网络技术 订阅所有网络技术的日志

4500系列的双机热备,配置清单.

作者:晓风残月 日期:2008-06-18

字体大小:
4500系列的双机热备,配置清单。
一.主交换机(main)
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname main
//主机名
main(config)#hostname main
!
boot system flash bootflash:cat4000-i9s-mz.121-19.EW1.bin
enable password mzycjhj
//特权密码
main(config)#enable password

!
ip subnet-zero
ip host sec-main 172.18.2.100
ip host main 172.18.2.101
ip host four-2 172.18.2.107
ip host cx 172.18.2.109
ip host wj 172.18.2.110
ip host nine 172.18.2.108
ip host four-1 172.18.2.106
ip host pcs 172.18.2.111
ip host jjb 172.18.2.105
ip host zs 172.18.2.104
ip host jf2 172.18.2.103
ip host bzg 172.18.2.112
//对应地址设置
main(config)#ip host  

!
!
spanning-tree mode mst
//生成树协议模式
main(config)#spanning-tree mode mst

spanning-tree extend system-id
spanning-tree uplinkfast
//设置快速收敛模式
main(config)#spanning-tree uplinkfast

spanning-tree vlan 1-50 priority 24576
spanning-tree vlan 1-50 forward-time 10
spanning-tree vlan 1-50 max-age 14
//设置生成树优先级
main(config)#spanning-tree vlan 1 – 50 root primary

!
!
interface Loopback0
no ip address
!
interface Port-channel1
no ip address
//设置通道一
main(config)#interface port-channel 1

!
interface GigabitEthernet1/1
no switchport
no ip address
channel-group 1 mode on
//加入通道一
main(config)#interface g1/1
main(config-if)# no switchport //把接口改为三层接口
main(config-if)# no ip address
main(config-if)# channel-group 1 mode on

!
interface GigabitEthernet1/2
no switchport
no ip address
channel-group 1 mode on
//加入通道一
main(config)#interface g1/2
main(config-if)# no switchport //把接口改为三层接口
main(config-if)# no ip address
main(config-if)# channel-group 1 mode on

!
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/4
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/5
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/4
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/5
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
ip address 172.18.2.99 255.255.255.0
!
interface Vlan2
//设置VLAN IP 地址
main(config)#interface vlan 1
main(config-if)# ip address 192.168.161.12 255.255.255.240
no ip redirects
//设置不重定向IP查询
main(config-if)# no ip redirects

standby 2 ip 192.168.161.14
//设置HSRP组2地址
main(config-if)# standby 2 ip 192.168.161.14

standby 2 priority 110
//设置HSRP组2优先值
main(config-if)# standby 2 priority 110 //初始值为100

standby 2 preempt
//打开HSRP组2抢占功能
main(config-if)# standby 2 preempt

!
interface Vlan3
ip address 192.168.161.156 255.255.255.224 secondary
//设置VLAN IP 第二地址
main(config-if)# ip address 192.168.161.156 255.255.255.224 secondary

