H3C核心交换机办公网常用配置
1.IRF配置
2.配置名称
sysname FC-RX_5F-Core
3.配置NTP
clock protocol ntp
ntp-service enable
ntp-service unicast-server x.x.x.x
clock timezone beijing add 8
4.开启stp
stp global enable
5.根据用途划分VLAN
如:有线、无线、管理、行政、服务器(idrac、管理等)
6.配置远程登录
7.配置下联至接入、汇聚交换机
interface GigabitEthernet1/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1 dhcp snooping trust # interface GigabitEthernet2/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1 dhcp snooping trust # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all link-aggregation mode dynamic #
8.配置dhcp
dhcp enable dhcp server forbidden-ip 10.1.130.2 10.1.130.10 dhcp server forbidden-ip 10.1.130.201 10.1.130.254 dhcp server ip-pool 5F-LAN_130 gateway-list 10.1.130.1 network 10.1.130.0 mask 255.255.255.0 dns-list 10.1.41.101 223.5.5.5 expired day 3 #
9.配置ACL
举例:只允许192.168.100.0/24访问指定的网段
acl advanced 3000 rule 21 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 26 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.161.0 0.0.0.255 rule 27 permit ip source 192.168.100.0 0.0.0.255 destination 10.1.31.0 0.0.0.255 rule 100 deny ip # interface Vlan-interface191 ip address 192.168.100.254 255.255.255.0 packet-filter 3000 inbound #