这个是某小区汇聚层的交换机配置,具体细节来一起分享一下,看看他们是咋配的,学学经验。 super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!! //配置了密码,等级为3应该有所有权限。然后经md5算法加密过了。 # vlan batch 2 to 404 406 408 to 409 411 413 to 415 417 419 to 420 422 425 to 428 430 vlan batch 432 434 438 441 to 442 445 447 to 448 450 452 to 453 455 458 to 459 vlan batch 461 to 462 465 to 468 471 to 474 476 561 to 744 746 to 4094 //vlan划得很多,一般情况是根据不同的业务来划分vlan的。 # cluster enable ntdp enable ntdp hop 16 ndp enable //ndp是用来发现直接相连的邻居信息。包括邻接设备的设备类型、软/硬件版本、连接端口等。NTDP 为集群管理提供可加入集群的设备信息,收集指定跳数内的交换机的拓扑信息。这里设置的跳数是16条。NDP 为 NTDP 提供邻接表信息,NTDP 根据邻接信息发送和转发 NTDP 拓扑收集请求,收集一定网络范围内每个设备的 NDP 信息和它与所有邻居的连接信息。 # dhcp enable # undo http server enable # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http //3a认证:认证、授权和计费都使用默认的default # interface Vlanif7 ip address 192.168.1.1 255.255.255.0 //设置vlanif,此接口是逻辑接口,配置后可以部署三层特性。 # interface Vlanif11 ip address 192.168.1.2 255.255.255.0 # interface Ethernet0/0/1 description to_XC_MA5105-1 qinq vlan-translation enable port hybrid tagged vlan 11 port hybrid untagged vlan 100 3329 port vlan-stacking vlan 100 to 2000 stack-vlan 100 port vlan-stacking vlan 2112 to 2127 stack-vlan 3329 port vlan-stacking vlan 2176 to 2191 stack-vlan 3329 port vlan-mapping vlan 11 map-vlan 11 ntdp enable ndp enable bpdu enable //这个口上连到ma5105这台设备上。默认接口类型就hybrid,是首先是起了qinq vlan转发功能。起了qinq就需要准备两个标签,一个内层一个外层。port-stacking 命令告诉我们内部的vlan从100 to 2000将要打上 100的标签了用来穿透isp。port hybrid tagged vlan 11这个是说要是出去的是vlan 11就不要去掉标签,这个是内部标签。port hybrid untagged vlan 100 3329 要是进来的是vlan 100 3329那就去掉他们的标签,这个是外部标签,要打的。 port vlan-mapping 我是硬是没有看懂什么意思,呜呜。 # interface Ethernet0/0/2 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/3 description to_XC_MA5105-2 qinq vlan-translation enable port hybrid tagged vlan 11 port hybrid untagged vlan 200 900 3330 3594 port vlan-stacking vlan 100 to 2000 stack-vlan 900 port vlan-stacking vlan 2112 to 2127 stack-vlan 3330 port vlan-stacking vlan 2176 to 2191 stack-vlan 3330 port vlan-mapping vlan 11 map-vlan 11 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/4 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/5 description to_XC_MA5103-1 qinq vlan-translation enable port hybrid tagged vlan 11 port hybrid untagged vlan 300 3328 3594 port vlan-stacking vlan 100 to 2000 stack-vlan 300 port vlan-stacking vlan 2112 to 2143 stack-vlan 3328 port vlan-stacking vlan 2176 to 2207 stack-vlan 3328 port vlan-stacking vlan 2240 to 2271 stack-vlan 3328 port vlan-mapping vlan 11 map-vlan 11 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/6 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/7 description to XC_CPN_3# qinq vlan-translation enable port default vlan 3594 port hybrid tagged vlan 7 port vlan-stacking vlan 3200 to 3223 stack-vlan 3594 port hybrid untagged vlan 3594 port vlan-mapping vlan 7 map-vlan 7 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/8 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/9 description to XC_CPN_4# qinq vlan-translation enable port default vlan 3594 port hybrid tagged vlan 7 port vlan-stacking vlan 3264 to 3287 stack-vlan 3594 port hybrid untagged vlan 3594 port vlan-mapping vlan 7 map-vlan 7 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/10 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/11 description to XC_CPN_7# port link-type dot1q-tunnel port default vlan 19下· ntdp enable ndp enable bpdu enable # interface Ethernet0/0/12 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/13 description to XC_CPN_6# qinq vlan-translation enable port default vlan 3594 port hybrid tagged vlan 7 port hybrid untagged vlan 3594 port vlan-stacking vlan 3360 to 3383 stack-vlan 3594 port vlan-mapping vlan 7 map-vlan 7 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/14 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/15 description to XC_CPN_2# qinq vlan-translation enable port default vlan 3594 port hybrid tagged vlan 7 port hybrid untagged vlan 3594 port vlan-stacking vlan 3168 to 3191 stack-vlan 3594 port vlan-mapping vlan 7 map-vlan 7 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/16 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/17 description to XC_CPN port link-type dot1q-tunnel port default vlan 19 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/18 ntdp enable ndp enable bpdu enable # ..............
.............
.............. # interface Ethernet0/0/22 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/23 description to XC_CPN_5# qinq vlan-translation enable port default vlan 3594 port hybrid tagged vlan 7 port hybrid untagged vlan 3594 port vlan-stacking vlan 3328 to 3351 stack-vlan 3594 port vlan-mapping vlan 7 map-vlan 7 ntdp enable ndp enable bpdu enable # interface Ethernet0/0/24 port link-type dot1q-tunnel port default vlan 19 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/1 description to_7806(Gei_3/0/9) port link-type trunk port trunk allow-pass vlan 2 to 4094 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/2 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/3 ntdp enable ndp enable bpdu enable # interface GigabitEthernet0/0/4 ntdp enable ndp enable bpdu enable # interface NULL0 ---- More ---- 0]:Some packets are dropped by cpcar on the MP# ip route-static 0.0.0.0 0.0.0.0 10.129.109.1 ip route-static 10.192.0.0 255.255.0.0 10.193.68.1 ip route-static 10.193.0.0 255.255.0.0 10.193.68.1 # snmp-agent snmp-agent local-engineid 000007DB7F00000100004D39 snmp-agent community read xxxxxxxxx
snmp-agent community write zzzzzzzzz
snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 10.192.0.229 params securityname v2c snmp-agent target-host trap address udp-domain 10.192.0.230 params securityname v2c # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!! # return con口没有加密,为了后来的人吧,但是感觉好危险。