Chinaunix首页 | 论坛 | 博客

华为技术cisco3550.blog.chinaunix.net

首页 |  博文目录 |  关于我

wfeng520

  • 博客访问: 1330317
  • 博文数量: 464
  • 博客积分: 9399
  • 博客等级: 中将
  • 技术积分: 6364
  • 用 户 组: 普通用户
  • 注册时间: 2011-02-19 09:15
文章分类

全部博文(464)

文章存档

2014年(12)

2013年(123)

2012年(173)

2011年(156)

我的朋友
最近访客
推荐博文
相关博文
Cisco 4506双机热备配置(HSRP STANDBY)

分类: 系统运维

2012-06-18 14:16:59

Current configuration : 4307 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname 4506-1

!

enable secret 5 $1$f6uA$uOeBnswuinoLFBNsxSP561

!

subnet-zero

no ip domain-lookup

!

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-1005 priority 24576

power redundancy-mode redundant

!

!

vlan access-map vlan_map 10

action forward

match ip address server_acl

vlan access-map vlan_map 20

action drop

match ip address vlan_acl

vlan access-map vlan_map 30

action forward

vlan filter vlan_map vlan-list 30-31,33-34,37,39,100-101,200,311

vlan internal allocation policy ascending

!

Port-channel1

switchport

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/1

switchport trunk encapsulation dot1q

channel-group 1 mode on

!

interface GigabitEthernet1/2

switchport trunk encapsulation dot1q

channel-group 1 mode on

!

interface GigabitEthernet2/1

switchport trunk encapsulation dot1q

!

interface GigabitEthernet2/2

switchport access vlan 37

spanning-tree portfast

!

interface GigabitEthernet2/3

switchport trunk encapsulation dot1q

!

interface GigabitEthernet2/4

switchport access vlan 33

spanning-tree portfast

!

interface GigabitEthernet2/5

switchport trunk encapsulation dot1q

!

interface GigabitEthernet2/6

switchport access vlan 34

spanning-tree portfast

!

interface GigabitEthernet3/1

switchport trunk encapsulation dot1q

!

interface GigabitEthernet3/2

switchport trunk encapsulation dot1q

interface GigabitEthernet3/3

switchport access vlan 311

spanning-tree portfast

!

interface GigabitEthernet3/4

switchport trunk encapsulation dot1q

!

interface GigabitEthernet3/5

switchport access vlan 31

spanning-tree portfast

!

interface GigabitEthernet3/6

switchport access vlan 101

spanning-tree portfast

!

interface GigabitEthernet4/1

switchport trunk encapsulation dot1q

!

interface GigabitEthernet4/2

switchport access vlan 39

spanning-tree portfast

!

interface GigabitEthernet4/3

switchport trunk encapsulation dot1q

!

interface GigabitEthernet4/4

switchport access vlan 101

spanning-tree portfast

!

interface GigabitEthernet4/5

switchport trunk encapsulation dot1q

!

interface GigabitEthernet4/6

switchport access vlan 30

spanning-tree portfast

!

interface GigabitEthernet6/1

!

interface GigabitEthernet6/2

!

interface GigabitEthernet6/3

!

interface GigabitEthernet6/4

!

interface GigabitEthernet6/5

interface GigabitEthernet6/6

!

interface GigabitEthernet6/7

!

interface GigabitEthernet6/8

!

interface GigabitEthernet6/9

!

interface GigabitEthernet6/10

!

interface GigabitEthernet6/11

!

interface GigabitEthernet6/12

!

interface GigabitEthernet6/13

!

interface GigabitEthernet6/14

!

interface GigabitEthernet6/15

!

interface GigabitEthernet6/16

!

interface GigabitEthernet6/17

!

interface GigabitEthernet6/18

!

interface GigabitEthernet6/19

!

interface GigabitEthernet6/20

!

interface GigabitEthernet6/21

!

interface GigabitEthernet6/22

!

interface GigabitEthernet6/23

!

interface GigabitEthernet6/24

!

interface Vlan1

no ip address

!

interface Vlan30

ip address 192.168.30.252 255.255.255.0

standby ip 192.168.30.254

standby priority 110

standby preempt

!

interface Vlan31

ip address 192.168.31.252 255.255.255.0

standby ip 192.168.31.254

standby priority 110

standby preempt

!

interface Vlan33

ip address 192.168.33.252 255.255.255.0

standby ip 192.168.33.254

standby priority 110

standby preempt

!

interface Vlan34

ip address 192.168.34.252 255.255.255.0

standby ip 192.168.34.254

standby priority 110

standby preempt

!

interface Vlan37

ip address 192.168.37.252 255.255.255.0

standby ip 192.168.37.254

standby priority 110

standby preempt

!

interface Vlan39

ip address 192.168.39.252 255.255.255.0

standby ip 192.168.39.254

standby priority 110

standby preempt

!

interface Vlan100

ip address 192.168.100.252 255.255.255.0

standby ip 192.168.100.254

standby priority 110

standby preempt

!

interface Vlan101

ip address 192.168.101.252 255.255.255.0

standby ip 192.168.101.254

standby priority 110

standby preempt

!

interface Vlan200

ip address 192.168.200.252 255.255.255.0

standby ip 192.168.200.254

standby priority 110

standby preempt

!

interface Vlan311

ip address 192.168.11.252 255.255.255.0

standby ip 192.168.11.254

standby priority 110

standby preempt

!

no ip http server

!

