API tools faq
paste
peektoseen

DGS-3627G_2

peektoseen
Mar 5th, 2012
283
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.96 KB | None | 0 0
raw download clone embed print report
  1. #-------------------------------------------------------------------------------
  2.  
  3. # DGS-3627G Gigabit Ethernet Switch
  4.  
  5. # Configuration
  6.  
  7. #
  8.  
  9. # Firmware: Build 2.55.B08
  10.  
  11. # Copyright(C) 2010 D-Link Corporation. All rights reserved.
  12.  
  13. #-------------------------------------------------------------------------------
  14.  
  15.  
  16.  
  17.  
  18. # STACK
  19.  
  20.  
  21. config stacking force_master_role state disable
  22.  
  23.  
  24. # DOUBLE_VLAN
  25.  
  26.  
  27. disable double_vlan
  28.  
  29.  
  30. # BASIC
  31.  
  32.  
  33. # ACCOUNT END
  34.  
  35. # PASSWORD ENCRYPTION
  36.  
  37. disable password encryption
  38.  
  39. config serial_port auto_logout 10_minutes
  40.  
  41. enable telnet 23
  42.  
  43. enable web 80
  44.  
  45. enable clipaging
  46.  
  47.  
  48. # STORM
  49.  
  50.  
  51. config traffic control auto_recover_time 0
  52.  
  53. config traffic trap none
  54.  
  55. config traffic control 1-27 broadcast disable multicast disable unicast disable action drop threshold 131072 countdown 0 time_interval 5
  56.  
  57.  
  58. # LOOP_DETECT
  59.  
  60.  
  61. config loopdetect ports 18 state enabled
  62.  
  63.  
  64. # GM
  65.  
  66.  
  67. config sim candidate
  68.  
  69. disable sim
  70.  
  71. config sim dp_interval 30
  72.  
  73. config sim hold_time 100
  74.  
  75.  
  76. # GM_H
  77.  
  78.  
  79.  
  80. # SYSLOG
  81.  
  82.  
  83. enable syslog
  84.  
  85. config system_severity log information
  86.  
  87. config system_severity trap information
  88.  
  89. create syslog host 1 severity all facility local0 udp_port 514 ipaddress 192.168.12.170 state enable
  90.  
  91. config log_save_timing on_demand
  92.  
  93.  
  94. # QOS
  95.  
  96.  
  97. enable hol_prevention
  98.  
  99. config 802.1p default_priority 1-27 0
  100.  
  101. config bandwidth_control 1-27 rx_rate no_limit tx_rate no_limit
  102.  
  103. config per_queue bandwidth_control ports 1-27 0 min_rate no_limit max_rate no_limit
  104.  
  105. config per_queue bandwidth_control ports 1-27 1 min_rate no_limit max_rate no_limit
  106.  
  107. config per_queue bandwidth_control ports 1-27 2 min_rate no_limit max_rate no_limit
  108.  
  109. config per_queue bandwidth_control ports 1-27 3 min_rate no_limit max_rate no_limit
  110.  
  111. config per_queue bandwidth_control ports 1-27 4 min_rate no_limit max_rate no_limit
  112.  
  113. config per_queue bandwidth_control ports 1-27 5 min_rate no_limit max_rate no_limit
  114.  
  115. config per_queue bandwidth_control ports 1-27 6 min_rate no_limit max_rate no_limit
  116.  
  117. config scheduling_mechanism ports 1-27 strict
  118.  
  119. config scheduling ports 1-27 0 max_packet 1
  120.  
  121. config scheduling ports 1-27 1 max_packet 2
  122.  
  123. config scheduling ports 1-27 2 max_packet 3
  124.  
  125. config scheduling ports 1-27 3 max_packet 4
  126.  
  127. config scheduling ports 1-27 4 max_packet 5
  128.  
  129. config scheduling ports 1-27 5 max_packet 6
  130.  
  131. config scheduling ports 1-27 6 max_packet 7
  132.  
  133. config 802.1p user_priority ports 1-27 0 2
  134.  
  135. config 802.1p user_priority ports 1-27 1 0
  136.  
  137. config 802.1p user_priority ports 1-27 2 1
  138.  
  139. config 802.1p user_priority ports 1-27 3 3
  140.  
  141. config 802.1p user_priority ports 1-27 4 4
  142.  
