這是我校校園網中一臺銳捷2352G作爲接入層設備的配置清單(鑑於網絡安全性,IP地址與實際不同),一方面與大家分享,一方面也是給自己做個備份。
S2352G#sh run
Building configuration...
Current configuration : 6470 bytes
Current configuration : 6470 bytes
!
version RGNOS 10.2.00(2), Release(27523)(Thu Dec 6 17:43:05 CST 2007 -ubu1server)
hostname S2352G
!
!
!
vlan 1
!
vlan 132
name gongyong
!
vlan 420
name guanli
!
!
username net-switch-admin password 7 001b721017624e
service password-encryption
!
!
ip default-gateway 10.1.3.253
!
!
enable secret 5 $1$yLhr$EqyCC5sx6zytD7ux
!
!
!
!
spanning-tree
spanning-tree mode rstp
interface FastEthernet 0/1
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/2
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/3
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/4
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/5
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/6
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/7
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/8
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/9
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/10
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/11
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/12
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/13
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/14
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/15
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/16
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/17
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/18
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/19
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/20
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/21
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/22
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/23
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/24
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/25
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/26
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/27
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/28
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/29
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/30
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/31
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/32
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/33
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/34
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/35
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/36
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/37
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/38
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/39
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/40
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/41
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/42
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/43
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/44
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/45
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/46
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/47
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/48
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface GigabitEthernet 0/49
switchport mode trunk
!
interface GigabitEthernet 0/50
switchport mode trunk
medium-type fiber
spanning-tree bpdufilter enable
de.ion link_9505
!
interface VLAN 420
ip address 10.1.1.1 255.255.252.0
no shutdown
!
!
line con 0
line vty 0 4
login local
password 7 13544019597444
!
!
end
version RGNOS 10.2.00(2), Release(27523)(Thu Dec 6 17:43:05 CST 2007 -ubu1server)
hostname S2352G
!
!
!
vlan 1
!
vlan 132
name gongyong
!
vlan 420
name guanli
!
!
username net-switch-admin password 7 001b721017624e
service password-encryption
!
!
ip default-gateway 10.1.3.253
!
!
enable secret 5 $1$yLhr$EqyCC5sx6zytD7ux
!
!
!
!
spanning-tree
spanning-tree mode rstp
interface FastEthernet 0/1
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/2
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/3
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/4
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/5
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/6
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/7
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/8
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/9
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/10
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/11
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/12
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/13
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/14
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/15
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/16
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/17
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/18
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/19
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/20
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/21
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/22
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/23
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/24
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/25
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/26
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/27
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/28
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/29
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/30
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/31
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/32
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/33
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/34
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/35
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/36
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/37
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/38
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/39
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/40
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/41
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/42
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/43
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/44
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/45
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/46
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/47
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface FastEthernet 0/48
switchport access vlan 132
spanning-tree bpduguard enable
spanning-tree portfast
!
interface GigabitEthernet 0/49
switchport mode trunk
!
interface GigabitEthernet 0/50
switchport mode trunk
medium-type fiber
spanning-tree bpdufilter enable
de.ion link_9505
!
interface VLAN 420
ip address 10.1.1.1 255.255.252.0
no shutdown
!
!
line con 0
line vty 0 4
login local
password 7 13544019597444
!
!
end
需要注意的是:
1、vlan 420作爲管理vlan,IP地址是10.1.1.1,二層交換機能且僅能爲一個vlan設置IP,並且一旦某vlan設置了IP,就立即成爲管理vlan,該管理vlan的網關爲10.1.1.253。
2、端口被設置爲 spanning-tree portfast,那麼其下聯設備必爲主機,若爲交換機將可能出現環路。
3、若局域網中ARP病毒氾濫,可在每個接入端口配置這樣一條命令(銳捷專有):
S2352G(config-if)#anti-arp-spoofing ip A.B.C.D
A.B.C.D地址是用戶vlan的網關,用於進行綁定網關IP,適用於網關欺騙型ARP***,而對主機欺騙型ARP***無防護效果。
4、與神州數碼DCS的設備不一樣的是,銳捷的設備,必須配置telnet的password,通過telnet登錄的時候,是在用戶模式,需要enable命令及特權模式密碼才能進入特權模式,而神碼的設備telnet登錄後直接是特權模式(DCS-3726/3750)。