coreSW01是5500-28C-SI开启DHCP server,向不同网段的PC分配静态或动态IP。
接入层交换机使用S5024PV2-EI。
A、B和C区三个的接入层交换机用GE1/0/1与coreSW01相连
SerSW01划分两个vlan,vlan 98 (服务器群使用),vlan 91(语音网关使用)
除FW01以外其他所有设备的GE1/0/1从属于vlan 1,并在vlan 1 接口上配置192.168.199.0网段的IP,以便远程访问设备。
在接入层交换机上为防止仿冒用户、仿冒网关,开启ARPDetection功能;为防止用户私自更改ip,开启dhcp-snooping功能,在GE1/0/1上dhcp-snooping trust。
具体配置如下:
--------------------FW01---------------------------------
#
version 5.20, Release 5140
#
sysname FW01
#
clock timezone Beijing add 08:00:00
#
undo voice vlan mac-address 00e0-bb00-0000
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 105.21.16.35
#
telnet server enable
#
port-security enable
#
web idle-timeout 30
#
undo alg dns
undo alg rtsp
undo alg h323
undo alg sip
undo alg sqlnet
undo alg pptp
undo alg ils
undo alg nbt
undo alg msn
undo alg qq
undo alg tftp
undo alg sccp
undo alg gtp
#
session synchronization enable
#
password-recovery enable
#
time-range worktime from 07:00 4/23/2014 to 07:00 4/23/2015
#
acl number 2000
rule 1001 permit
#
acl number 3000
rule 0 permit ip
#
vlan 1
#
vlan 95
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki domain default
crl check disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
interface NULL0
#
interface Vlan-interface95
ip address 192.168.95.1 255.255.255.252
#
interface GigabitEthernet0/0
port link-mode route
nat outbound 2000
nat server 3000 protocol tcp global 110.121.11.54 www inside 192.168.95.1 www
nat server protocol udp global 110.121.11.54 3555 inside 192.168.98.1 3553
nat server 3000 protocol tcp global 110.121.11.54 3555 inside 192.168.98.1 3553
ip address 110.121.11.54 255.255.255.252
dns server 105.21.16.35
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/4
port link-mode route
#
interface GigabitEthernet0/2
port link-mode bridge
port access vlan 95
#
vd Root id 1
#
zone name Management id 0
priority 100
zone name Local id 1
priority 100
zone name Trust id 2
priority 85
import interface GigabitEthernet0/1
import interface GigabitEthernet0/3
import interface Vlan-interface95
zone name DMZ id 3
priority 50
zone name Untrust id 4
priority 5
import interface GigabitEthernet0/0
switchto vd Root
zone name Management id 0
ip virtual-reassembly
zone name Local id 1
ip virtual-reassembly
zone name Trust id 2
ip virtual-reassembly
zone name DMZ id 3
ip virtual-reassembly
zone name Untrust id 4
ip virtual-reassembly
#
ip route-static 0.0.0.0 0.0.0.0 110.121.11.53
ip route-static 192.168.11.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.20.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.21.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.22.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.23.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.24.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.25.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.26.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.27.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.28.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.29.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.31.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.32.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.33.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.34.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.86.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.91.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.98.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.168.199.0 255.255.255.0 Vlan-interface95 192.168.95.2
ip route-static 192.186.86.0 255.255.255.0 Vlan-interface95 192.186.95.2
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
--------------------coreSW01-----------------------------
#
version 5.20, Release 2220P02
#
sysname coreSW01
#
clock timezone beijing add 08:00:00
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
#
domain default enable system
#
dns resolve
dns proxy enable
#
telnet server enable
#
mac-address timer aging 10
#
mirroring-group 1 local
#
password-recovery enable
#
vlan 1
#
vlan 11
#
vlan 16
#
vlan 20 to 29
#
vlan 31 to 34
#
vlan 86
#
vlan 91
description to Keygoe3003
#
vlan 95
#
vlan 98
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan11
network 192.168.11.0 mask 255.255.255.0
gateway-list 192.168.11.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan11.1
static-bind ip-address 192.168.11.1 mask 255.255.255.0
static-bind mac-address 0011-1111-0000
gateway-list 192.168.11.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan11.2.wifirouter
static-bind ip-address 192.168.11.2 mask 255.255.255.0
static-bind mac-address 14cf-925b-ea6f
gateway-list 192.168.11.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan11.5.taishiji
static-bind ip-address 192.168.11.5 mask 255.255.255.0
static-bind mac-address 94de-8091-81bd
gateway-list 192.168.11.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan20
network 192.168.20.0 mask 255.255.255.0
gateway-list 192.168.20.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan20.1
static-bind ip-address 192.168.20.1 mask 255.255.255.0
static-bind mac-address 0020-1111-0001
gateway-list 192.168.20.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan21
