这是我校校园网中一台锐捷2352G作为接入层设备的配置清单(鉴于网络安全性,IP地址与实际不同),一方面与大家分享,一方面也是给自己做个备份。
S2352G#sh run
Building configuration...
Current configuration : 6470 bytes
Current configuration : 6470 bytes
!
version RGNOS 10.2.00(2), Release(27523)(Thu Dec 6 17:43:05 CST 2007 -ubu1server)
hostname S2352G
!
!
!
vlan 1
!
vlan 132
name gongyong
!
vlan 420
name guanli
!
!
username net-switch-admin password 7 001b721017624e
service password-encryption
!
!
ip default-gateway 10.1.3.253
!
!
enable secret 5 $1$yLhr$EqyCC5sx6zytD7ux
!
!
!
!
spanning-tree
spanning-tree mode rstp
interface FastEthernet 0/1
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/2
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/3
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/4
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/5
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/6
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/7
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/8
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/9
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/10
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/11
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/12
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/13
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/14
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/15
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/16
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/17
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/18
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/19
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/20
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/21
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/22
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/23
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/24
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/25
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/26
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/27
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/28
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/29
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/30
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/31
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/32
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/33
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/34
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/35
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/36
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/37
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/38
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/39
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/40
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/41
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/42
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/43
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/44
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/45
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/46
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/47
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/48
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface GigabitEthernet 0/49
switchport mode trunk
!
interface GigabitEthernet 0/50
switchport mode trunk
medium-type fiber
spanning-tree bpdufilter enable
de.ion link_9505
!
interface VLAN 420
ip address 10.1.1.1 255.255.252.0
no shutdown
!
!
line con 0
line vty 0 4
login local
password 7 13544019597444
!
!
end
version RGNOS 10.2.00(2), Release(27523)(Thu Dec 6 17:43:05 CST 2007 -ubu1server)
hostname S2352G
!
!
!
vlan 1
!
vlan 132
name gongyong
!
vlan 420
name guanli
!
!
username net-switch-admin password 7 001b721017624e
service password-encryption
!
!
ip default-gateway 10.1.3.253
!
!
enable secret 5 $1$yLhr$EqyCC5sx6zytD7ux
!
!
!
!
spanning-tree
spanning-tree mode rstp
interface FastEthernet 0/1
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/2
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/3
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/4
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/5
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/6
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/7
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/8
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/9
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/10
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/11
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/12
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/13
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/14
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/15
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/16
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/17
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/18
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/19
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/20
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/21
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/22
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/23
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/24
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/25
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/26
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/27
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/28
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/29
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/30
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/31
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/32
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/33
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/34
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/35
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/36
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/37
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/38
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/39
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/40
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/41
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/42
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/43
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/44
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/45
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/46
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/47
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/48
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface GigabitEthernet 0/49
switchport mode trunk
!
interface GigabitEthernet 0/50
switchport mode trunk
medium-type fiber
spanning-tree bpdufilter enable
de.ion link_9505
!
interface VLAN 420
ip address 10.1.1.1 255.255.252.0
no shutdown
!
!
line con 0
line vty 0 4
login local
password 7 13544019597444
!
!
end
需要注意的是:
1、vlan 420作为管理vlan,IP地址是10.1.1.1,二层交换机能且仅能为一个vlan设置IP,并且一旦某vlan设置了IP,就立即成为管理vlan,该管理vlan的网关为10.1.1.253。
2、端口被设置为 spanning-tree portfast,那么其下联设备必为主机,若为交换机将可能出现环路。
3、若局域网中ARP病毒泛滥,可在每个接入端口配置这样一条命令(锐捷专有):
S2352G(config-if)#anti-arp-spoofing ip A.B.C.D
A.B.C.D地址是用户vlan的网关,用于进行绑定网关IP,适用于网关欺骗型ARP***,而对主机欺骗型ARP***无防护效果。
4、与神州数码DCS的设备不一样的是,锐捷的设备,必须配置telnet的password,通过telnet登录的时候,是在用户模式,需要enable命令及特权模式密码才能进入特权模式,而神码的设备telnet登录后直接是特权模式(DCS-3726/3750)。
原文2009年1月1日发布于http://www.cnblogs.com/feichangcai/archive/2009/01/01/1366616.html
京公网安备 11010802041100号