信息中心网络核心交换机配置文件

1、某大型网站在北京某机房的网络核心交换机配置3560A#sh runBuilding configuration.Current configuration : 5756 bytes! Last configuration change at 17:12:04 CST Wed Dec 19 2007 by admin! NVRAM config last updated at 12:07:45 CST Thu Dec 13 2007 by admin!version 12.2no service padservice timestamps debug datetime localtimeserv

2、ice timestamps log datetimeservice password-encryptionservice sequence-numbers!hostname 3560A!enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx!username xxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxno aaa new-modelclock timezone CST 8ip subnet-zeroip routingno ip domain-lookupip host 2970b 172.17.0.

3、5ip host 2950a ip host 2960a ip host 2970a ip host 3560b !login on-failure log!no file verify auto!spanning-tree mode pvstspanning-tree extend system-idspanning-tree vlan 1,10,59,172,192,900-901,1000 priority 24576!vlan internal allocation policy ascending!int

4、erface GigabitEthernet0/1description connection to IDC c6509switchport access vlan 59switchport mode accessip access-group xx_mini_acl in!interface GigabitEthernet0/2switchport access vlan 59switchport mode access!interface GigabitEthernet0/3switchport access vlan 10switchport mode accessshutdown!in

5、terface GigabitEthernet0/4switchport access vlan 10switchport mode accessshutdown!interface GigabitEthernet0/5description connection to outside(eth0|OUT) port of pixswitchport access vlan 10switchport mode accessshutdownduplex full!interface GigabitEthernet0/6description connection to inside(eth1|IN

6、) port of pixswitchport access vlan 172switchport mode accessshutdownduplex full!interface GigabitEthernet0/7switchport access vlan 10switchport mode accessshutdown!interface GigabitEthernet0/8switchport access vlan 10switchport mode accessshutdown!interface GigabitEthernet0/9switchport access vlan

7、10switchport mode accessshutdown!interface GigabitEthernet0/10switchport access vlan 10switchport mode accessshutdown!interface GigabitEthernet0/11switchport access vlan 10switchport mode accessshutdown!interface GigabitEthernet0/12switchport access vlan 10switchport mode accessshutdown!interface Gi

8、gabitEthernet0/13description connection to dlink switch(remote control card)switchport access vlan 192switchport mode access!interface GigabitEthernet0/14switchport access vlan 192shutdown!interface GigabitEthernet0/15shutdown!interface GigabitEthernet0/16shutdown!interface GigabitEthernet0/17shutdo

9、wn!interface GigabitEthernet0/18description snort monitor portswitchport access vlan 59switchport mode accessspanning-tree portfast!interface GigabitEthernet0/19shutdown!interface GigabitEthernet0/20shutdown!interface GigabitEthernet0/21switchport access vlan 900switchport mode access!interface Giga

10、bitEthernet0/22switchport access vlan 900switchport mode access!interface GigabitEthernet0/23description connection to g0/23 of 3560B(trunk)switchport trunk encapsulation dot1qswitchport mode trunkshutdown!interface GigabitEthernet0/24description connection to g0/24 of 2970A(trunk)switchport trunk e

11、ncapsulation dot1qswitchport mode trunk!interface GigabitEthernet0/25spanning-tree port-priority 112!interface GigabitEthernet0/26!interface GigabitEthernet0/27!interface GigabitEthernet0/28!interface Vlan1no ip addressshutdown!interface Vlan2no ip address!interface Vlan10ip address 255.2

12、55.255.0standby 10 ip standby 10 priority 20standby 10 preempt!interface Vlan59ip address 59.151.xx.xx 24!interface Vlan172ip address standby 172 ip standby 172 priority 20standby 172 preempt!interface Vlan192ip address 255.255.255.

13、0standby 192 ip standby 192 priority 20standby 192 preempt!interface Vlan901no ip address!ip classlessip route 59.151.xx.xxip http serverip http access-class 1!ip access-list standard snmp_aclpermit 52permit 53permit 51permit 61.145.xxx.xxxpe

14、rmit permit ip access-list standard telnet_aclpermit 218.19.xx.xxxpermit 52permit 53permit 51!ip access-list extended xx_common_acldeny   tcp any any eq 22deny   tcp any any eq 199deny   udp any any eq 166permit icmp hos

15、t 218.19.xx.xxx anydeny   icmp any anypermit ip any anypermit gre any anyip access-list extended xx_mini_aclpermit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22permit tcp

16、host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 22permit tcp host 218.19.xxx.xxx host 59.151.xxx.xxx eq 62222deny   tcp a

17、ny any eq 22deny   tcp any any eq 62222permit ip any anypermit ahp any anypermit gre any any!access-list 1 permit 52access-list 1 permit 53access-list 1 permit 51access-list 1 remark acl for controlling who can access the http port of this switch.snmp-server community 3560aro RO snmp_acl!control-plane!line con 0line vty 0 4session-timeout 15access-class telnet_acl inexec-timeout 0 0logging synchronouslogin