!

ip access-list extended server_acl

permit ip 192.168.0.0 0.0.255.255 host 192.168.101.250

ip access-list extended vlan_acl

permit ip 192.168.30.0 0.0.0.255 192.168.33.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.31.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.34.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.37.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.39.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.33.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.34.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.37.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.39.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.31.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.34.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.37.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.39.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.33.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.37.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.39.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.34.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.37.0 0.0.0.255 192.168.39.0 0.0.0.255

permit ip 192.168.37.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.37.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.37.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.37.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.39.0 0.0.0.255 192.168.11.0 0.0.0.255

permit ip 192.168.39.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.39.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.39.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.11.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.11.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.11.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.100.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255

permit ip 192.168.101.0 0.0.0.255 192.168.200.0 0.0.0.255

!

!

!

line con 0

stopbits 1

line vty 0 4

password %$&&&*(&(

login

line vty 5 15

password %$&&&*(&(

login

!

end

4506-1#show standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active addr Standby addr Group addr

Vl30 0 110 P Active local unknown 192.168.30.254

Vl31 0 110 P Active local unknown 192.168.31.254

Vl33 0 110 P Active local unknown 192.168.33.254

Vl34 0 110 P Active local unknown 192.168.34.254

Vl37 0 110 P Active local unknown 192.168.37.254

Vl39 0 110 P Active local unknown 192.168.39.254

Vl100 0 110 P Active local unknown 192.168.100.254

Vl101 0 110 P Active local unknown 192.168.101.254

Vl200 0 110 P Active local unknown 192.168.200.254

Vl311 0 110 P Active local unknown 192.168.11.254

4506-1#

4506-1#show vtp status

VTP Version : 2

Configuration Revision : 10

Maximum VLANs supported locally : 1005

Number of existing VLANs : 15

VTP Operating Mode : Server

VTP Domain Name : domainnet

VTP Pruning Mode : Enable

VTP V2 Mode : Enable

VTP Traps Generation : Disabled

MD5 digest : 0x46 0xDB 0x03 0x38 0x8D 0xBC 0x92 0x8F

Configuration last modified by 0.0.0.0 at 12-13-05 20:53:52

Local updater ID is 192.168.30.252 on interface Vl30 (lowest numbered VLAN inter

face found)

4506-1#
ip subnet-zero
ip routing
no ip domain-lookup
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 200 priority 24576
spanning-tree vlan 201 priority 24576
spanning-tree vlan 202 priority 28672
spanning-tree vlan 203 priority 28672
spanning-tree vlan 204 priority 24576
spanning-tree vlan 205 priority 24576
spanning-tree vlan 206priority 28672
spanning-tree vlan 307 priority 24576
spanning-tree vlan 308 priority 24576

interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface FastEthernet0/1
switchport access vlan 200
switchport mode access
no ip address
duplex full
speed 100
!
interface FastEthernet0/2
switchport access vlan 201
switchport mode access
no ip address
duplex full
speed 100
!
interface FastEthernet0/3
switchport access vlan 202
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
switchport access vlan 203
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 203
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 203
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 203
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 203
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 204
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 204
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 204
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 205
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 205
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 206
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 206
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 206
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 207
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 207
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 208
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 208
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/29
switchport access vlan 208
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/30
switchport access vlan 208
switchport mode access
no ip address
spanning-tree portfast
。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 1 mode on
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 1 mode on
!
interface Vlan1
ip address xxxxxxxxx
no ip redirects
standby 1 ip xxxxxxx
standby 1 priority 120
standby 1 preempt
!
interface Vlan200
ip address xxxxxxxxx
!
interface Vlan201
ip address xxxxxxxxx
!
interface Vlan202
ip address xxxxxxxxx
no ip redirects
standby 202 ip xxxxxxxxx
standby 202priority 120
standby 202 preempt
!
interface Vlan203
ip address xxxxxxxxx
no ip redirects
standby 203 ip xxxxxxxxx
standby 203priority 120
standby 203 preempt
!
interface Vlan204
ip address xxxxxxxxx
no ip redirects
standby 204 ip xxxxxxxxx
standby 204priority 120
standby 204 preempt
!
interface Vlan205
ip address xxxxxxxxx
no ip redirects
standby 205 ip xxxxxxxxx
standby 205priority 120
standby 205 preempt
!
。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。
router eigrp
network xxxxxxx
no auto-summary
ip classless
end
其中vlan200和vlan201为2台交换机互连的vlan。

CCIE Security 2009 IOS防火墙合集


阅读(954) | 评论(0) | 转发(0) |
0

上一篇:Cisco HSRP GLBP 小结

下一篇:独臂路由器实现VLAN互访,通过NAT访问外网

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6