1.IRF配置

2.配置名称

  sysname FC-RX_5F-Core

3.配置NTP

  clock protocol ntp
  ntp-service enable
  ntp-service unicast-server x.x.x.x

  clock timezone beijing add 8

4.开启stp

  stp global enable

5.根据用途划分VLAN

   如:有线、无线、管理、行政、服务器(idrac、管理等)

6.配置远程登录

7.配置下联至接入、汇聚交换机

interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
 dhcp snooping trust
#
interface GigabitEthernet2/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
 dhcp snooping trust
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#

8.配置dhcp  

 dhcp enable
 dhcp server forbidden-ip 10.1.130.2 10.1.130.10
 dhcp server forbidden-ip 10.1.130.201 10.1.130.254

dhcp server ip-pool 5F-LAN_130
 gateway-list 10.1.130.1
 network 10.1.130.0 mask 255.255.255.0
 dns-list 10.1.41.101 223.5.5.5
 expired day 3
#

9.配置ACL

  举例:只允许192.168.100.0/24访问指定的网段

acl advanced 3000
 rule 21 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
 rule 26 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.161.0 0.0.0.255
 rule 27 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.31.0 0.0.0.255
 rule 100 deny ip
#
interface Vlan-interface191
 ip address 192.168.100.254 255.255.255.0
 packet-filter 3000 inbound
#

 

posted on 2021-03-05 16:03  星痕1216  阅读(1162)  评论(0编辑  收藏  举报