在学校做网络管理时接入级交换机配置样例
2007-09-17 20:56
567 查看
write by 洱海月 QQ:254034704 http://blog.csdn.net/networkcrazy
1##sh run
Building configuration...
Current configuration : 6738 bytes
!
version 1.0 IOS软件的版本
!
hostname 1# 交换机名字为1#
vlan 1 交换机自带的管理VLAN(VLAN号为1)命名为为xx
name xx
!
vlan 11 定义了一个名字为sam_xq,VLAN号为11的VLAN
name sam_xq
!
vlan 85 定义了一个名字为1#,VLAN号为85的VLAN
name 1#
!
expert access-list extended xx 定义名为xx的、扩展的专家级ACL(访问控制列表)
permit ip host 192.168.89.225 host 00d0.f8ef.6b90 any any
允许交换机192.168.89.225(1926)把数据转发到任何地方
permit ip host 192.168.89.226 host 00d0.f8ef.6499 any any
permit ip host 192.168.89.227 host 00d0.f8ef.6d5d any any
permit ip host 192.168.89.228 host 00d0.f8ef.6b9a any any
permit ip host 192.168.89.229 host 00d0.f8ef.6a7d any any
permit ip host 192.168.89.230 host 00d0.f8ef.6a8e any any
permit ip host 192.168.89.231 host 00d0.f8ef.6e33 any any
permit ip host 192.168.89.232 host 00d0.f8ef.6de2 any any
permit ip host 192.168.89.233 host 00d0.f8ef.6c52 any any
permit ip host 192.168.89.234 host 00d0.f8ef.64bc any any
permit ip host 192.168.89.235 host 00d0.f8ef.6df0 any any
permit ip host 192.168.89.236 host 00d0.f8ef.64b3 any any
permit ip host 192.168.89.237 host 00d0.f8ef.6cfe any any
permit ip 192.168.88.0 0.0.1.255 any x.x.x.x 0.0.1.255 any
允许192.168.88.0/23段的任何主机访问x.x.x.x/23段的任何主机
deny ip 192.168.88.0 0.0.1.255 any any any
禁止192.168.88.0/23段任何主机访问除了x.x.x.x/23段的别的任何主机
permit ip 222.*.*.0 0.0.0.255 any any any
允许222.*.*.0/24段的任何主机访问任何主机
!
logging monitor 记录日志
radius-server host 10.10.10.253 定义radius-server服务器的IP为10.10.10.253
aaa authentication dot1x 认证方式为802.1x技术(基于端口的访问控制技术)
aaa accounting server 10.10.10.253 指定计费服务器为10.10.10.253
aaa accounting 开启计费功能
!
address-bind 192.168.89.225 00d0.f8ef.6b90 绑定1926系列交换机的IP和MAC
address-bind 192.168.89.226 00d0.f8ef.6499
address-bind 192.168.89.227 00d0.f8ef.6d5d
address-bind 192.168.89.228 00d0.f8ef.6b9a
address-bind 192.168.89.229 00d0.f8ef.6a7d
address-bind 192.168.89.230 00d0.f8ef.6a8e
address-bind 192.168.89.231 00d0.f8ef.6e33
address-bind 192.168.89.232 00d0.f8ef.6de2
address-bind 192.168.89.233 00d0.f8ef.6c52
address-bind 192.168.89.234 00d0.f8ef.64bc
address-bind 192.168.89.235 00d0.f8ef.6df0
address-bind 192.168.89.236 00d0.f8ef.64b3
address-bind 192.168.89.237 00d0.f8ef.6cfe
service dhcp 开启DHCP relay (DHCP中继代理功能)
ip helper-address 10.10.10.252 DHCP服务器IP为10.10.10.252
ip dhcp relay information option dot1x DHCP中继代理以802.1x格式封闭请求信息
interface fastEthernet 0/1 定义快速以太网端口0/1
description S1926G_192.168.89.226 描述端口
switchport access vlan 85 此端口以access方式加入vlan 85
dot1x port-control auto 自动使用802.1x技术对此端口进入控制
expert access-group xx in 在此端口上引用名xx为专家级ACL
!
interface fastEthernet 0/2
description S1926G_192.168.89.225
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/3
description S1926G_192.168.89.227
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/4
shutdown 禁用此端口,以节约资源
!
