这个是某小区汇聚层的交换机配置,具体细节来一起分享一下,看看他们是咋配的,学学经验。
super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
//配置了密码,等级为3应该有所有权限。然后经md5算法加密过了。
#
vlan batch 2 to 404 406 408 to 409 411 413 to 415 417 419 to 420 422 425 to 428 430
vlan batch 432 434 438 441 to 442 445 447 to 448 450 452 to 453 455 458 to 459
vlan batch 461 to 462 465 to 468 471 to 474 476 561 to 744 746 to 4094
//vlan划得很多,一般情况是根据不同的业务来划分vlan的。
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
//ndp是用来发现直接相连的邻居信息。包括邻接设备的设备类型、软/硬件版本、连接端口等。NTDP 为集群管理提供可加入集群的设备信息,收集指定跳数内的交换机的拓扑信息。这里设置的跳数是16条。NDP 为 NTDP 提供邻接表信息,NTDP 根据邻接信息发送和转发 NTDP 拓扑收集请求,收集一定网络范围内每个设备的 NDP 信息和它与所有邻居的连接信息。
#
dhcp enable
#
undo http server enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
//3a认证:认证、授权和计费都使用默认的default
#
interface Vlanif7
ip address 192.168.1.1 255.255.255.0
//设置vlanif,此接口是逻辑接口,配置后可以部署三层特性。
#
interface Vlanif11
ip address 192.168.1.2 255.255.255.0
#
interface Ethernet0/0/1
description to_XC_MA5105-1
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 100 3329
port vlan-stacking vlan 100 to 2000 stack-vlan 100
port vlan-stacking vlan 2112 to 2127 stack-vlan 3329
port vlan-stacking vlan 2176 to 2191 stack-vlan 3329
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
//这个口上连到ma5105这台设备上。默认接口类型就hybrid,是首先是起了qinq vlan转发功能。起了qinq就需要准备两个标签,一个内层一个外层。port-stacking 命令告诉我们内部的vlan从100 to 2000将要打上 100的标签了用来穿透isp。port hybrid tagged vlan 11这个是说要是出去的是vlan 11就不要去掉标签,这个是内部标签。port hybrid untagged vlan 100 3329 要是进来的是vlan 100 3329那就去掉他们的标签,这个是外部标签,要打的。 port vlan-mapping 我是硬是没有看懂什么意思,呜呜。
#
interface Ethernet0/0/2
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/3
description to_XC_MA5105-2
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 200 900 3330 3594
port vlan-stacking vlan 100 to 2000 stack-vlan 900
port vlan-stacking vlan 2112 to 2127 stack-vlan 3330
port vlan-stacking vlan 2176 to 2191 stack-vlan 3330
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/4
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/5
description to_XC_MA5103-1
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 300 3328 3594
port vlan-stacking vlan 100 to 2000 stack-vlan 300
port vlan-stacking vlan 2112 to 2143 stack-vlan 3328
port vlan-stacking vlan 2176 to 2207 stack-vlan 3328
port vlan-stacking vlan 2240 to 2271 stack-vlan 3328
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/6
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/7
description to XC_CPN_3#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port vlan-stacking vlan 3200 to 3223 stack-vlan 3594
port hybrid untagged vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/8
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/9
description to XC_CPN_4#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port vlan-stacking vlan 3264 to 3287 stack-vlan 3594
port hybrid untagged vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/10
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/11
description to XC_CPN_7#
port link-type dot1q-tunnel
port default vlan 19下·
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/12
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/13
description to XC_CPN_6#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3360 to 3383 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/14
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/15
description to XC_CPN_2#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3168 to 3191 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/16
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/17
description to XC_CPN
port link-type dot1q-tunnel
port default vlan 19
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/18
ntdp enable
ndp enable
bpdu enable
#
..............
