出合PSのコンフィグ投入(24ポート) 【初期コンフィグ設定】 1.スイッチの電源を投入し、下記のコマンドをコピーし流し込みする。 ------------------------------------------------------------------------------------------------- system-view undo dot1x access-user log enable abnormal-logoff failed-login normal-logoff successful-login undo mac-authentication access-user log enable failed-login logoff successful-login undo port-security mac-move permit undo loopback-detection global enable vlan 1 to 4094 undo loopback-detection interval-time interface range Ethernet 1/0/1 to Ethernet 1/0/20 shutdown dot1x handshake dot1x multicast-trigger undo dot1x unicast-trigger exit interface range GigabitEthernet 1/0/21 to GigabitEthernet 1/0/28 shutdown dot1x handshake dot1x multicast-trigger undo dot1x unicast-trigger exit undo radius scheme system gratuitous-arp-learning enable quit ------------------------------------------------------------------------------------------------- 2.設定した内容が正しいか、下記displayコマンドでコンフィグ内容を確認する。 ------------------------------------------------------------------------------------------------- screen-length disable display current-configuration ------------------------------------------------------------------------------------------------- ※表示された設定内容が初期コンフィグであることを確認すること。(別紙:初期コンフィグ・ポート24) 【パスワード設定】 1.下記のコマンドをコピーして流し込みし、特権パスワードを設定する画面に移行する。 ------------------------------------------------------------------------------------------------- local-user yonden password ------------------------------------------------------------------------------------------------- 2.パスワードを入力する画面になるので、以下のパスワードを2回入力する。 パスワード:com_tushin 3.下記のコマンドをコピーして流し込みし、閲覧パスワードを設定する画面に移行する。 ------------------------------------------------------------------------------------------------- service-type telnet terminal authorization-attribute user-role network-admin quit locak-user yonden password ------------------------------------------------------------------------------------------------- 4.パスワードを入力する画面になるので、以下のパスワードを2回入力する。 パスワード:com_tushin 5.下記のコマンドをコピーして流し込みする。 ------------------------------------------------------------------------------------------------- service-type telnet terminal authorization-attribute user-role network-operator quit ------------------------------------------------------------------------------------------------- 【共通コンフィグ設定】 1.下記のコマンドをコピーして流し込みする。 ------------------------------------------------------------------------------------------------ system-view # acl basic 2000 rule 0 permit source 10.63.5.0 0.0.0.255 rule 1 permit source 10.63.24.0 0.0.0.255 rule 2 permit source 10.60.0.0 0.0.255.3 rule 3 permit source 10.61.0.0 0.0.255.3 rule 4 permit source 10.62.0.0 0.0.255.3 # telnet server enable telnet server acl 2000 # line aux 0 authentication-mode scheme idle-timeout 60 0 # line vty 0 63 authentication-mode scheme idle-timeout 60 0 # port-security enable # mac-address mac-move fast-update mac-address notification mac-move interval 1 # shutdown-interval 300 # stp region-configuration region-name YONDEN revision-level 65000 instance 1 vlan 1 to 4094 active region-configuration # stp port-log instance 1 stp timer-factor 7 stp global enable # info-center loghost 10.63.5.201 info-center loghost 10.63.24.201 # snmp-agent sys-info version v2c undo snmp-agent sys-info version v3 snmp-agent community read public-mpls snmp-agent target-host trap address udp-domain 10.63.24.202 params securityname public-mpls v2c snmp-agent target-host trap address udp-domain 10.63.5.202 params securityname public-mpls v2c snmp-agent trap enable port-security snmp-agent trap enable stp # clock timezone JST add 09:00:00 # ntp-service enable ntp-service unicast-server 10.63.5.202 priority ntp-service unicast-server 10.63.24.202 # traffic classifier 48k operator and if-match any # traffic behavior 48k car cir 48 cbs 6144 ebs 0 green pass red discard yellow discard # qos policy 48k classifier 48k behavior 48k # traffic classifier 64k operator and if-match any # traffic behavior 64k car cir 64 cbs 8192 ebs 0 green pass red discard yellow discard # qos policy 64k classifier 64k behavior 64k # traffic classifier 128k operator and if-match any # traffic behavior 128k car cir 128 cbs 16384 ebs 0 green pass red discard yellow discard # qos policy 128k classifier 128k behavior 128k # traffic classifier 256k operator and if-match any # traffic behavior 256k car cir 256 cbs 32256 ebs 0 green pass red discard yellow discard # qos policy 256k classifier 256k behavior 256k # traffic classifier 1M operator and if-match any # traffic behavior 1M car cir 1000 cbs 125440 ebs 0 green pass red discard yellow discard # qos policy 1M classifier 1M behavior 1M # traffic classifier 1.5M operator and if-match any # traffic behavior 1.5M car cir 1504 cbs 187904 ebs 0 green pass red discard yellow