C3650-48TS配置案例
Building configuration...
Current configuration : 10511 bytes
!
! Last configuration change at 00:41:51 UTC Mon Feb 7 2022
!
version 16.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname HEXIN
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password 1qaz2wsx
!
no aaa new-model
switch 1 provision ws-c3650-48ts
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-212811823
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-212811823
revocation-check none
rsakeypair TP-self-signed-212811823
!
!
crypto pki certificate chain TP-self-signed-212811823
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
redundancy
mode sso
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/25
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/26
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/27
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/28
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/29
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/30
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/31
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/32
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/33
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/34
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/35
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/36
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/37
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/38
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/39
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/40
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/41
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/42
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/43
switchport mode trunk
!
interface GigabitEthernet1/0/44
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/45
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/46
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/47
switchport access vlan 20
switchport mode trunk
!
interface GigabitEthernet1/0/48
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
switchport access vlan 19
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan19
ip address 10.160.19.254 255.255.255.0
ip helper-address 10.160.19.24
!
interface Vlan20
ip address 10.160.20.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
!
interface Vlan21
ip address 10.160.21.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
!
interface Vlan22
ip address 10.160.22.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
!
interface Vlan23
ip address 10.160.23.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
!
interface Vlan24
ip address 10.160.24.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
ip access-group 100 in
!
interface Vlan25
ip address 10.160.25.254 255.255.255.0
ip helper-address 10.160.19.14
ip helper-address 10.160.19.24
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.160.19.4
ip route 10.60.0.0 255.255.255.0 10.160.19.241
ip route 10.64.0.0 255.255.0.0 10.160.19.40
ip route 10.161.0.0 255.255.0.0 10.160.19.40
ip route 10.192.0.0 255.255.0.0 10.160.19.40
ip route 10.193.0.0 255.255.0.0 10.160.19.40
ip route 10.195.0.0 255.255.0.0 10.160.19.40
ip route 172.16.2.0 255.255.255.0 10.160.19.4
ip route 192.168.1.0 255.255.255.0 10.160.19.4
ip route 192.168.101.0 255.255.255.0 10.160.19.4
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.19.0 0.0.0.255
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.20.0 0.0.0.255
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.21.0 0.0.0.255
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.22.0 0.0.0.255
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.23.0 0.0.0.255
access-list 100 deny ip 10.160.24.0 0.0.0.255 10.160.25.0 0.0.0.255
access-list 100 permit ip any any
!
snmp-server community public RO
snmp-server trap link ietf
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host 10.160.19.47 public
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
password 1qaz2wsx
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 1qaz2wsx
login
line vty 5 15
login
!
!
!
!
!
!
!
end
HEXIN#
- 本文作者: Nemo
- 本文链接: https://zawdsgp.gitee.io/2022/02/22/Cisco/
- 版权声明: 本博客所有文章除特别声明外,均采用 MIT 许可协议。转载请注明出处!