interface fastEthernet 0/5
description S1926G_192.168.89.228
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/6
shutdown
!
interface fastEthernet 0/7
description S1926G_192.168.89.229
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/8
shutdown
!
interface fastEthernet 0/9
description S1926G_192.168.89.230
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/10
shutdown
!
interface fastEthernet 0/11
description S1926G_192.168.89.231
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/12
shutdown
!
interface fastEthernet 0/13
description S1926G_192.168.89.237
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/14
description 112-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/15
description S1926G_192.168.89.236
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/16
description 202-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/17
description S1926G_192.168.89.235
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/18
description 214-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/19
description S1926G_192.168.89.234
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/20
description 301-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/21
description S1926G_192.168.89.233
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/22
description 313-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/23
description S1926G_192.168.89.232
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/24
description 325-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface gigabitEthernet 1/1 定义千兆端口1/1
switchport mode trunk 此端口接入模式为trunk(主干,允许所有的端口通过此口传输信息)
switchport trunk native vlan 11 此端口原封不动的把vlan 11的数据转发
!
interface vlan 11 定义vlan 11接口的一此属性
no shutdown 激活接口
ip address 10.10.11.101 255.255.255.0 定义IP及掩码
!
dot1x client-probe enable 开启802.1x技术客户认证信息转发代理功能
aaa authorization ip-auth-mode dhcp-server 定义整个认证的过程(先认证,再授权,再分配IP)
dot1x timeout quiet-period 0 交换机毫不等待的转发认证客户的认证信息
dot1x timeout tx-period 3 交换机上传认证客户的认证信息超时时间为3S
no dot1x re-authentication 关闭802.1x技术的重复认证
radius-server key root(不太清楚)
ip default-gateway 10.10.11.254 默认网关为10.10.11.254
snmp-server community stpublic rw 访问snmp-server的团体名为stpublic,访问方式为读写(rw)
下面是静态的MAC地址表(主要是各个端口MAC地址和端口号对应表,以及端口的部分信息,例如
属于的VLAN)
mac-address-table static 00e0.fc3e.133e vlan 11 interface gigabitEthernet 1/1
mac-address-table static 00e0.fc41.cb29 vlan 11 interface gigabitEthernet 1/1
mac-address-table static 00d0.f8ef.6499 vlan 90 interface fastEthernet 0/1
mac-address-table static 00d0.f8ef.64b3 vlan 90 interface fastEthernet 0/15
mac-address-table static 00d0.f8ef.64bc vlan 90 interface fastEthernet 0/19
mac-address-table static 00d0.f8ef.6a7d vlan 90 interface fastEthernet 0/7
mac-address-table static 00d0.f8ef.6a8e vlan 90 interface fastEthernet 0/9
mac-address-table static 00d0.f8ef.6b90 vlan 90 interface fastEthernet 0/2
mac-address-table static 00d0.f8ef.6b9a vlan 90 interface fastEthernet 0/5
mac-address-table static 00d0.f8ef.6c52 vlan 90 interface fastEthernet 0/21
mac-address-table static 00d0.f8ef.6cfe vlan 90 interface fastEthernet 0/13
mac-address-table static 00d0.f8ef.6d5d vlan 90 interface fastEthernet 0/3
mac-address-table static 00d0.f8ef.6de2 vlan 90 interface fastEthernet 0/23
mac-address-table static 00d0.f8ef.6df0 vlan 90 interface fastEthernet 0/17
mac-address-table static 00d0.f8ef.6e33 vlan 90 interface fastEthernet 0/11
end
1##sh run
Building configuration...