ip address 172.18.10.100 255.255.255.0
no ip redirects
standby 3 ip 172.18.10.99
standby 3 ip 192.168.161.158 secondary
//设置HSRP组3第二地址
main(config-if)# standby 3 ip 192.168.161.158 secondary
standby 3 priority 110
standby 3 preempt
!
interface Vlan4
ip address 192.168.161.188 255.255.255.224 secondary
ip address 172.18.20.100 255.255.255.0
no ip redirects
standby 4 ip 172.18.20.99
standby 4 ip 192.168.161.190 secondary
standby 4 priority 110
standby 4 preempt
!
interface Vlan5
ip address 172.18.30.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 5 ip 172.18.30.99
standby 5 priority 110
standby 5 preempt
!
interface Vlan6
ip address 172.18.40.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 6 ip 172.18.40.99
standby 6 priority 110
standby 6 preempt
!
interface Vlan7
ip address 172.18.50.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 7 ip 172.18.50.99
standby 7 priority 110
standby 7 preempt
!
interface Vlan8
ip address 192.168.161.44 255.255.255.240 secondary
ip address 172.18.60.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 8 ip 172.18.60.99
standby 8 ip 192.168.161.46 secondary
!
interface Vlan9
ip address 172.18.70.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 9 ip 172.18.70.99
standby 9 priority 110
standby 9 preempt
!
interface Vlan10
ip address 172.18.80.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 10 ip 172.18.80.99
standby 10 priority 110
standby 10 preempt
!
interface Vlan11
ip address 172.18.90.100 255.255.255.0
no ip redirects
standby 11 ip 172.18.90.99
standby 11 priority 110
standby 11 preempt
!
interface Vlan12
ip address 172.18.100.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 12 ip 172.18.100.99
standby 12 priority 110
standby 12 preempt
!
interface Vlan13
ip address 172.18.110.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 13 ip 172.18.110.99
standby 13 priority 110
standby 13 preempt
!
interface Vlan14
ip address 192.168.162.124 255.255.255.224 secondary
ip address 172.18.120.100 255.255.255.0
no ip redirects
standby 14 ip 172.18.120.99
standby 14 ip 192.168.162.126 secondary
standby 14 priority 110
standby 14 preempt
!
interface Vlan15
ip address 172.18.130.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 15 ip 172.18.130.99
standby 15 priority 110
standby 15 preempt
!
interface Vlan16
ip address 172.18.150.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 16 ip 172.18.150.99
standby 16 priority 110
standby 16 preempt
!
interface Vlan17
ip address 172.18.160.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 17 ip 172.18.160.99
standby 17 priority 110
standby 17 preempt
!
interface Vlan18
ip address 172.18.180.100 255.255.255.0
ip access-group 101 in
no ip redirects
standby 18 ip 172.18.180.99
standby 18 priority 110
standby 18 preempt
!
interface Vlan19
description link to zyjk-163
ip address 192.168.163.252 255.255.255.0
no ip redirects
standby 19 ip 192.168.163.254
standby 19 priority 110
standby 19 preempt
!
interface Vlan20
description link zycw-160
ip address 192.168.160.252 255.255.255.0
no ip redirects
standby 20 ip 192.168.160.254
standby 20 priority 110
standby 20 preempt
!
interface Vlan21
ip address 172.18.1.199 255.255.255.0
no ip redirects
standby 21 ip 172.18.1.99
standby 21 priority 110
standby 21 preempt
!
interface Vlan22
ip address 192.168.161.124 255.255.255.240 secondary
ip address 172.18.190.100 255.255.255.0
no ip redirects
standby 22 ip 172.18.190.99
standby 22 ip 192.168.161.126 secondary
standby 22 priority 110
standby 22 preempt
!
interface Vlan23
description link to pmj
ip address 192.168.136.199 255.255.255.0
no ip redirects
standby 23 ip 192.168.136.99
standby 23 priority 110
standby 23 preempt
!
interface Vlan24
description link zysphy-164
ip address 192.168.164.252 255.255.255.0
no ip redirects
standby 24 ip 192.168.164.254
standby 24 priority 110
standby 24 preempt
!
interface Vlan30
description Link to 10.10.6.9/29
ip address 10.10.6.13 255.255.255.248
no ip redirects
standby 30 ip 10.10.6.11
standby 30 priority 110
standby 30 preempt
!
interface Vlan31
description Link to 10.10.6.29/30
ip address 10.10.6.30 255.255.255.252
no ip redirects
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.1.98
ip route 10.10.0.0 255.255.0.0 10.10.6.9
ip route 10.20.0.0 255.255.0.0 10.10.6.9
ip route 10.76.0.0 255.255.0.0 10.10.6.9
ip route 10.130.10.0 255.255.255.0 10.10.6.9
ip route 172.16.10.0 255.255.255.0 10.10.6.9
ip route 172.16.11.0 255.255.255.0 10.10.6.9
ip route 172.16.12.0 255.255.255.0 10.10.6.9
ip route 172.16.31.0 255.255.255.0 10.10.6.9
no ip http server
!
!
access-list 101 deny tcp any any eq www
access-list 101 permit ip any any
access-list 102 permit tcp any 172.16.11.0 0.0.0.255 eq www
access-list 102 deny tcp any any eq www
access-list 102 permit ip any any
snmp-server community mzyccc RO
snmp-server manager
!
!
line con 0
stopbits 1
line vty 0 4
password mzycccne
login
end
二.备份机(sec-main)
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname sec-main
!
enable password mzycjhj
!
ip subnet-zero
ip host bzg 172.18.2.112
ip host jf2 172.18.2.103
ip host zs 172.18.2.104
ip host jjb 172.18.2.105
ip host main 172.18.2.99
ip host pcs 172.18.2.111
ip host four-1 172.18.2.106
ip host nine 172.18.2.108
ip host wj 172.18.2.110
ip host cx 172.18.2.109
ip host four-2 172.18.2.107
!
!
spanning-tree mode mst
//生成树协议模式
sec-main(config)#spanning-tree mode mst

