通信人家园

标题: 华为交换机2403配置 [查看完整版帖子] [打印本页]

时间: 2010-9-13 21:30

作者: tong@123 标题: 华为交换机2403配置

dis cu
#
sysname S2403H-EI       //交换机名称，应体现物理位置和本机型号（可通过dis ver查看）
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
info-center loghost 172.20.0.66 language chinese       //设置向日志服务器上传本机log
#
queue-scheduler wrr 1 2 4 8
#
acl number 2000          //定义出网管源地址
rule 0 permit source 1.1.1.0 0.0.0.24
#
vlan 1
#
vlan 10
description wangguan    //定义网管vlan
#
vlan 100                //定义业务vlan，并做端口隔离
description yewu
port-isolate enable
#
interface Vlan-interface10 //定义本机网管IP
ip address 1.1.1.2 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1    //定义接用户的业务端口
broadcast-suppression 5 //定义端口最大允许通过广播流量为5M
port access vlan 100
#
interface Ethernet0/2
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/3
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/4
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/5
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/6
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/7
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/8
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/9
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/10
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/11
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/12
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/13
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/14
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/15
port access vlan 100
#
interface Ethernet0/16
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/17
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/18
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/19
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/20
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/21
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/22
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/23
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/24
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/25    //定义本机的上行端口
duplex full                //强制全双工
speed 100                //强制速率为100M
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 100    //上行口只允许业务vlan和网管vlan通过
broadcast-suppression 10          //定义端口最大允许通过广播流量为10M
  port-isolate uplink-port vlan 100  //端口隔离指定该端口为上行口
undo loopback-detection control enable  //trunk端口关闭环回监测受控功能
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.3 preference 60 //定义网管路由
#
user-interface aux 0
user-interface vty 0 4 //定义telnet登录
acl 2000 inbound       //限制telnet登录源地址
user privilege level 3 //定义telnet用户拥有3级权限
set authentication password simple gzcnc //定义telnet用户的密码为gzcnc
protocol inbound telnet                   //定义允许以telnet方式登录，不允许ssh方式登录，以防止ssh攻击
#
return
[2403]

通信人家园 (https://www.txrjy.com/)