super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
//配置了密码,等级为3应该有所有权限。然后经md5算法加密过了。
#
vlan batch 2 to 404 406 408 to 409 411 413 to 415 417 419 to 420 422 425 to 428 430
vlan batch 432 434 438 441 to 442 445 447 to 448 450 452 to 453 455 458 to 459
vlan batch 461 to 462 465 to 468 471 to 474 476 561 to 744 746 to 4094
//vlan划得很多,一般情况是根据不同的业务来划分vlan的。
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
//ndp是用来发现直接相连的邻居信息。包括邻接设备的设备类型、软/硬件版本、连接端口等。NTDP 为集群管理提供可加入集群的设备信息,收集指定跳数内的交换机的拓扑信息。这里设置的跳数是16条。NDP 为 NTDP 提供邻接表信息,NTDP 根据邻接信息发送和转发 NTDP 拓扑收集请求,收集一定网络范围内每个设备的 NDP 信息和它与所有邻居的连接信息。
#
dhcp enable
#
undo http server enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
//3a认证:认证、授权和计费都使用默认的default
#
interface Vlanif7
ip address 192.168.1.1 255.255.255.0
//设置vlanif,此接口是逻辑接口,配置后可以部署三层特性。
#
interface Vlanif11
ip address 192.168.1.2 255.255.255.0
#
interface Ethernet0/0/1
description to_XC_MA5105-1
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 100 3329
port vlan-stacking vlan 100 to 2000 stack-vlan 100
port vlan-stacking vlan 2112 to 2127 stack-vlan 3329
port vlan-stacking vlan 2176 to 2191 stack-vlan 3329
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
//这个口上连到ma5105这台设备上。默认接口类型就hybrid,是首先是起了qinq vlan转发功能。起了qinq就需要准备两个标签,一个内层一个外层。port-stacking 命令告诉我们内部的vlan从100 to 2000将要打上 100的标签了用来穿透isp。port hybrid tagged vlan 11这个是说要是出去的是vlan 11就不要去掉标签,这个是内部标签。port hybrid untagged vlan 100 3329 要是进来的是vlan 100 3329那就去掉他们的标签,这个是外部标签,要打的。 port vlan-mapping 我是硬是没有看懂什么意思,呜呜。
#
interface Ethernet0/0/2
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/3
description to_XC_MA5105-2
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 200 900 3330 3594
port vlan-stacking vlan 100 to 2000 stack-vlan 900
port vlan-stacking vlan 2112 to 2127 stack-vlan 3330
port vlan-stacking vlan 2176 to 2191 stack-vlan 3330
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/4
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/5
description to_XC_MA5103-1
qinq vlan-translation enable
port hybrid tagged vlan 11
port hybrid untagged vlan 300 3328 3594
port vlan-stacking vlan 100 to 2000 stack-vlan 300
port vlan-stacking vlan 2112 to 2143 stack-vlan 3328
port vlan-stacking vlan 2176 to 2207 stack-vlan 3328
port vlan-stacking vlan 2240 to 2271 stack-vlan 3328
port vlan-mapping vlan 11 map-vlan 11
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/6
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/7
description to XC_CPN_3#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port vlan-stacking vlan 3200 to 3223 stack-vlan 3594
port hybrid untagged vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/8
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/9
description to XC_CPN_4#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port vlan-stacking vlan 3264 to 3287 stack-vlan 3594
port hybrid untagged vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/10
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/11
description to XC_CPN_7#
port link-type dot1q-tunnel
port default vlan 19下·
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/12
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/13
description to XC_CPN_6#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3360 to 3383 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/14
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/15
description to XC_CPN_2#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3168 to 3191 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/16
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/17
description to XC_CPN
port link-type dot1q-tunnel
port default vlan 19
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/18
ntdp enable
ndp enable
bpdu enable
#
..............
.............
..............
#
interface Ethernet0/0/22
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/23
description to XC_CPN_5#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3328 to 3351 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/24
port link-type dot1q-tunnel
port default vlan 19
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/1
description to_7806(Gei_3/0/9)
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/2
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/3
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/4
ntdp enable
ndp enable
bpdu enable
#
interface NULL0
---- More ----
0]:Some packets are dropped by cpcar on the MP#
ip route-static 0.0.0.0 0.0.0.0 10.129.109.1
ip route-static 10.192.0.0 255.255.0.0 10.193.68.1
ip route-static 10.193.0.0 255.255.0.0 10.193.68.1
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100004D39
snmp-agent community read xxxxxxxxx
#
interface Ethernet0/0/22
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/23
description to XC_CPN_5#
qinq vlan-translation enable
port default vlan 3594
port hybrid tagged vlan 7
port hybrid untagged vlan 3594
port vlan-stacking vlan 3328 to 3351 stack-vlan 3594
port vlan-mapping vlan 7 map-vlan 7
ntdp enable
ndp enable
bpdu enable
#
interface Ethernet0/0/24
port link-type dot1q-tunnel
port default vlan 19
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/1
description to_7806(Gei_3/0/9)
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/2
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/3
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/4
ntdp enable
ndp enable
bpdu enable
#
interface NULL0
---- More ----
0]:Some packets are dropped by cpcar on the MP#
ip route-static 0.0.0.0 0.0.0.0 10.129.109.1
ip route-static 10.192.0.0 255.255.0.0 10.193.68.1
ip route-static 10.193.0.0 255.255.0.0 10.193.68.1
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100004D39
snmp-agent community read xxxxxxxxx
snmp-agent community write zzzzzzzzz
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.192.0.229 params securityname xxxxxxxx v2c
snmp-agent target-host trap address udp-domain 10.192.0.230 params securityname xxxxxxxx v2c
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
return
con口没有加密,为了后来的人吧,但是感觉好危险。
snmp-agent target-host trap address udp-domain 10.192.0.229 params securityname xxxxxxxx v2c
snmp-agent target-host trap address udp-domain 10.192.0.230 params securityname xxxxxxxx v2c
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
return
con口没有加密,为了后来的人吧,但是感觉好危险。
转载于:https://blog.51cto.com/kikupotter/846535
541
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