spanning-tree extend system-id
spanning-tree uplinkfast
//设置快速收敛模式
sec-main(config)#spanning-tree uplinkfast

spanning-tree vlan 1-50 priority 28672
spanning-tree vlan 1-50 forward-time 10
spanning-tree vlan 1-50 max-age 14
//设置生成树优先级
sec-main(config)#spanning-tree vlan 1 – 50 root secondary

!
!
interface Loopback0
no ip address
!
interface Port-channel1
no ip address
//设置通道一
sec-main(config)#interface port-channel 1
!
interface GigabitEthernet1/1
no switchport
no ip address
channel-group 1 mode on
//加入通道一
sec-main(config)#interface g1/1
sec-main(config-if)# no switchport //把接口改为三层接口
sec-main(config-if)# no ip address
sec-main(config-if)# channel-group 1 mode on

!
interface GigabitEthernet1/2
no switchport
no ip address
channel-group 1 mode on
!
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
//修改接口的优先值
sec-main(config)#interface g2/1
sec-main(config-if)# spanning-tree cost 30000

!
interface GigabitEthernet2/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet2/3
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet2/4
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet2/5
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet2/6
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/3
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/4
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/5
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface GigabitEthernet3/6
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 30000
!
interface Vlan1
ip address 172.18.2.100 255.255.255.0

!
interface Vlan2
ip address 192.168.161.13 255.255.255.240
no ip redirects
standby 2 ip 192.168.161.14
//设置HSRP组2地址
sec-main(config-if)# standby 2 ip 192.168.161.14