network 192.168.21.0 mask 255.255.255.0
gateway-list 192.168.21.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan21.1
static-bind ip-address 192.168.21.1 mask 255.255.255.0
static-bind mac-address 0021-1111-0001
gateway-list 192.168.21.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan22
network 192.168.22.0 mask 255.255.255.0
gateway-list 192.168.22.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan22.1
static-bind ip-address 192.168.22.1 mask 255.255.255.0
static-bind mac-address 0022-1111-0001
gateway-list 192.168.22.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan23
network 192.168.23.0 mask 255.255.255.0
gateway-list 192.168.23.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan23.1
static-bind ip-address 192.168.23.1 mask 255.255.255.0
static-bind mac-address 0023-1111-0001
gateway-list 192.168.23.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan24
network 192.168.24.0 mask 255.255.255.0
gateway-list 192.168.24.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan24.1
static-bind ip-address 192.168.24.1 mask 255.255.255.0
static-bind mac-address 0024-1111-0001
gateway-list 192.168.24.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan25
network 192.168.25.0 mask 255.255.255.0
gateway-list 192.168.25.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan25.1
static-bind ip-address 192.168.25.1 mask 255.255.255.0
static-bind mac-address 0025-1111-0001
gateway-list 192.168.25.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan26
network 192.168.26.0 mask 255.255.255.0
gateway-list 192.168.26.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan26.1
static-bind ip-address 192.168.26.1 mask 255.255.255.0
static-bind mac-address 0026-1111-0001
gateway-list 192.168.26.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan27
network 192.168.27.0 mask 255.255.255.0
gateway-list 192.168.27.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan27.1
static-bind ip-address 192.168.27.1 mask 255.255.255.0
static-bind mac-address 0027-1111-0001
gateway-list 192.168.27.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan28
network 192.168.28.0 mask 255.255.255.0
gateway-list 192.168.28.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan28.1
static-bind ip-address 192.168.28.1 mask 255.255.255.0
static-bind mac-address 0028-1111-0001
gateway-list 192.168.28.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan29
network 192.168.29.0 mask 255.255.255.0
gateway-list 192.168.29.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan29.1
static-bind ip-address 192.168.29.1 mask 255.255.255.0
static-bind mac-address 0029-1111-0001
gateway-list 192.168.29.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan31
network 192.168.31.0 mask 255.255.255.0
gateway-list 192.168.31.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan31.1
static-bind ip-address 192.168.31.1 mask 255.255.255.0
static-bind mac-address 0031-1111-0001
gateway-list 192.168.31.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan32
network 192.168.32.0 mask 255.255.255.0
gateway-list 192.168.32.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan32.1
static-bind ip-address 192.168.32.1 mask 255.255.255.0
static-bind mac-address 0032-1111-0001
gateway-list 192.168.32.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan33
network 192.168.33.0 mask 255.255.255.0
gateway-list 192.168.33.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan33.1
static-bind ip-address 192.168.33.1 mask 255.255.255.0
static-bind mac-address 0033-1111-0001
gateway-list 192.168.33.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan33.2.wifirouter
static-bind ip-address 192.168.33.2 mask 255.255.255.0
static-bind mac-address 9c21-6a2c-3ef3
gateway-list 192.168.33.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan34
network 192.168.34.0 mask 255.255.255.0
gateway-list 192.168.34.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan34.1
static-bind ip-address 192.168.34.1 mask 255.255.255.0
static-bind mac-address 0034-1111-0001
gateway-list 192.168.34.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan68
network 192.168.68.0 mask 255.255.255.0
#
dhcp server ip-pool vlan86
network 192.186.21.0 mask 255.255.255.0
gateway-list 192.168.86.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan91
network 192.168.91.0 mask 255.255.255.0
gateway-list 192.168.91.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98
network 192.168.98.0 mask 255.255.255.0
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.1.ser01
static-bind ip-address 192.168.98.1 mask 255.255.255.0
static-bind mac-address 00e0-4c06-a214
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.2.ser02
static-bind ip-address 192.168.98.2 mask 255.255.255.0
static-bind mac-address 8ce7-4844-a1d5
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.3.ser03
static-bind ip-address 192.168.98.3 mask 255.255.255.0
static-bind mac-address 000c-29f8-d3dd
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.4.ser04
static-bind ip-address 192.168.98.4 mask 255.255.255.0
static-bind mac-address 0011-1111-0004
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.5.ser05