Current configuration : 6738 bytes
!
version 1.0 IOS软件的版本
!
hostname 1# 交换机名字为1#
vlan 1 交换机自带的管理VLAN(VLAN号为1)命名为为xx
name xx
!
vlan 11 定义了一个名字为sam_xq,VLAN号为11的VLAN
name sam_xq
!
vlan 85 定义了一个名字为1#,VLAN号为85的VLAN
name 1#
!
expert access-list extended xx 定义名为xx的、扩展的专家级ACL(访问控制列表)
permit ip host 192.168.89.225 host 00d0.f8ef.6b90 any any
允许交换机192.168.89.225(1926)把数据转发到任何地方
permit ip host 192.168.89.226 host 00d0.f8ef.6499 any any
permit ip host 192.168.89.227 host 00d0.f8ef.6d5d any any
permit ip host 192.168.89.228 host 00d0.f8ef.6b9a any any
permit ip host 192.168.89.229 host 00d0.f8ef.6a7d any any
permit ip host 192.168.89.230 host 00d0.f8ef.6a8e any any
permit ip host 192.168.89.231 host 00d0.f8ef.6e33 any any
permit ip host 192.168.89.232 host 00d0.f8ef.6de2 any any
permit ip host 192.168.89.233 host 00d0.f8ef.6c52 any any
permit ip host 192.168.89.234 host 00d0.f8ef.64bc any any
permit ip host 192.168.89.235 host 00d0.f8ef.6df0 any any
permit ip host 192.168.89.236 host 00d0.f8ef.64b3 any any
permit ip host 192.168.89.237 host 00d0.f8ef.6cfe any any
permit ip 192.168.88.0 0.0.1.255 any x.x.x.x 0.0.1.255 any
允许192.168.88.0/23段的任何主机访问x.x.x.x/23段的任何主机
deny ip 192.168.88.0 0.0.1.255 any any any
禁止192.168.88.0/23段任何主机访问除了x.x.x.x/23段的别的任何主机
permit ip 222.*.*.0 0.0.0.255 any any any
允许222.*.*.0/24段的任何主机访问任何主机
!
logging monitor 记录日志
radius-server host 10.10.10.253 定义radius-server服务器的IP为10.10.10.253
aaa authentication dot1x 认证方式为802.1x技术(基于端口的访问控制技术)
aaa accounting server 10.10.10.253 指定计费服务器为10.10.10.253
aaa accounting 开启计费功能
!
address-bind 192.168.89.225 00d0.f8ef.6b90 绑定1926系列交换机的IP和MAC
address-bind 192.168.89.226 00d0.f8ef.6499
address-bind 192.168.89.227 00d0.f8ef.6d5d
address-bind 192.168.89.228 00d0.f8ef.6b9a
address-bind 192.168.89.229 00d0.f8ef.6a7d
address-bind 192.168.89.230 00d0.f8ef.6a8e
address-bind 192.168.89.231 00d0.f8ef.6e33
address-bind 192.168.89.232 00d0.f8ef.6de2
address-bind 192.168.89.233 00d0.f8ef.6c52
address-bind 192.168.89.234 00d0.f8ef.64bc
address-bind 192.168.89.235 00d0.f8ef.6df0
address-bind 192.168.89.236 00d0.f8ef.64b3
address-bind 192.168.89.237 00d0.f8ef.6cfe
service dhcp 开启DHCP relay (DHCP中继代理功能)
ip helper-address 10.10.10.252 DHCP服务器IP为10.10.10.252
ip dhcp relay information option dot1x DHCP中继代理以802.1x格式封闭请求信息
interface fastEthernet 0/1 定义快速以太网端口0/1
description S1926G_192.168.89.226 描述端口
switchport access vlan 85 此端口以access方式加入vlan 85
dot1x port-control auto 自动使用802.1x技术对此端口进入控制
expert access-group xx in 在此端口上引用名xx为专家级ACL
!
interface fastEthernet 0/2
description S1926G_192.168.89.225
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/3
description S1926G_192.168.89.227
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/4
shutdown 禁用此端口,以节约资源
!
interface fastEthernet 0/5
description S1926G_192.168.89.228
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/6
shutdown
!
interface fastEthernet 0/7
description S1926G_192.168.89.229
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/8
shutdown
!
interface fastEthernet 0/9
description S1926G_192.168.89.230
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/10
shutdown
!
interface fastEthernet 0/11
description S1926G_192.168.89.231
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/12
shutdown
!
interface fastEthernet 0/13
description S1926G_192.168.89.237
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/14
description 112-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/15
description S1926G_192.168.89.236
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/16
description 202-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/17
description S1926G_192.168.89.235
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/18
description 214-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/19
description S1926G_192.168.89.234
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/20
description 301-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/21
description S1926G_192.168.89.233
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/22
description 313-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/23
description S1926G_192.168.89.232
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface fastEthernet 0/24
description 325-2
switchport access vlan 85
dot1x port-control auto
expert access-group xx in
!
