1.IRF配置
2.配置名稱
sysname FC-RX_5F-Core
3.配置NTP
clock protocol ntp
ntp-service enable
ntp-service unicast-server x.x.x.x
clock timezone beijing add 8
4.開啟stp
stp global enable
5.根據用途划分VLAN
如:有線、無線、管理、行政、服務器(idrac、管理等)
6.配置遠程登錄
7.配置下聯至接入、匯聚交換機
interface GigabitEthernet1/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1 dhcp snooping trust # interface GigabitEthernet2/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1 dhcp snooping trust # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all link-aggregation mode dynamic #
8.配置dhcp
dhcp enable dhcp server forbidden-ip 10.1.130.2 10.1.130.10 dhcp server forbidden-ip 10.1.130.201 10.1.130.254 dhcp server ip-pool 5F-LAN_130 gateway-list 10.1.130.1 network 10.1.130.0 mask 255.255.255.0 dns-list 10.1.41.101 223.5.5.5 expired day 3 #
9.配置ACL
舉例:只允許192.168.100.0/24訪問指定的網段
acl advanced 3000 rule 21 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 26 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.161.0 0.0.0.255 rule 27 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.31.0 0.0.0.255 rule 100 deny ip # interface Vlan-interface191 ip address 192.168.100.254 255.255.255.0 packet-filter 3000 inbound #