static-bind ip-address 192.168.98.5 mask 255.255.255.0
static-bind mac-address 0011-1111-0005
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.6.ser06
static-bind ip-address 192.168.98.6 mask 255.255.255.0
static-bind mac-address 0011-1111-0006
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
dhcp server ip-pool vlan98.7.ser07
static-bind ip-address 192.168.98.7 mask 255.255.255.0
static-bind mac-address 0011-1111-0007
gateway-list 192.168.98.254
dns-list 105.21.16.35 33.116.5.9
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
authorization-attribute level 3
service-type telnet terminal
service-type web
local-user adminer
password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
authorization-attribute level 3
service-type web
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.199.1 255.255.255.0
#
interface Vlan-interface11
ip address 192.168.11.254 255.255.255.0
#
interface Vlan-interface16
#
interface Vlan-interface20
ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface21
ip address 192.168.21.254 255.255.255.0
#
interface Vlan-interface22
ip address 192.168.22.254 255.255.255.0
#
interface Vlan-interface23
ip address 192.168.23.254 255.255.255.0
#
interface Vlan-interface24
ip address 192.168.24.254 255.255.255.0
#
interface Vlan-interface25
ip address 192.168.25.254 255.255.255.0
#
interface Vlan-interface26
ip address 192.168.26.254 255.255.255.0
#
interface Vlan-interface27
ip address 192.168.27.254 255.255.255.0
#
interface Vlan-interface28
ip address 192.168.28.254 255.255.255.0
#
interface Vlan-interface29
ip address 192.168.29.254 255.255.255.0
#
interface Vlan-interface31
ip address 192.168.31.254 255.255.255.0
#
interface Vlan-interface32
ip address 192.168.32.254 255.255.255.0
#
interface Vlan-interface33
ip address 192.168.33.254 255.255.255.0
#
interface Vlan-interface34
ip address 192.168.34.254 255.255.255.0
#
interface Vlan-interface86
ip address 192.168.86.254 255.255.255.0
#
interface Vlan-interface91
ip address 192.168.91.254 255.255.255.0
#
interface Vlan-interface95
ip address 192.168.95.2 255.255.255.252
#
interface Vlan-interface98
ip address 192.168.98.254 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/3
description to A_SW01
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/5
description to B_SW07
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/6
description to B_SW10
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/7
description to B_SW02
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/8
description to B_SW05
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/9
description to B_SW06
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/10
description to C_SW03
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/11
description to C_SW01
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/12
description to B_SW08
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/13
description to C_SW04
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/14
description to C_SW02
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/15
description to B_SW03
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/16
description to B_SW01
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/17
description to B_SW04
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/18
description to B_SW09
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/19
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/20
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/21
description to serSW01
port link-type trunk
port trunk permit vlan all
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/22
port link-type trunk
port trunk permit vlan all
shutdown
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/23
port access vlan 20
mirroring-group 1 monitor-port
#
interface GigabitEthernet1/0/24
description to FW01
port access vlan 95
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
ip route-static 0.0.0.0 0.0.0.0 Vlan-interface95 192.168.95.1
#
dhcp server forbidden-ip 192.168.11.110 192.168.11.254
dhcp server forbidden-ip 192.168.20.25 192.168.20.254
dhcp server forbidden-ip 192.168.21.25 192.168.21.254
dhcp server forbidden-ip 192.168.22.25 192.168.22.254
dhcp server forbidden-ip 192.168.23.25 192.168.23.254
dhcp server forbidden-ip 192.168.24.25 192.168.24.254
dhcp server forbidden-ip 192.168.25.25 192.168.25.254
dhcp server forbidden-ip 192.168.26.25 192.168.26.254
dhcp server forbidden-ip 192.168.27.25 192.168.27.254
dhcp server forbidden-ip 192.168.28.25 192.168.28.254
dhcp server forbidden-ip 192.168.29.25 192.168.29.254
dhcp server forbidden-ip 192.168.31.25 192.168.31.254
dhcp server forbidden-ip 192.168.32.25 192.168.32.254
dhcp server forbidden-ip 192.168.33.25 192.168.33.254
dhcp server forbidden-ip 192.168.34.25 192.168.34.254
dhcp server forbidden-ip 192.168.98.25 192.168.98.254
dhcp server forbidden-ip 192.168.20.24 192.168.20.254
dhcp server forbidden-ip 192.168.21.24 192.168.21.254
dhcp server forbidden-ip 192.168.22.24 192.168.22.254
dhcp server forbidden-ip 192.168.23.24 192.168.23.254
dhcp server forbidden-ip 192.168.24.24 192.168.24.254
dhcp server forbidden-ip 192.168.25.24 192.168.25.254
