经供参考
!Software Version V200R019C10SPC500
#
sysname switch_D
#
FTP server enable
#
undo info-center enable
#
vlan batch 9 to 23 100 152 218
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
clock timezone beijing add 08:00:00
#
dhcp enable
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool pool10
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool12
gateway-list 192.168.12.1
network 192.168.12.0 mask 255.255.255.0
excluded-ip-address 192.168.12.2 192.168.12.40
excluded-ip-address 192.168.12.182
static-bind ip-address 192.168.12.60 mac-address 0009-f608-c12a
static-bind ip-address 192.168.12.61 mac-address 0009-f609-be16
static-bind ip-address 192.168.12.62 mac-address 0009-f609-e277
static-bind ip-address 192.168.12.103 mac-address fcaa-1427-d67f
static-bind ip-address 192.168.12.116 mac-address 408d-5c15-2076
static-bind ip-address 192.168.12.224 mac-address 408d-5c77-762b
static-bind ip-address 192.168.12.247 mac-address 1c1b-0d2e-fbcf
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool13
gateway-list 192.168.13.1
network 192.168.13.0 mask 255.255.255.0
excluded-ip-address 192.168.13.3 192.168.13.50
excluded-ip-address 192.168.13.109 192.168.13.110
excluded-ip-address 192.168.13.113 192.168.13.114
excluded-ip-address 192.168.13.116 192.168.13.117
excluded-ip-address 192.168.13.120
static-bind ip-address 192.168.13.2 mac-address 000f-c0a8-0d03
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool14
gateway-list 192.168.14.1
network 192.168.14.0 mask 255.255.255.0
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool20
gateway-list 10.10.2.1
network 10.10.2.0 mask 255.255.255.0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool17
gateway-list 192.168.15.1
network 192.168.15.0 mask 255.255.255.192
excluded-ip-address 192.168.15.51 192.168.15.60
static-bind ip-address 192.168.15.50 mac-address b469-21e2-1323
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool18
gateway-list 192.168.15.65
network 192.168.15.64 mask 255.255.255.192
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool21
gateway-list 10.10.3.1
network 10.10.3.0 mask 255.255.255.0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
#
ip pool pool16
gateway-list 192.168.16.1
network 192.168.16.0 mask 255.255.255.0
excluded-ip-address 192.168.16.118
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
option 138 ip-address 10.10.1.100
#
ip pool pool11
gateway-list 192.168.11.1
network 192.168.11.0 mask 255.255.255.0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
option 138 ip-address 10.10.1.100
#
ip pool pool22
gateway-list 172.16.0.1
network 172.16.0.0 mask 255.255.254.0
lease day 0 hour 1 minute 0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
option 138 ip-address 10.10.1.100
#
ip pool pool23
gateway-list 10.10.4.1
network 10.10.4.0 mask 255.255.255.0
dns-list 192.168.16.100 114.114.114.114
option 60 ascii "TP-LINK"
option 138 ip-address 10.10.1.100
#
ip pool 13
#
ip pool pool15
#
ip pool 16
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1c$pO*vXOu4c>$<z~LHNJt~=C3wWCFA[UOHTDJTS(I2/uSg7&&Kp*J$
local-user admin privilege level 15
local-user admin service-type http
local-user 3561003 password irreversible-cipher $1c$_jP3Ag~W#5$j'!o$Xq2d%HX:|;b'KP'/.m}Ra!U*CaozS/fUP5A$
local-user 3561003 privilege level 15
local-user 3561003 service-type ssh
#
interface Vlanif1
ip address 10.10.1.2 255.255.255.0
#
interface Vlanif9
ip address 192.168.9.2 255.255.255.0
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
dhcp select global
#
interface Vlanif12
ip address 192.168.12.1 255.255.255.0
dhcp select global
#
interface Vlanif13
ip address 192.168.13.1 255.255.255.0
dhcp select global
#
interface Vlanif14
ip address 192.168.14.1 255.255.255.0
dhcp select global
#
interface Vlanif16
ip address 192.168.16.1 255.255.255.0
dhcp select global
#
interface Vlanif17
ip address 192.168.15.1 255.255.255.192
dhcp select global
#
interface Vlanif18
ip address 192.168.15.65 255.255.255.192
dhcp select global
#
interface Vlanif20
ip address 10.10.2.1 255.255.255.0
dhcp select global
#
interface Vlanif21
ip address 10.10.3.1 255.255.255.0
dhcp select global
#
interface Vlanif22
ip address 172.16.0.1 255.255.254.0
dhcp select global
#
interface Vlanif23
ip address 10.10.4.1 255.255.255.0
dhcp select global
#
interface Vlanif218
#
interface GigabitEthernet0/0/1
description to yewu switchB
port link-type trunk
port trunk allow-pass vlan 9 to 22 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/4
description to 4F POE switch
port link-type trunk
port trunk allow-pass vlan 9 to 22 100
#
interface GigabitEthernet0/0/5
description TEST MIS
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/9
description tp-link tl-ac100
port link-type trunk
port trunk allow-pass vlan 9 to 22 100
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 16
#
interface GigabitEthernet0/0/11
description to 2level jifang SwtichE
port link-type trunk
port trunk allow-pass vlan 9 to 22 100
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/14
description to TP-link 6520G router
port link-type access
port default vlan 9
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/17
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/20
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 16
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/25
description to PXS 10.10.1.25
port link-type trunk
port trunk allow-pass vlan 9 to 23 100 152 218
#
interface GigabitEthernet0/0/26
port link-type trunk
port trunk allow-pass vlan 9 to 23 100 152 218
#
interface GigabitEthernet0/0/27
port link-type trunk
port trunk allow-pass vlan 9 to 23 100 152 218
#
interface GigabitEthernet0/0/28
port link-type trunk
port trunk allow-pass vlan 9 to 23 100 152 218
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ip route-static 0.0.0.0 0.0.0.0 192.168.9.1
ip route-static 61.62.215.81 255.255.255.255 192.168.12.10
ip route-static 152.104.241.208 255.255.255.240 192.168.12.10
ip route-static 192.168.0.0 255.255.255.0 192.168.12.10
ip route-static 192.168.2.0 255.255.255.0 192.168.12.10
ip route-static 192.168.5.0 255.255.255.0 192.168.12.10
ip route-static 192.168.10.0 255.255.255.0 192.168.9.1
ip route-static 211.21.103.67 255.255.255.255 192.168.12.10
#
sftp server enable
stelnet server enable
ssh user 3561003
ssh user 3561003 authentication-type password
ssh user 3561003 service-type stelnet
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
return