standby 2 preempt
//打开HSRP组2抢占功能
sec-main(config-if)# standby 2 preempt

!
interface Vlan3
ip address 192.168.161.157 255.255.255.224 secondary
ip address 172.18.10.101 255.255.255.0
no ip redirects
standby 3 ip 172.18.10.99
standby 3 ip 192.168.161.158 secondary
standby 3 preempt
!
interface Vlan4
ip address 192.168.161.189 255.255.255.224 secondary
ip address 172.18.20.101 255.255.255.0
no ip redirects
standby 4 ip 172.18.20.99
standby 4 ip 192.168.161.190 secondary
standby 4 preempt
!
interface Vlan5
ip address 172.18.30.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 5 ip 172.18.30.99
standby 5 preempt
!
interface Vlan6
ip address 172.18.40.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 6 ip 172.18.40.99
standby 6 preempt
!
interface Vlan7
ip address 172.18.50.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 7 ip 172.18.50.99
standby 7 preempt
!
interface Vlan8
ip address 192.168.161.45 255.255.255.240 secondary
ip address 172.18.60.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 8 ip 172.18.60.99
standby 8 ip 192.168.161.46 secondary
standby 8 preempt
!
interface Vlan9
ip address 172.18.70.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 9 ip 172.18.70.99
standby 9 preempt
!
interface Vlan10
ip address 172.18.80.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 10 ip 172.18.80.99
standby 10 preempt
!
interface Vlan11
ip address 172.18.90.101 255.255.255.0
no ip redirects
standby 11 ip 172.18.90.99
standby 11 preempt
!
interface Vlan12
ip address 172.18.100.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 12 ip 172.18.100.99
standby 12 preempt
!
interface Vlan13
ip address 172.18.110.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 13 ip 172.18.110.99
standby 13 preempt
!
interface Vlan14
ip address 192.168.162.125 255.255.255.224 secondary
ip address 172.18.120.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 14 ip 172.18.120.99
standby 14 ip 192.168.162.126 secondary
standby 14 preempt
!
interface Vlan15
ip address 172.18.130.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 15 ip 172.18.130.99
standby 15 preempt
!
interface Vlan16
ip address 172.18.150.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 16 ip 172.18.150.99
standby 16 preempt
!
interface Vlan17
ip address 172.18.160.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 17 ip 172.18.160.99
standby 17 preempt
!
interface Vlan18
ip address 172.18.180.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 18 ip 172.18.180.99
standby 18 preempt
!
interface Vlan19
description link to zyjk-163
ip address 192.168.163.253 255.255.255.0
no ip redirects
standby 19 ip 192.168.163.254
standby 19 preempt
!
interface Vlan20
description link to zycw-160
ip address 192.168.160.253 255.255.255.0
no ip redirects
standby 20 ip 192.168.160.254
standby 20 preempt
!
interface Vlan21
ip address 192.168.162.157 255.255.255.224 secondary
ip address 172.18.1.200 255.255.255.0
no ip redirects
standby 21 ip 172.18.1.99
standby 21 ip 192.168.162.158 secondary
standby 21 preempt
!
interface Vlan22
ip address 192.168.161.125 255.255.255.240 secondary
ip address 172.18.190.101 255.255.255.0
ip access-group 101 in
no ip redirects
standby 22 ip 172.18.190.99
standby 22 ip 192.168.161.126 secondary
standby 22 preempt
!
interface Vlan23
ip address 192.168.136.200 255.255.255.0
no ip redirects
standby 23 ip 192.168.136.99
standby 23 preempt
!
interface Vlan24
ip address 192.168.164.253 255.255.255.0
no ip redirects
standby 24 ip 192.168.164.254
standby 24 preempt
!
interface Vlan30
description link to zywg-10.10.6.9/29
ip address 10.10.6.14 255.255.255.248
no ip redirects
standby 30 ip 10.10.6.11
standby 30 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.1.98
ip route 10.10.0.0 255.255.0.0 10.10.6.9
ip route 10.20.0.0 255.255.0.0 10.10.6.9
ip route 10.76.0.0 255.255.0.0 10.10.6.9
ip route 10.130.10.0 255.255.255.0 10.10.6.9
ip route 172.16.10.0 255.255.255.0 10.10.6.9
ip route 172.16.11.0 255.255.255.0 10.10.6.9
ip route 172.16.12.0 255.255.255.0 10.10.6.9
ip route 172.16.31.0 255.255.255.0 10.10.6.9
no ip http server
!
access-list 101 deny tcp any any eq www
access-list 101 permit ip any any
access-list 102 permit tcp any 172.16.11.0 0.0.0.255 eq www
access-list 102 deny tcp any any eq www
access-list 102 permit ip any any
!
!
line con 0
stopbits 1
line vty 0 4
password mzycccne
login
!
!
end


文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志:
评论: 0 | 引用: 0 | 查看次数: -
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.