这是以前工作总结出来的配置代码,当时是为了方便所带的人容易上手。
代码以交换为主,架构上分为核心层、分布层、接入层三层,部分相同的代码有简略。
简单的几条指令,你即可快速上手,在工作中即可应用。
#-----------虚拟接口--------------------------- #1)管理地址 interface Vlanif1 description Management ip address 192.168.250.197 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 # #2)核心交换虚拟网关接口 interface Vlanif2 description Server ip address 192.168.1.2 255.255.255.0 # interface Vlanif3 description office ip address 192.168.0.2 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 #-----------Trunk------------------------------------ interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 2 to 100 ntdp enable ndp enable bpdu enable #-----------Eth Trunk------------------------------- interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/1 eth-trunk 1 interface GigabitEthernet0/0/2 eth-trunk 1 #-----------IP ROUTE--------------------- 1)核心交换静态路由 ip route-static 0.0.0.0 0.0.0.0 10.16.0.1 ip route-static 1.1.1.0 255.255.255.0 192.168.9.101 ip route-static 10.0.0.0 255.255.0.0 192.168.9.100 1)分布层接入层 ip route-static 0.0.0.0 0.0.0.0 192.168.250.1 #-----------VLAN----------------------------- vlan 1 description Management vlan 2 description Server vlan 3 description office interface GigabitEthernet 0/0/11 #-----------DHCP服务器声明----------------------------- dhcp server group dhcpgroup1 dhcp-server 192.168.1.250 0 #-----------Access Port------------------------------ #1)defaule interface GigabitEthernet0/0/1 port link-type access port default vlan 3 stp disable stp edged-port enable ntdp enable ndp enable #2)POE config interface GigabitEthernet0/0/1 port hybrid pvid vlan 2 port hybrid tagged vlan 9 92 port hybrid untagged vlan 2 stp edged-port enable undo poe enable #-----------认证--------------------------------------------------- #1)全局配置 super password level 1 cipher *** super password level 2 cipher *** super password level 3 cipher *** #2)Console配置 user-interface con 0 authentication-mode password set authentication password cipher a:FL2/KX#^;Q=^Q`MAF4<1!! idle-timeout 5 0 #3)VTY配置 user-interface vty 0 4 authentication-mode password idle-timeout 15 0 user privilege level 3 #-----------STP--------------------------------------------------- #1)公共配置 stp mode rstp stp enable stp pathcost-standard legacy #2)核心层交换 stp instance 0 root primary stp enable #3)分布层交换 stp instance 0 priority 8192 stp enable #4)接入层交换 stp instance 0 priority 16384 stp enable stp mode mstp #5)接入端口配置 stp edged-port enable #-----------LLDP-------------------------------------------------- lldp enable #-----------VRRP-------------------------------------------------- #1)Master交换机: interface Vlanif1 description Management ip address 192.168.250.250 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.250.1 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 20 #2)Slave交换机: interface Vlanif1 description Management ip address 192.168.250.251 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.250.1 #-----------SystemName------------------------------------------------------ systemname XXXX 192.168.2.X #--------------------------------------------------------------- storm-control broadcast min-rate 1000 max-rate 2000 storm-control multicast min-rate 1000 max-rate 2000 storm-control unicast min-rate 1000 max-rate 2000 storm-control interval 90 storm-control action block storm-control enable log
原创文章,作者:Maggie-Hunter,如若转载,请注明出处:https://blog.ytso.com/198310.html