchport
no ip address
channel-group 1 mode active
!
interface GigabitEthernet1/0/2
description m1.2-sw1 Port-Channel2
no switchport
no ip address
channel-group 2 mode active
!
interface GigabitEthernet1/0/3
description m1.3-sw1 Port-Channel3
no switchport
no ip address
channel-group 3 mode active
!
interface GigabitEthernet1/0/4
description m2.1-sw1 Port-Channel4
no switchport
no ip address
channel-group 4 mode active
!
interface GigabitEthernet1/0/5
description m2.2-sw1 Port-Channel5
no switchport
no ip address
channel-group 5 mode active
!
interface GigabitEthernet1/0/6
description m2.3-sw1 Port-Channel6
no switchport
no ip address
channel-group 6 mode active
!
interface GigabitEthernet1/0/7
description m3.4-sw1 Port-Channel7
no switchport
no ip address
channel-group 7 mode active
!
interface GigabitEthernet1/0/8
description m5.1-sw1 Port-Channel8
no switchport
no ip address
channel-group 8 mode active
!
interface GigabitEthernet1/0/9
description m5.2-sw1 Port-Channel9
no switchport
no ip address
channel-group 9 mode active
!
interface GigabitEthernet1/0/10
description m6.1-sw1 Port-Channel10
no switchport
no ip address
channel-group 10 mode active
!
interface GigabitEthernet1/0/11
description m6.2-sw1 Port-Channel11
no switchport
no ip address
channel-group 11 mode active
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet2/0/1
description m1.1-sw1 Port-Channel1
no switchport
no ip address
channel-group 1 mode active
!
interface GigabitEthernet2/0/2
description m1.2-sw1 Port-Channel2
no switchport
no ip address
channel-group 2 mode active
!
interface GigabitEthernet2/0/3
description m1.3-sw1 Port-Channel3
no switchport
no ip address
channel-group 3 mode active
!
interface GigabitEthernet2/0/4
description m2.1-sw1 Port-Channel4
no switchport
no ip address
channel-group 4 mode active
!
interface GigabitEthernet2/0/5
description m2.2-sw1 Port-Channel5
no switchport
no ip address
channel-group 5 mode active
!
interface GigabitEthernet2/0/6
description m2.3-sw1 Port-Channel6
no switchport
no ip address
channel-group 6 mode active
!
interface GigabitEthernet2/0/7
description m3.4-sw1 Port-Channel7
no switchport
no ip address
channel-group 7 mode active
!
interface GigabitEthernet2/0/8
shutdown
!
interface GigabitEthernet2/0/9
shutdown
!
interface GigabitEthernet2/0/10
description m6.1-sw1 Port-Channel10
no switchport
no ip address
channel-group 10 mode active
!
interface GigabitEthernet2/0/11
description m6.2-sw1 Port-Channel11
no switchport
no ip address
channel-group 11 mode active
!
interface GigabitEthernet2/0/12
shutdown
!
interface GigabitEthernet3/0/1
description Servers (Srv-40)
switchport access vlan 40
switchport mode access
storm-control broadcast level 7.00 5.00
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
тут однотипно описываются все порты
!
interface GigabitEthernet3/0/47
description Servers (Srv-40)
switchport access vlan 40
switchport mode access
storm-control broadcast level 7.00 5.00
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/48
description m12.2-asa1, ge0/1
no switchport
ip address 10.5.253.45 255.255.255.252
!
interface GigabitEthernet3/0/49
shutdown
!
interface GigabitEthernet3/0/50
shutdown
!
interface GigabitEthernet3/0/51
shutdown
!
interface GigabitEthernet3/0/52
shutdown
!
interface GigabitEthernet4/0/1
description User (Common-30)
switchport access vlan 30
switchport mode access
storm-control broadcast level 7.00 5.00
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
также однотипно описываются все порты
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description Vlan Mng
ip address 10.5.252.193 255.255.255.224
ip access-group Access_in_mng_net in
ip access-group Access_out_mng_net out
no ip proxy-arp
!
interface Vlan10
description Vlan Med-a-10
ip address 10.5.3.1 255.255.255.192
ip access-group Access_in_med-x_net in
ip helper-address 10.5.24.2
no ip proxy-arp
!
interface Vlan30
description Vlan Common-30
ip address 10.5.18.193 255.255.255.192
ip access-group Access_in_common-x_net in
ip helper-address 10.5.24.2
no ip proxy-arp
!
interface Vlan40
description Vlan Srv-40
ip address 10.5.24.1 255.255.255.0
ip access-group Access_in_srv-x_net in
ip helper-address 10.5.24.2
no ip proxy-arp
!
router rip
version 2
passive-interface default
no passive-interface Port-channel1
no passive-interface Port-channel2
no passive-interface Port-channel3
no passive-interface Port-channel4
no passive-interface Port-channel5
no passive-interface Port-channel6
no passive-interface Port-channel7
no passive-interface Port-channel8
no passive-interface Port-channel9
no passive-interface Port-channel10
no passive-interface Port-channel11
network 10.0.0.0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.5.253.46
ip route 10.5.31.0 255.255.255.0 10.5.24.154
ip route 194.138.39.16 255.255.255.248 10.5.253.38
no ip http server
ip http access-class 1
!
ip access-list standard Access_on_this_device_telnet_ssh
remark Vty line in
permit 10.5.252.0 0.0.3.255
deny any
!
ip access-list extended Access_in_common-x_net
remark Deny access to Mng net
deny ip any 10.5.252.0 0.0.3.255
remark Unrestricted access to rest
permit ip any any
remark Explicit deny access to rest
deny ip any any
ip access-list extended Access_in_med-x_net
remark Deny access to Mng net
deny ip any 10.5.252.0 0.0.3.255
remark Unrestricted access to rest
permit ip any any
remark Explicit deny access to rest
deny ip any any
ip access-list extended Access_in_mng_net
remark Access to Mng net only
permit ip any 10.5.252.0 0.0.3.255
remark Access to NTP-server
permit udp any host 10.5.24.3 eq ntp
remark Explicit deny access to rest
deny ip any any
ip access-list extended Access_in_srv-x_net
remark Deny access to Mng net
deny ip any 10.5.252.0 0.0.3.255
remark Unrestricted access to rest
permit ip any any
remark Explicit deny access to rest
deny ip any any
ip access-list extended Access_out_mng_net
remark Access from Mng net only
permit ip 10.5.252.0 0.0.3.255 any
remark Access from NTP-server
permit udp host 10.5.24.3 eq ntp any
remark Explicit deny access from rest
deny ip any any
!
logging source-interface Loopback0
access-list 1 remark Access_on_this_device_http
access-list 1 permit 10.5.252.0 0.0.3.255
access-list 1 deny any
arp 10.5.24.154 38d5.47c8.2d64 ARPA
!
control-plane
!
!
line con 0
line vty 0 4
access-class Access_on_this_device_telnet_ssh in
exec-timeout 0 0
transport input telnet
line vty 5 15
access-class Access_on_this_device_telnet_ssh in
exec-timeout 0 0
transport input telnet
!
ntp source Loopback0
ntp server 10.5.24.3
end |
Всего записей: 3 | Зарегистр. 01-11-2017 | Отправлено: 07:30 22-11-2017 | Исправлено: Elenada, 08:34 22-11-2017 |
|