  143. config 802.1p user_priority ports 1-27 5 5
  144.  
  145. config 802.1p user_priority ports 1-27 6 6
  146.  
  147. config 802.1p user_priority ports 1-27 7 6
  148.  
  149.  
  150. # MIRROR
  151.  
  152.  
  153. disable mirror
  154.  
  155.  
  156. # TRAF-SEGMENTATION
  157.  
  158. config traffic_segmentation 1-27 forward_list all
  159.  
  160.  
  161. # SSL
  162.  
  163.  
  164. disable ssl
  165.  
  166. enable ssl ciphersuite RSA_with_RC4_128_MD5
  167.  
  168. enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
  169.  
  170. enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
  171.  
  172. enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
  173.  
  174. config ssl cachetimeout 600
  175.  
  176.  
  177. # PORT
  178.  
  179.  
  180. disable jumbo_frame
  181.  
  182. config ports 1 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-18 (138)
  183.  
  184. config ports 2 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-1 (16)
  185.  
  186. config ports 3 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-2 (16)
  187.  
  188. config ports 4 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-3 (16)
  189.  
  190. config ports 5 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-4 (16)
  191.  
  192. config ports 6 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-5 (125)
  193.  
  194. config ports 7 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-6 (16)
  195.  
  196. config ports 8,14-20 speed auto capability_advertised 1000_full flow_control disable learning enable state enable
  197.  
  198. config ports 9 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description (12)
  199.  
  200. config ports 10 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-11
  201.  
  202. config ports 11 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-12
  203.  
  204. config ports 12 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-16
  205.  
  206. config ports 13 speed auto capability_advertised 1000_full flow_control disable learning enable state enable description 4-17
  207.  
  208. config ports 21 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable description kopacb
  209.  
  210. config ports 21-24 medium_type fiber speed auto capability_advertised 1000_full flow_control disable learning enable state enable
  211.  
  212. config ports 22-24 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
  213.  
  214. config ports 25 speed auto flow_control disable learning enable state enable description trunk
  215.  
  216. config ports 26-27 speed auto flow_control disable learning enable state enable
  217.  
  218.  
  219. # OAM
  220.  
  221.  
  222.  
  223. # DDM
  224.  
  225.  
  226. config ddm trap disable
  227.  
  228. config ddm log enable
  229.  
  230. config ddm ports 1-24 state enable shutdown alarm
  231.  
  232.  
  233. # PORT_LOCK
  234.  
  235.  
  236. config port_security ports 1-27 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset
  237.  
  238.  
  239. # SNMPv3
  240.  
  241.  
  242. delete snmp community public
  243.  
  244. delete snmp community private
  245.  
  246. delete snmp user initial
  247.  
  248. delete snmp group initial
  249.  
  250. delete snmp group ReadGroup
  251.  
  252. delete snmp group WriteGroup
  253.  
  254. delete snmp view restricted all
  255.  
  256. delete snmp view CommunityView all
  257.  
  258. config snmp engineID 800000ab03002191c08600
  259.  
  260. create snmp view restricted 1.3.6.1.2.1.1 view_type included
  261.  
  262. create snmp view restricted 1.3.6.1.2.1.11 view_type included
  263.  
  264. create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
  265.  
  266. create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
  267.  
  268. create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
  269.  
  270. create snmp view CommunityView 1 view_type included
  271.  
  272. create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
  273.  
  274. create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
  275.  
  276. create snmp group public v1 read_view CommunityView notify_view CommunityView
  277.  
  278. create snmp group public v2c read_view CommunityView notify_view CommunityView
  279.  
  280. create snmp group initial v3 noauth_nopriv read_view restricted notify_view restricted
  281.  
  282. create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
  283.  
  284. create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
  285.  
  286. create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
  287.  
  288. create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
  289.  
  290. create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
  291.  
  292. create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
  293.  
  294. create snmp community private view CommunityView read_write
  295.  
  296. create snmp community public view CommunityView read_only
  297.  
  298. create snmp user initial initial
  299.  
  300.  
  301. # MANAGEMENT
  302.  
  303.  
  304. create trusted_host network 192.168.12.183/255.255.255.255
  305.  
  306. create trusted_host network 192.168.12.170/255.255.255.255
  307.  
  308. create trusted_host network 192.168.37.50/255.255.255.255
  309.  
