某大型网站在北京某机房的网络核心交换机配置
3560A#sh runBuilding configuration...
Current configuration : 5756 bytes
!
! Last configuration change at 17:12:04 CST Wed Dec 19 2007 by admin
! NVRAM config last updated at 12:07:45 CST Thu Dec 13 2007 by admin
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname 3560A
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx
no aaa new-model
clock timezone CST 8
ip subnet-zero
ip routing
no ip domain-lookup
ip host 2970b 172.17.0.5
ip host 2950a 172.17.0.7
ip host 2960a 172.17.0.6
ip host 2970a 172.17.0.4
ip host 3560b 172.17.0.3
!
login on-failure log
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,10,59,172,192,900-901,1000 priority 24576
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
description connection to IDC c6509
switchport access vlan 59
switchport mode access
ip access-group xx_mini_acl in
!
interface GigabitEthernet0/2
switchport access vlan 59
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/4
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/5
description connection to outside(eth0|OUT) port of pix
switchport access vlan 10
switchport mode access
shutdown
duplex full
!
interface GigabitEthernet0/6
description connection to inside(eth1|IN) port of pix
switchport access vlan 172
switchport mode access
shutdown
duplex full
!
interface GigabitEthernet0/7
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/8
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/10
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/11
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/12
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet0/13
description connection to dlink switch(remote control card)
switchport access vlan 192
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 192
shutdown
!
interface GigabitEthernet0/15
shutdown
!
interface GigabitEthernet0/16
shutdown
!
interface GigabitEthernet0/17
shutdown
!
interface GigabitEthernet0/18
description snort monitor port
switchport access vlan 59
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/19
shutdown
!
interface GigabitEthernet0/20
shutdown
!
interface GigabitEthernet0/21
switchport access vlan 900
switchport mode access
!
interface GigabitEthernet0/22
switchport access vlan 900
switchport mode access
!
interface GigabitEthernet0/23
description connection to g0/23 of 3560B(trunk)
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/24
description connection to g0/24 of 2970A(trunk)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/25
spanning-tree port-priority 112
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
no ip address
!
interface Vlan10
ip address 10.17.17.2 255.255.255.0
standby 10 ip 10.17.17.1
standby 10 priority 20
standby 10 preempt
!
interface Vlan59
ip address 59.151.xx.xx 255.255.255.224
!
interface Vlan172
ip address 172.17.0.2 255.255.0.0
standby 172 ip 172.17.0.1
standby 172 priority 20
standby 172 preempt
!
interface Vlan192
ip address 192.168.17.2 255.255.255.0
standby 192 ip 192.168.17.1
standby 192 priority 20
standby 192 preempt
!
interface Vlan901
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 59.151.xx.xx
ip http server
ip http access-class 1
!
!
ip access-list standard snmp_acl
permit 172.17.1.252
permit 172.17.1.253
permit 172.17.1.251
permit 61.145.xxx.xxx
permit 172.17.1.1
permit 172.17.1.3
ip access-list standard telnet_acl
permit 218.19.xx.xxx
permit 172.17.1.252
permit 172.17.1.253
permit 172.17.1.251
!
ip access-list extended xx_common_acl
deny tcp any any eq 22
deny tcp any any eq 199
deny udp any any eq 166
permit icmp host 218.19.xx.xxx any
deny icmp any any
permit ip any any
permit gre any any
ip access-list extended xx_mini_acl
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22
permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222
deny tcp any any eq 22
deny tcp any any eq 62222
permit ip any any
permit ahp any any
permit gre any any
!
access-list 1 permit 172.17.1.252
access-list 1 permit 172.17.1.253
access-list 1 permit 172.17.1.251
access-list 1 remark acl for controlling who can access the http port of this switch.
snmp-server community 3560aro RO snmp_acl
!
control-plane
!
!
line con 0
line vty 0 4
session-timeout 15
access-class telnet_acl in
exec-timeout 0 0
logging synchronous
login local
line vty 5 15
session-timeout 15
access-class telnet_acl in
exec-timeout 0 0
logging synchronous
login local
!
!
monitor session 1 destination interface Gi0/18
monitor session 1 source remote vlan 1000
ntp clock-period 36028782
ntp server 172.17.9.11
ntp server 172.17.9.12
!
end
3560A# 有没有高手能把命令的具体功能标在左边啊?有些命令我看不懂啊!
提供cisco华为第三方维修
北京华夏恒捷网络技术有限公司专业提供芯片级维修:
cisco 华为3com h3c 北电 港湾等交换机
路由器 防火墙 各功率开关电源维修
联系人: 孙瑶芳
联系电话: 010-82828710
13466789562
msn: [email]sunyaofang1982@hotmail.com[/email]
qq: 787486458
页:
[1]