华为9300开局模板.doc
文本预览下载声明
园区交换机配置模板
下面以97机房9306为例
一、配置系统名
sysname SM-SY-XY-S9306-L3-1.MAN
二、配置网管VLAN及其IP地址
vlan 101
q
interface Vlan-interface 101
description WangGuan
ip address 172.16.96.12 255.255.255.0
三、配置远程登陆时的本地用户及超级用户的用户名、密码
user-interface vty 0 14
authentication-mode aaa
idle-timeout 15 0
q
aaa
local-user admin password cipher sm-admin
local-user admin service-type telnet
local-user admin level 1
q
super password level 3 cipher sm@770
四、配置防病毒访问控制列表
acl number 3000
rule 1 deny tcp destination-port eq 135
rule 2 deny tcp destination-port eq 136
rule 3 deny tcp destination-port eq 137
rule 4 deny tcp destination-port eq 138
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq 135
rule 7 deny udp destination-port eq 136
rule 8 deny udp destination-port eq netbios-ns
rule 9 deny udp destination-port eq netbios-dgm
rule 10 deny udp destination-port eq netbios-ssn
rule 11 deny tcp destination-port eq 1434
rule 12 deny udp destination-port eq 1434
rule 13 deny tcp destination-port eq 445
rule 14 deny udp destination-port eq 445
五、配置网管地址及团体属性
snmp-agent trap enable standard
snmp-agent trap enable basetrap
snmp-agent target-host trap address udp-domain 192.168.254.3 params securityname S9306
snmp-agent community read S9306
snmp-agent community write S/S9306
snmp-agent sys-info version all
ntp-service unicast-server 192.168.254.22
ntp-service unicast-server 192.168.254.21 preference
六、配置默认路由
ip route-static 0.0.0.0 0.0.0.0 172.16.96.1
七、配置上行端口数据
interface GigabitEthernet1/0/0
description To-SM-SY-XY-SE800-A-1.MAN GE14/0/4------------对端口进行描述
undo negotiation auto----------------------------------------------------强制千兆,全双工模式
port link-type hybrid
port hybrid tagged vlan 102
undo port hybrid vlan 1
broadcast-suppression 10 -----------------------------------------------设置广播抑制
八、灵活QinQ 以青山三村上连列东S9306为例
G 1/0/0
G
显示全部