  310. create trusted_host network 192.168.12.184/255.255.255.255
  311.  
  312. enable snmp traps
  313.  
  314. enable snmp authenticate_traps
  315.  
  316. disable snmp
  317.  
  318. enable snmp linkchange_traps
  319.  
  320. disable rmon
  321.  
  322. config snmp linkchange_traps ports 1-27 enable
  323.  
  324.  
  325. # VLAN
  326.  
  327.  
  328. enable pvid auto_assign
  329.  
  330. config vlan default delete 1-27
  331.  
  332. config vlan default advertisement enable
  333.  
  334. create vlan VLAN4 tag 4
  335.  
  336. config vlan VLAN4 add tagged 21,25 advertisement disable
  337.  
  338. create vlan VLAN6 tag 6
  339.  
  340. config vlan VLAN6 add tagged 21,25 advertisement disable
  341.  
  342. create vlan VLAN7 tag 7
  343.  
  344. config vlan VLAN7 add tagged 21,25-26 advertisement disable
  345.  
  346. create vlan VLAN8 tag 8
  347.  
  348. config vlan VLAN8 add tagged 21,25-26 advertisement disable
  349.  
  350. create vlan VLAN9 tag 9
  351.  
  352. config vlan VLAN9 add tagged 21,25-26 advertisement disable
  353.  
  354. create vlan VLAN10 tag 10
  355.  
  356. config vlan VLAN10 add tagged 12,21,25-26 advertisement disable
  357.  
  358. create vlan VLAN11 tag 11
  359.  
  360. config vlan VLAN11 add tagged 21,25-27 advertisement disable
  361.  
  362. create vlan VLAN12 tag 12
  363.  
  364. config vlan VLAN12 add tagged 25
  365.  
  366. config vlan VLAN12 add untagged 7,9,21 advertisement disable
  367.  
  368. create vlan VLAN14 tag 14
  369.  
  370. config vlan VLAN14 add tagged 21,25-27 advertisement disable
  371.  
  372. create vlan VLAN15 tag 15
  373.  
  374. config vlan VLAN15 add tagged 21,25-26 advertisement disable
  375.  
  376. create vlan VLAN16 tag 16
  377.  
  378. config vlan VLAN16 add tagged 4,21,25
  379.  
  380. config vlan VLAN16 add untagged 2-3,5,8 advertisement disable
  381.  
  382. create vlan VLAN17 tag 17
  383.  
  384. config vlan VLAN17 add tagged 21,25
  385.  
  386. config vlan VLAN17 add untagged 14-17 advertisement disable
  387.  
  388. create vlan VLAN18 tag 18
  389.  
  390. config vlan VLAN18 add tagged 21,25
  391.  
  392. config vlan VLAN18 add untagged 10-13 advertisement disable
  393.  
  394. create vlan VLAN26 tag 26
  395.  
  396. config vlan VLAN26 add tagged 21,25 advertisement disable
  397.  
  398. create vlan VLAN27 tag 27
  399.  
  400. config vlan VLAN27 add tagged 21,25 advertisement disable
  401.  
  402. create vlan VLAN28 tag 28
  403.  
  404. config vlan VLAN28 add tagged 9,21,25 advertisement disable
  405.  
  406. create vlan VLAN29 tag 29
  407.  
  408. config vlan VLAN29 add tagged 21,25 advertisement disable
  409.  
  410. create vlan VLAN30 tag 30
  411.  
  412. config vlan VLAN30 add tagged 21,25 advertisement disable
  413.  
  414. create vlan VLAN31 tag 31
  415.  
  416. config vlan VLAN31 add tagged 21,25 advertisement disable
  417.  
  418. create vlan VLAN32 tag 32
  419.  
  420. config vlan VLAN32 add tagged 21,25 advertisement disable
  421.  
  422. create vlan VLAN33 tag 33
  423.  
  424. config vlan VLAN33 add tagged 21,25 advertisement disable
  425.  
  426. create vlan VLAN34 tag 34
  427.  
  428. config vlan VLAN34 add tagged 21,25 advertisement disable
  429.  
  430. create vlan VLAN35 tag 35
  431.  
  432. config vlan VLAN35 add tagged 21,25 advertisement disable
  433.  
  434. create vlan VLAN36 tag 36
  435.  