interface gigabitEthernet 1/1 定义千兆端口1/1
switchport mode trunk 此端口接入模式为trunk(主干,允许所有的端口通过此口传输信息)
switchport trunk native vlan 11 此端口原封不动的把vlan 11的数据转发
!
interface vlan 11 定义vlan 11接口的一此属性
no shutdown 激活接口
ip address 10.10.11.101 255.255.255.0 定义IP及掩码
!
dot1x client-probe enable 开启802.1x技术客户认证信息转发代理功能
aaa authorization ip-auth-mode dhcp-server 定义整个认证的过程(先认证,再授权,再分配IP)
dot1x timeout quiet-period 0 交换机毫不等待的转发认证客户的认证信息
dot1x timeout tx-period 3 交换机上传认证客户的认证信息超时时间为3S
no dot1x re-authentication 关闭802.1x技术的重复认证
radius-server key root(不太清楚)
ip default-gateway 10.10.11.254 默认网关为10.10.11.254
snmp-server community stpublic rw 访问snmp-server的团体名为stpublic,访问方式为读写(rw)
下面是静态的MAC地址表(主要是各个端口MAC地址和端口号对应表,以及端口的部分信息,例如
属于的VLAN)
mac-address-table static 00e0.fc3e.133e vlan 11 interface gigabitEthernet 1/1
mac-address-table static 00e0.fc41.cb29 vlan 11 interface gigabitEthernet 1/1
mac-address-table static 00d0.f8ef.6499 vlan 90 interface fastEthernet 0/1
mac-address-table static 00d0.f8ef.64b3 vlan 90 interface fastEthernet 0/15
mac-address-table static 00d0.f8ef.64bc vlan 90 interface fastEthernet 0/19
mac-address-table static 00d0.f8ef.6a7d vlan 90 interface fastEthernet 0/7
mac-address-table static 00d0.f8ef.6a8e vlan 90 interface fastEthernet 0/9
mac-address-table static 00d0.f8ef.6b90 vlan 90 interface fastEthernet 0/2
mac-address-table static 00d0.f8ef.6b9a vlan 90 interface fastEthernet 0/5
mac-address-table static 00d0.f8ef.6c52 vlan 90 interface fastEthernet 0/21
mac-address-table static 00d0.f8ef.6cfe vlan 90 interface fastEthernet 0/13
mac-address-table static 00d0.f8ef.6d5d vlan 90 interface fastEthernet 0/3
mac-address-table static 00d0.f8ef.6de2 vlan 90 interface fastEthernet 0/23
mac-address-table static 00d0.f8ef.6df0 vlan 90 interface fastEthernet 0/17
mac-address-table static 00d0.f8ef.6e33 vlan 90 interface fastEthernet 0/11
end
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 网络配置实例---DNS服务、DHCP服务、交换机管理VLAN配置、静态路由
- Linux网络配置及远程管理
- 网络设备配置与管理---使用DDN专线实现两个企业网络远程网络互联
- 网络设备配置与管理---使用帧中继实现总分公司网络远程网络互联
- Linux网络管理之一:samba服务器的快速配置
- Linux网络管理之网卡别名及网卡绑定配置
- Nokia 2700C手机浏览器、彩信等接入点 和 网络配置
- centOS7不使用网络管理配置静态IP地址
- CentOS 6.9下的Setup工具(用于管理服务/防火墙/网络配置/验证服务)
- 网络设备配置与管理----通过VLAN划分隔离各公司的网络
- ip route + ip rule实现双ISP接入网络配置
- 网络设备配置与管理
- 移动终端接入无线网络控制管理 - 接入控制等级介绍(Access Control Class)
- Packet Tracer 5.0实验(一) 交换机的基本配置与管理
- Linux网络属性配置命令和管理详解
- 第1章 交换机的基本配置与管理
- 网络服务器搭建配置与管理Linux自测试题1
- 安全配置交换机端口 提高网络安全性
- Puppet: 网络数据中心自动化配置管理
- linux网络服务器配置管理