核心交换机配置Vlan划分、互访、ACL管控、链路聚合等

#

!Software Version V200R001C00SPC300

sysname IT_ServerRoom  #交换机名称#

#

vlan batch 10 20 30 40 50 60 70 80 90 99 to 100  #设置Vlan#

vlan batch 110

#

lacp priority 100  #链路聚合优先级设定#

#

undo http server enable 

#

undo nap slave enable

#

dhcp enable #打开DHCP功能#

#

acl number 3001  #配置ACL访控#

 rule 4 permit tcp source 0.0.0.0 192.168.21.11 destination-port eq 3389 #允许指定IP使用远程协助#

 rule 5 permit tcp source 0.0.0.0 192.168.21.13 destination-port eq 3389

 rule 6 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq 3389

 rule 7 permit tcp source 0.0.0.0 192.168.51.13 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

 rule 8 permit tcp source 0.0.0.0 192.168.81.31 destination 0.0.0.0 192.168.11.10 destination-port eq 3389

 rule 9 permit tcp source 0.0.0.0 192.168.21.14 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

 rule 10 permit tcp source 0.0.0.3 192.168.21.12 destination-port eq telnet 

 rule 11 permit tcp source 0.0.0.1 192.168.11.254 destination-port eq telnet

 rule 12 permit tcp source 0.0.0.0 192.168.21.250 destination 0.0.0.0 192.168.11.12 destination-port eq 3389

 rule 100 deny tcp destination-port eq 3389  #关闭远程协助端口#

 rule 105 deny tcp destination-port eq telnet  #关闭Telnet端口#

#

ip pool 1   #设置IP地址池#

 gateway-list 192.168.11.254   #设置网关#

 network 192.168.11.0 mask 255.255.255.0   #子网掩码及IP区段#

 excluded-ip-address 192.168.11.1 192.168.11.60 #DHCP分配时豁免的IP地址#

 lease day 10 hour 0 minute 0    #IP地址有效时间#

 dns-list 192.168.11.2 192.168.11.5   #DNS配置#

#

ip pool 2

 gateway-list 192.168.21.254

 network 192.168.21.0 mask 255.255.255.0

 excluded-ip-address 192.168.21.1 192.168.21.60

 lease day 10 hour 0 minute 0

 dns-list 192.168.11.2 192.168.11.5

#

ip pool 3

 gateway-list 192.168.31.254

 network 192.168.31.0 mask 255.255.255.0

 excluded-ip-address 192.168.31.1 192.168.31.60

 leas