  436. config vlan VLAN36 add tagged 21,25 advertisement disable
  437.  
  438. create vlan VLAN37 tag 37
  439.  
  440. config vlan VLAN37 add tagged 21,25 advertisement disable
  441.  
  442. create vlan VLAN39 tag 39
  443.  
  444. config vlan VLAN39 add tagged 21,25 advertisement disable
  445.  
  446. create vlan VLAN40 tag 40
  447.  
  448. config vlan VLAN40 add tagged 21,25 advertisement disable
  449.  
  450. create vlan VLAN58 tag 58
  451.  
  452. config vlan VLAN58 add tagged 21,25 advertisement disable
  453.  
  454. create vlan VLAN61 tag 61
  455.  
  456. config vlan VLAN61 add tagged 21,25 advertisement disable
  457.  
  458. create vlan VLAN77 tag 77
  459.  
  460. config vlan VLAN77 add tagged 25
  461.  
  462. config vlan VLAN77 add untagged 19 advertisement disable
  463.  
  464. create vlan VLAN84 tag 84
  465.  
  466. config vlan VLAN84 add tagged 25-27 advertisement disable
  467.  
  468. create vlan VLAN90 tag 90
  469.  
  470. config vlan VLAN90 add tagged 21,25-26 advertisement disable
  471.  
  472. create vlan VLAN91 tag 91
  473.  
  474. config vlan VLAN91 add tagged 21,25-26 advertisement disable
  475.  
  476. create vlan VLAN97 tag 97
  477.  
  478. config vlan VLAN97 add tagged 21,25-26
  479.  
  480. config vlan VLAN97 add untagged 20 advertisement disable
  481.  
  482. create vlan VLAN98 tag 98
  483.  
  484. config vlan VLAN98 add tagged 25-26 advertisement disable
  485.  
  486. create vlan VLAN99 tag 99
  487.  
  488. config vlan VLAN99 add tagged 21,25 advertisement disable
  489.  
  490. create vlan VLAN100 tag 100
  491.  
  492. config vlan VLAN100 add tagged 21,25 advertisement disable
  493.  
  494. create vlan VLAN101 tag 101
  495.  
  496. config vlan VLAN101 add tagged 1-27 advertisement disable
  497.  
  498. create vlan VLAN108 tag 108
  499.  
  500. config vlan VLAN108 add tagged 21,25 advertisement disable
  501.  
  502. create vlan VLAN115 tag 115
  503.  
  504. config vlan VLAN115 add tagged 21,25-26 advertisement disable
  505.  
  506. create vlan VLAN117 tag 117
  507.  
  508. config vlan VLAN117 add tagged 25
  509.  
  510. config vlan VLAN117 add untagged 23 advertisement disable
  511.  
  512. create vlan VLAN124 tag 124
  513.  
  514. config vlan VLAN124 add tagged 21,25
  515.  
  516. config vlan VLAN124 add untagged 4 advertisement disable
  517.  
  518. create vlan VLAN125 tag 125
  519.  
  520. config vlan VLAN125 add tagged 21,25
  521.  
  522. config vlan VLAN125 add untagged 6 advertisement disable
  523.  
  524. create vlan VLAN130 tag 130
  525.  
  526. config vlan VLAN130 add tagged 21,25
  527.  
  528. config vlan VLAN130 add untagged 18 advertisement disable
  529.  
  530. create vlan VLAN138 tag 138
  531.  
  532. config vlan VLAN138 add tagged 21,25
  533.  
  534. config vlan VLAN138 add untagged 1 advertisement disable
  535.  
  536. create vlan VLAN140 tag 140
  537.  
  538. config vlan VLAN140 add tagged 21,25-26 advertisement disable
  539.  
  540. create vlan TV tag 745
  541.  
  542. config vlan TV add tagged 25
  543.  
  544. config vlan TV add untagged 22 advertisement disable
  545.  
  546. create vlan TIME tag 765
  547.  
  548. config vlan TIME add tagged 21,25 advertisement disable
  549.  
  550. create vlan managment tag 777
  551.  
  552. config vlan managment add tagged 1-21,23-27 advertisement disable
  553.  
  554. create vlan megafon tag 778
  555.  
  556. config vlan megafon add tagged 21,25 advertisement disable
  557.  
  558. create vlan inet tag 888
  559.  
