这是2012年的工程,放这里一个配置,留个纪念。。
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname bj4-2960-1w-1
!
boot-start-marker
boot-end-marker
!
enable password 7 021250D4848AC095D781A1N
!
no aaa new-model
clock timezone BeiJing 8
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
!
ip dhcp snooping vlan 114
no ip dhcp snooping information option
ip dhcp snooping
ip arp inspection vlan 114
!
!
crypto pki trustpoint TP-self-signed-809741952
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-809741952
revocation-check none
rsakeypair TP-self-signed-809741952
!
!
crypto pki certificate chain TP-self-signed-809741952
certificate self-signed 01
30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38303937 34313935 32301E17 0D393330 33303130 30303035
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3830 39373431
39353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
EDCCC3D3 A9F43726 DB5384E6 280C1D2D 6FE1F899 CF24C3B3 B5CC3A64 1627CF24
1732C96F 998FBCA9 8F27AEDC 034EB623 18013D87 5F975ABB 3E866A8C 5CD54DE6
DCEE6428 7FC3856A F7C11132 C7014E28 5E019E8B B8729DC3 43ED1F41 C18FD9AB
E993864D E701B64E 373F9F05 FE95E1F8 02FC10D4 FE05D4C5 4BE552BD 7B32A793
02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D
11041230 10820E62 6A342D32 3936302D 31772D31 2E301F06 03551D23 04183016
80148156 F333DE40 4A63A05D B84A4719 3775120F D25B301D 0603551D 0E041604
148156F3 33DE404A 63A05DB8 4A471937 75120FD2 5B300D06 092A8648 86F70D01
01040500 03818100 33FB807D ABD9474B 64AC14C6 B8BB42BE 52279F89 D7CD9F09
4D699644 C39EE105 60F0473A 6BF52575 102D2460 FF1E7A8D 0EDEDB6B 4482CEAB
ADAD8E20 D9F0FCED 412D019B 111EA38C D949D028 B8788521 1B21A5D6 5C8C0553
30E96F80 B40E6003 4A0BA40D 9963E95B E4D294D0 89979E87 FF4D1D03 0C2E0247
4B6C58DC 15A80C83
quit
!
!
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 600
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1-501
!
vlan internal allocation policy ascending
!
vlan 114,502
!
!
!
interface FastEthernet0/1
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/2
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/3
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/4
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/5
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/6
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/7
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/8
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/9
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/10
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/11
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/12
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/13
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/14
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/15
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/16
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/17
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/18
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/19
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/20
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/21
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/22
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/23
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/24
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/25
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/26
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/27
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/28
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/29
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/30
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/31
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/32
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/33
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/34
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/35
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/36
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/37
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/38
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/39
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/40
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/41
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/42
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/43
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/44
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/45
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/46
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/47
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface FastEthernet0/48
switchport access vlan 114
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 1
ip arp inspection limit rate 15 burst interval 10
ip access-group 115 in
no cdp enable
spanning-tree portfast
ip verify source
!
interface GigabitEthernet0/1
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust
!
interface GigabitEthernet0/2
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan502
ip address 192.168.13.1 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.13.254
ip http server
ip http secure-server
access-list 10 permit 192.168.110.0 0.0.0.255
access-list 115 deny udp any any eq 1434
access-list 115 deny udp any any eq 1433
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny tcp any any eq 445
access-list 115 permit ip any any
snmp-server community public RO
!
control-plane
!
!
line con 0
line vty 0 4
access-class 10 in
password 7 14141B180F0B7872727F
login
line vty 5 15
access-class 10 in
password 7 01100F1758045456771B
login
!
ntp clock-period 36031751
ntp server 192.168.119.119
end