华为交换机2403配置

tong@123

dis cu
#
sysname S2403H-EI        //交换机名称，应体现物理位置和本机型号（可通过dis ver查看）
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
info-center loghost 172.20.0.66 language chinese          //设置向日志服务器上传本机log
#
queue-scheduler wrr 1 2 4 8
#
acl number 2000            //定义出网管源地址
rule 0 permit source 1.1.1.0 0.0.0.24
#
vlan 1
#
vlan 10
description wangguan     //定义网管vlan
#
vlan 100                  //定义业务vlan，并做端口隔离
description yewu
port-isolate enable
#
interface Vlan-interface10   //定义本机网管IP
ip address 1.1.1.2 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1     //定义接用户的业务端口
broadcast-suppression 5   //定义端口最大允许通过广播流量为5M
port access vlan 100
#
interface Ethernet0/2
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/3
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/4
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/5
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/6
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/7
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/8
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/9
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/10
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/11
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/12
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/13
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/14
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/15
port access vlan 100
#
interface Ethernet0/16
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/17
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/18
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/19
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/20
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/21
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/22
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/23
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/24
broadcast-suppression 5
port access vlan 100
#
interface Ethernet0/25       //定义本机的上行端口
duplex full                 //强制全双工
speed 100                   //强制速率为100M
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 100       //上行口只允许业务vlan和网管vlan通过
broadcast-suppression 10            //定义端口最大允许通过广播流量为10M
  port-isolate uplink-port vlan 100  //端口隔离指定该端口为上行口
undo loopback-detection control enable  //trunk端口关闭环回监测受控功能
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.3 preference 60   //定义网管路由
#
user-interface aux 0
user-interface vty 0 4    //定义telnet登录
acl 2000 inbound         //限制telnet登录源地址
user privilege level 3   //定义telnet用户拥有3级权限
set authentication password simple gzcnc   //定义telnet用户的密码为gzcnc
protocol inbound telnet                    //定义允许以telnet方式登录，不允许ssh方式登录，以防止ssh攻击
#
return
[2403]