cisco 2960-24 配置（生産環境）

2010年項目，cisco 2960配置

bj1#2960-2-1-1#show run

Building configuration...

Current configuration : 10160 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

hostname bj1#2960-2-1-1

boot-start-marker

boot-end-marker

enable secret 5 $1$KLz2$yA02121elF8KX2/qyyZTWi/BAC

enable password 7 060506324F415B405347020A1F173D24362B

no aaa new-model

system mtu routing 1500

vtp domain gaoshang

vtp mode transparent

ip subnet-zero

ip dhcp snooping vlan 109

no ip dhcp snooping information option

ip dhcp snooping

ip arp inspection vlan 109

ip arp inspection validate src-mac dst-mac ip allow zeros 

ip arp inspection filter static vlan  109

crypto pki trustpoint TP-self-signed-2718202112

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2718202112

 revocation-check none

 rsakeypair TP-self-signed-2718202112

crypto pki certificate chain TP-self-signed-2718202112

 certificate self-signed 01

  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 32373138 32303231 3132301E 170D3933 30333031 30303031 

  30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313832 

  30323131 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  81009668 FBAF2F53 A69D94F9 DCCB21B6 A462B020 85CCB495 218C7C33 5B2096DD 

  7BD615CD 78C4948F A0AF136C D49249BD DBC210CA 4639BC77 64F6BAED 53C99F75 

  24BEB712 AEC51193 5195F069 09AEB7EB E7251676 3BE1F4D4 1DBFC0E0 B2A6B450 

  31D9D25D B1496055 FA8F49C7 7C202367 BF40CDCB F2AD7EAA F4941D78 D528D6FF 

  6FDB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 

  551D1104 13301182 0F626A31 23323936 302D322D 312D312E 301F0603 551D2304 

  18301680 14FCA9CC 48415253 181F492B 340B43FC 7C752290 6D301D06 03551D0E 

  04160414 FCA9CC48 41525318 1F492B34 0B43FC7C 7522906D 300D0609 2A864886 

  F70D0101 04050003 81810080 B6C45593 981329EA 6F23DB6C C42ACA29 24918992 

  66C1E3FD 4986D218 2FBA3F98 12EC5CB2 13893599 2B31D881 03BD9EAD 357124BA 

  8DE3BCCB 9FF25294 33D625E0 A930EFCD C9640BC6 C402F31C D4AB9C4C E09A28B0 

  35B81C34 EAF9C911 71D52EA4 519E1B32 D7B91F7C F9723958 D044A2C1 9E522125 

  13ABC2A0 2CA9765E E5BBE9

  quit

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause inline-power

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery cause small-frame

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

vlan internal allocation policy ascending

vlan 2

 name ZGC

vlan 3

 name office

vlan 4

 name abc

vlan 5

 name tech

vlan 6

 name jifang

vlan 7

 name dcs

vlan 101

 name vlan101

vlan 102

 name vlan102

vlan 103

 name vlan103

vlan 104

 name vlan104

vlan 105 

vlan 106

 name vlan106

vlan 107

 name vlan107

vlan 108

 name vlan108

vlan 109 

vlan 500

 name vlan500

vlan 501

 name young501

vlan 506 

vlan 508

 name vlan508

vlan 509 

vlan 510

 name young510

vlan 511

 name young511

vlan 600

 name server

vlan 601

 name nic

vlan 602

 name vlan602

interface FastEthernet0/1

 switchport access vlan 109

 switchport mode access

 ip access-group 115 in

 no cdp enable

 spanning-tree portfast

 ip dhcp snooping limit rate 50

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface FastEthernet0/5

interface FastEthernet0/6

interface FastEthernet0/7

interface FastEthernet0/8

interface FastEthernet0/9

interface FastEthernet0/10

interface FastEthernet0/11

interface FastEthernet0/12

interface FastEthernet0/13

interface FastEthernet0/14

interface FastEthernet0/15

interface FastEthernet0/16

interface FastEthernet0/17

interface FastEthernet0/18

interface FastEthernet0/19

interface FastEthernet0/20

interface FastEthernet0/21

interface FastEthernet0/22

interface FastEthernet0/23

interface FastEthernet0/24

interface GigabitEthernet0/1

 switchport mode trunk

 ip arp inspection trust

 ip dhcp snooping trust

interface GigabitEthernet0/2

interface Vlan1

 no ip address

 no ip route-cache

 shutdown

interface Vlan602

 ip address 192.168.10.1 255.255.255.0

ip default-gateway 192.168.10.254

ip http server

ip http access-class 10

no ip http secure-server

logging 192.168.119.119

access-list 10 permit 192.168.110.0 0.0.0.255

access-list 115 deny   udp any any eq 1434

access-list 115 deny   udp any any eq 1433

access-list 115 deny   tcp any any eq 135

access-list 115 deny   udp any any eq netbios-ns

access-list 115 deny   udp any any eq netbios-dgm

access-list 115 deny   tcp any any eq 139

access-list 115 deny   udp any any eq netbios-ss

access-list 115 deny   tcp any any eq 445

access-list 115 permit ip any any

arp access-list static

 permit ip host 192.168.198.1 mac host 001c.25c9.dfdb 

 permit ip host 192.168.198.2 mac host 00e0.b800.0570 

 permit ip host 192.168.198.3 mac host 00e0.b800.0580 

 permit ip host 192.168.198.4 mac host 00e0.b800.0607 

 permit ip host 192.168.198.5 mac host 0090.c2d0.00f5 

snmp-server community rcode RO 10

snmp-server community public RO

control-plane

line con 0

line vty 0 4

 access-class 10 in

 password 7 14141B180F0B787272782334310010191108

 login

line vty 5 15

end

本文轉自 古老 51CTO部落格，原文連結：http://blog.51cto.com/yzmlinux/1926129，如需轉載請自行聯系原作者