dhcp server forbidden-ip 192.168.26.24 192.168.26.254
dhcp server forbidden-ip 192.168.27.24 192.168.27.254
dhcp server forbidden-ip 192.168.28.24 192.168.28.254
dhcp server forbidden-ip 192.168.29.24 192.168.29.254
dhcp server forbidden-ip 192.168.31.24 192.168.31.254
dhcp server forbidden-ip 192.168.32.24 192.168.32.254
dhcp server forbidden-ip 192.168.33.24 192.168.33.254
dhcp server forbidden-ip 192.168.34.24 192.168.34.254
dhcp server forbidden-ip 192.168.98.30 192.168.98.254
dhcp server forbidden-ip 192.168.11.40 192.168.11.254
dhcp server forbidden-ip 192.168.91.22 192.168.91.254
#
dhcp enable
#
arp timer aging 10
#
ip https enable
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
user-interface vty 5 15
#
return
--------------------A_SW01-------------------------------
#
version 5.20.99, Release 1103
#
sysname A_SW01
#
clock timezone Beijing add 08:00:00
#
domain default enable system
#
ipv6
#
telnet server enable
#
mirroring-group 1 local
#
password-recovery enable
#
vlan 1
arp detection enable
#
vlan 11
arp detection enable
#
vlan 86
arp detection enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
authorization-attribute level 3
service-type telnet
service-type web
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.199.101 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
dhcp-snooping trust
arp detection trust
#
interface GigabitEthernet1/0/2
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/3
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/4
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/5
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/6
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/7
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/8
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/9
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/10
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/11
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/12
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/13
description to financialroomA23
port access vlan 86
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/14
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/15
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/16
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/17
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/18
description to financialroomA24
port access vlan 86
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/19
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/20
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/21
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/22
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/23
port access vlan 11
mirroring-group 1 mirroring-port both
#
interface GigabitEthernet1/0/24
port access vlan 11
mirroring-group 1 monitor-port
#
interface GigabitEthernet1/0/25
#
interface GigabitEthernet1/0/26
#
interface GigabitEthernet1/0/27
#
interface GigabitEthernet1/0/28
#
dhcp-snooping
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
authentication-mode scheme
#
return
--------------------serSW01------------------------------
#
version 5.20.99, Release 1103
#
sysname serSW01
#
domain default enable system
#
ipv6
#
telnet server enable
#
password-recovery enable
#
vlan 1
arp detection enable
#
vlan 91
#
vlan 98
arp detection enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$bIanGr5abuKLEEw8Kno3x3udAbKSlsdfAKgwhBVcui1/jpDWu==
authorization-attribute level 3
service-type telnet
service-type web
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.199.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
dhcp-snooping trust
arp detection trust
#
interface GigabitEthernet1/0/2
port access vlan 98
#
interface GigabitEthernet1/0/3
port access vlan 98
#
interface GigabitEthernet1/0/4
port access vlan 98
#
interface GigabitEthernet1/0/5
port access vlan 98
#
interface GigabitEthernet1/0/6
port access vlan 98
#
interface GigabitEthernet1/0/7
port access vlan 98
#
interface GigabitEthernet1/0/8
port access vlan 98
#
interface GigabitEthernet1/0/9
port access vlan 98
#
interface GigabitEthernet1/0/10
port access vlan 98
#
interface GigabitEthernet1/0/11
port access vlan 91
#
interface GigabitEthernet1/0/12
port access vlan 91
#
interface GigabitEthernet1/0/13
port access vlan 91
#
interface GigabitEthernet1/0/14
port access vlan 91
#
interface GigabitEthernet1/0/15
port access vlan 91
#
interface GigabitEthernet1/0/16
port access vlan 91
#
interface GigabitEthernet1/0/17
port access vlan 91
#
interface GigabitEthernet1/0/18
port access vlan 91
#
interface GigabitEthernet1/0/19
port access vlan 91
#
interface GigabitEthernet1/0/20
port access vlan 98
#
interface GigabitEthernet1/0/21
port access vlan 98
#
interface GigabitEthernet1/0/22
port access vlan 98
#
interface GigabitEthernet1/0/23
port access vlan 98
#
interface GigabitEthernet1/0/24
port access vlan 98
#
interface GigabitEthernet1/0/25
#
interface GigabitEthernet1/0/26
#
interface GigabitEthernet1/0/27
#
interface GigabitEthernet1/0/28
#
dhcp-snooping
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
authentication-mode scheme
#
return
