Catalyst 4006交换机的配置实例

一、CAT4006引擎模块WS-X4013的配置清单

（其中包括：基本设置、VLAN的配置、通道配置、以及端口镜像口的1/2设置连接千兆IDS）

Cisco Systems, Inc. Console

Enter password:

CAT4006> enable

Enter password:

CAT4006> (enable)

　　.......

begin

 ***** NON-DEFAULT CONFIGURATION *****

#time: Mon Apr 11 2005, 22:02:13

#version 6.1(1)

#system web interface version(s)

et password *********************

et enablepass *********************

#system

et system name CAT4006

#frame distribution method

et port channel all distribution mac both

#vtp

et vtp domain hngazk

et vlan 1 name default type ethernet mtu 1500 said 100001 state active

et vlan 16 name Old_Bangong type ethernet mtu 1500 said 100016 state active

et vlan 17 name Server_Manage type ethernet mtu 1500 said 100017 state active

et vlan 18 name New_Bangong type ethernet mtu 1500 said 100018 state active

et vlan 19 name Library type ethernet mtu 1500 said 100019 state active

et vlan 22 name Old_Shiyanzhongxin type ethernet mtu 1500 said 100022 state active

et vlan 23 name CaiZhuan_Jiashuyuan type ethernet mtu 1500 said 100023 state active

et vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active

et vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee

et vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm

et vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 0 stemaxhop 0 backupcrf off

ip

et interface sc0 17 21x.xxx.17.253/255.255.255.0 21x.xxx.xxx.255

et interface sl0 down

et interface me1 down

et ip route 0.0.0.0/0.0.0.0 21x.xxx.xxx.254

#dns

et ip dns server 21x.xxx.xxx.2 primary

et ip dns enable

#syslog

et logging level cops 2 default

#set boot command

et boot config-register 0x2

et boot system flash bootflash:cat4000.6-1-1.bin

#mls

et mls nde disable

#port channel

et port channel 3/1-4 636

#module 1 : 2-port 1000BaseX Supervisor

et udld enable 1/1

et trunk 1/1 nonegotiate dot1q 1-1005

et trunk 1/2 nonegotiate dot1q 1-1005

#module 2 : 6-port 1000BaseX Ethernet

et vlan 20 2/3

et port name 2/1 Old_Shiyanzhongxin

et port name 2/2 Library

et port name 2/3 New_Shiyanzhongxin

et port name 2/4 New_Bangong

et port name 2/5 CaiZhuan_Jiashuyuan

et port name 2/6 Old_Shiyanzhongxin

etudld enable 2/6

et udld disable 2/3

et trunk 2/1 nonegotiate dot1q 1-1005

et trunk 2/2 nonegotiate dot1q 1-1005

et trunk 2/3 nonegotiate dot1q 1-1005

et trunk 2/4 nonegotiate dot1q 1-1005

et trunk 2/5 nonegotiate dot1q 1-1005

　　et trunk 2/6 nonegotiate dot1q 1-1005

　　

　　#module 3 : 34-port Router Switch Card

　　et vlan 16 3/3-9,3/11-19,3/26-34

　　et vlan 17 3/10,3/20

　　et vlan 18 3/21

　　et vlan 19 3/22

　　et vlan 20 3/23

　　et vlan 22 3/24

　　et vlan 23 3/25

　　et port name 3/1 Firewall_Talent

　　et trunk 3/1 nonegotiate dot1q 1-1005

　　et trunk 3/2 nonegotiate dot1q 1-1005

　　et port channel 3/1-2 mode on

　　

　　#module 4 : 34-port 10/100/1000 Ethernet

　　et vlan 16 4/5-9,4/11,4/15-34

　　et vlan 17 4/3-4,4/10,4/12-14

　　et trunk 4/1 nonegotiate dot1q 1-1005

　　et trunk 4/2 nonegotiate dot1q 1-1005

　　

　　#module 5 empty

　　

　　#module 6 empty

　　

　　#switch port analyzer

　　et span 2/1-6,3/1-34,4/1-34 1/2 both inpkts disable learning enable create

　　nd

　　CAT4006> (enable)