discard # qos policy 1.5M classifier 1.5M behavior 1.5M # traffic classifier 2M operator and if-match any # traffic behavior 2M car cir 2000 cbs 250368 ebs 0 green pass red discard yellow discard # qos policy 2M classifier 2M behavior 2M # traffic classifier 3M operator and if-match any # traffic behavior 3M car cir 3000 cbs 375296 ebs 0 green pass red discard yellow discard # qos policy 3M classifier 3M behavior 3M # traffic classifier 5M operator and if-match any # traffic behavior 5M car cir 5000 cbs 625152 ebs 0 green pass red discard yellow discard # qos policy 5M classifier 5M behavior 5M # traffic classifier 6M operator and if-match any # traffic behavior 6M car cir 6000 cbs 750080 ebs 0 green pass red discard yellow discard # qos policy 6M classifier 6M behavior 6M # traffic classifier 10M operator and if-match any # traffic behavior 10M car cir 10000 cbs 1250304 ebs 0 green pass red discard yellow discard # qos policy 10M classifier 10M behavior 10M # traffic classifier 18M operator and if-match any # traffic behavior 18M car cir 18000 cbs 2250240 ebs 0 green pass red discard yellow discard # qos policy 18M classifier 18M behavior 18M # traffic classifier 20M operator and if-match any # traffic behavior 20M car cir 20000 cbs 2500096 ebs 0 green pass red discard yellow discard # qos policy 20M classifier 20M behavior 20M # traffic classifier 30M operator and if-match any # traffic behavior 30M car cir 30000 cbs 3750400 ebs 0 green pass red discard yellow discard # qos policy 30M classifier 30M behavior 30M # traffic classifier 50M operator and if-match any # traffic behavior 50M car cir 50000 cbs 6250496 ebs 0 green pass red discard yellow discard # qos policy 50M classifier 50M behavior 50M # ------------------------------------------------------------------------------------------------ 【スイッチの固有設定(IPアドレス、デフォルトゲートウェイ、トランクポート)】 1.下記のコマンドをコピーして流し込みする。 ------------------------------------------------------------------------------------------------ vlan 396 # interface Vlan-interface396 ip address 10.60.192.254 255.255.255.0 no shutdown # ip route-static 0.0.0.0 0 10.60.192.1 # sysname FA-SW-DEAI-PS-1 # interface GigabitEthernet1/0/24 description To_FA-SW-IKEDA-BO-1 port link-type trunk port trunk permit vlan all port trunk pvid vlan 1000 speed 100 duplex full storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block undo stp enable stp edged-port qos trust dot1p qos wrr af3 group 1 weight 15 qos wrr cs7 group sp no shutdown # 【スイッチのインターフェース設定】 1.下記のコマンドをコピーして流し込みする。 ------------------------------------------------------------------------------------------------ vlan 7 vlan 13 vlan 104 vlan 123 vlan 175 vlan 255 vlan 330 vlan 342 vlan 359 vlan 755 interface Ethernet1/0/1 description COMMON-TEMP_IKE port access vlan 755 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound interface Ethernet1/0/2 description COMMON-TEMP port access vlan 255 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound interface Ethernet1/0/3 description KEIUN-OSC_INF port access vlan 123 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/4 description TSUSHIN-MNG port access vlan 330 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/5 description HAIDEN-V0_CTRL port access vlan 175 speed 10 duplex half storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 3 qos apply policy 48k inbound port-security intrusion-mode blockmac port-security max-mac-count 5 port-security port-mode autolearn no shutdown interface Ethernet1/0/6 description TSUSHIN-MNG port access vlan 342 speed 100 duplex full storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/7 description TSUSHIN-MNG port access vlan 342 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/8 description SUIRYOKU-DAM_INF port access vlan 7 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1.5M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/9 description TSUSHIN-VoIP port access vlan 359 speed 100 duplex full storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 7 qos apply policy 6M inbound no shutdown interface Ethernet1/0/10 description TSUSHIN-VoIP port access vlan 359 speed 100 duplex full storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 7 qos apply policy 6M inbound no shutdown interface Ethernet1/0/11 description KEIUN-RELAY_INF port access vlan 104 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 1M inbound port-security intrusion-mode blockmac port-security max-mac-count 3 port-security port-mode autolearn no shutdown interface Ethernet1/0/12 description SUIRYOKU-SV port access vlan 13 storm-constrain broadcast ratio 10 5 storm-constrain multicast ratio 10 5 storm-constrain control block stp edged-port stp port bpdu-protection enable qos priority 1 qos apply policy 3M inbound no shutdown