　　二、WS-X4232-L3三层路由模块的配置清单

　　（其中包括：VLAN路由、访问控制列表、三层模块与交换机背板通道的配置等等）

　　WS-X4232-L3#

　　Using 4055 out of 126968 bytes

　　

　　version 12.0

　　o service pad

　　service timestamps debug uptime

　　service timestamps log uptime

　　o service password-encryption

　　

　　hostname WS-X4232-L3

　　

　　enable secret 5 *****************

　　enable password **********

　　

　　p subnet-zero

　　

　　

　　

　　interface Port-channel1

　　o ip address

　　o ip directed-broadcast

　　hold-queue 300 in

　　

　　interface Port-channel1.1

　　encapsulation dot1Q 1 native

　　p address 10.10.1.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.16

　　encapsulation dot1Q 16

　　p address 21x.xxx.16.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.17

　　encapsulation dot1Q 17

　　p address 21x.xxx.17.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.18

　　encapsulation dot1Q 18

　　p address 21x.xxx.18.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.19

　　encapsulation dot1Q 19

　　p address 21x.xxx.19.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.20

　　encapsulation dot1Q 20

　　p address 21x.xxx.21.254 255.255.254.0 secondary

　　p address 21x.xxx.20.254 255.255.254.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.22

　　encapsulation dot1Q 22

　　p address 21x.xxx.22.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface Port-channel1.23

　　encapsulation dot1Q 23

　　p address 21x.xxx.23.254 255.255.255.0

　　p access-group 110 in

　　p access-group 110 out

　　o ip redirects

　　o ip directed-broadcast

　　

　　interface FastEthernet1

　　o ip address

　　o ip directed-broadcast

　　shutdown

　　

　　interface GigabitEthernet1

　　p address 21x.xxx.xxx.xxx 255.255.255.240

　　p access-group 110 in

　　p access-group 110 out

　　o ip directed-broadcast

　　

　　interface GigabitEthernet2

　　o ip address

　　o ip directed-broadcast

　　

　　interface GigabitEthernet3

　　o ip address

　　o ip directed-broadcast

　　o negotiation auto

　　channel-group 1

　　

　　interface GigabitEthernet4

　　o ip address

　　o ip directed-broadcast

　　o negotiation auto

　　channel-group 1

　　

　　p classless

　　p route 0.0.0.0 0.0.0.0 2xx.xxx.xxx.xxx

　　

　　access-list 110 deny tcp any any eq echo

　　access-list 110 deny tcp any any eq chargen

　　access-list 110 deny tcp any any eq 135

　　access-list 110 deny tcp any any eq 136

　　access-list 110 deny tcp any any eq 137

　　access-list 110 deny tcp any any eq 138

　　access-list 110 deny tcp any any eq 139

　　access-list 110 deny tcp any any eq 389

　　access-list 110 deny tcp any any eq 445

　　access-list 110 deny tcp any any eq 4444

　　access-list 110 deny udp any any eq tftp

　　access-list 110 deny udp any any eq 135

　　access-list 110 deny udp any any eq 136

　　access-list 110 deny udp any any eq netbios-ns

　　access-list 110 deny udp any any eq netbios-dgm

　　access-list 110 deny udp any any eq netbios-ss

　　access-list 110 deny udp any any eq 389

　　access-list 110 deny udp any any eq 445

　　access-list 110 deny udp any any eq 1434

　　access-list 110 deny udp any any eq 1433

　　access-list 110 deny udp any any eq 1025

　　access-list 110 deny udp any any eq 455

　　access-list 110 deny udp any any eq 5554

　　access-list 110 deny udp any any eq 9996

　　access-list 110 deny udp any any eq 6129

　　access-list 110 deny udp any any eq 3127

　　access-list 110 deny udp any any eq 2745

　　access-list 110 deny tcp any any eq 6669

　　access-list 110 deny tcp any any eq 1023

　　access-list 110 deny tcp any any eq 1024

　　access-list 110 deny tcp any any eq 3332

　　access-list 110 deny tcp any any eq 69

　　access-list 110 deny udp any any eq 593

　　access-list 110 deny tcp any any eq 593

　　access-list 110 permit ip any any

　　rp 127.0.0.2 0005.5e73.9300 ARPA

　　

　　line con 0

　　transport input none

　　line aux 0

　　line vty 0 4

　　password **********

　　login

　　

　　nd