  560. config vlan inet add tagged 21,23,25 advertisement disable
  561.  
  562. create vlan wifi tag 1000
  563.  
  564. config vlan wifi add tagged 18,21,25-26 advertisement disable
  565.  
  566. create vlan wifi_ tag 1001
  567.  
  568. config vlan wifi_ add tagged 21,24-26 advertisement disable
  569.  
  570. disable qinq
  571.  
  572. enable gvrp
  573.  
  574. disable vlan_trunk
  575.  
  576. config gvrp 1 state disable ingress_checking enable acceptable_frame admit_all pvid 138
  577.  
  578. config gvrp 2-3,5,8 state disable ingress_checking enable acceptable_frame admit_all pvid 16
  579.  
  580. config gvrp 4 state disable ingress_checking enable acceptable_frame admit_all pvid 124
  581.  
  582. config gvrp 6 state disable ingress_checking enable acceptable_frame admit_all pvid 125
  583.  
  584. config gvrp 7,9 state disable ingress_checking enable acceptable_frame admit_all pvid 12
  585.  
  586. config gvrp 10-13 state disable ingress_checking enable acceptable_frame admit_all pvid 18
  587.  
  588. config gvrp 14-17 state disable ingress_checking enable acceptable_frame admit_all pvid 17
  589.  
  590. config gvrp 18 state disable ingress_checking enable acceptable_frame admit_all pvid 130
  591.  
  592. config gvrp 19 state disable ingress_checking enable acceptable_frame admit_all pvid 77
  593.  
  594. config gvrp 20 state disable ingress_checking enable acceptable_frame admit_all pvid 97
  595.  
  596. config gvrp 21 state enable ingress_checking enable acceptable_frame admit_all pvid 12
  597.  
  598. config gvrp 22 state disable ingress_checking enable acceptable_frame admit_all pvid 745
  599.  
  600. config gvrp 23 state disable ingress_checking enable acceptable_frame admit_all pvid 117
  601.  
  602. config gvrp 24,26-27 state disable ingress_checking enable acceptable_frame admit_all pvid 1
  603.  
  604. config gvrp 25 state enable ingress_checking enable acceptable_frame admit_all pvid 1
  605.  
  606.  
  607. # PROTOCOL_VLAN
  608.  
  609.  
  610.  
  611. # QINQ
  612.  
  613.  
  614.  
  615. # SUBNETVLAN
  616.  
  617.  
  618. config vlan_precedence port 1-27 mac_based_vlan
  619.  
  620.  
  621. # SUPERVLAN
  622.  
  623.  
  624.  
  625. # RSPAN
  626.  
  627.  
  628. disable rspan
  629.  
  630.  
  631. # MEF
  632.  
  633.  
  634.  
  635. # 8021X
  636.  
  637.  
  638. disable 802.1x
  639.  
  640. config 802.1x auth_mode port_based
  641.  
  642. config 802.1x auth_protocol radius_eap
  643.  
  644. config 802.1x fwd_pdu system disable
  645.  
  646. config 802.1x max_users 4000
  647.  
  648. config 802.1x authorization network radius enable
  649.  
  650. config 802.1x capability ports 1-27 none
  651.  
  652. config 802.1x auth_parameter ports 1-27 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
  653.  
  654. config 802.1x auth_parameter ports 1-27 max_users 16
  655.  
  656.  
  657. # guestvlan
  658.  
  659.  
  660.  
  661. # TR
  662.  
  663.  
  664.  
  665. # ACL
  666.  
  667.  
  668. create access_profile profile_id 4 ip destination_ip_mask 224.0.0.0
  669.  
  670. config access_profile profile_id 4 add access_id 1 ip destination_ip 224.0.0.0 port 1-27 permit priority 5 replace_dscp 48 rx_rate no_limit
  671.  
  672. disable cpu_interface_filtering
  673.  
  674.  
  675. # NLB
  676.  
  677.  
  678.  
  679. # LIMITED_MULTICAST_RANGE
  680.  
  681.  
  682.  
  683. # MULTICAST_VLAN
  684.  
  685.  
  686.  
  687. # FDB
  688.  
  689.  
  690. config fdb aging_time 300
  691.  
  692.  
  693. # ADDRBIND
  694.  
  695.  
  696. config address_binding ip_mac ports 1-27 forward_dhcppkt enable
  697.  
  698. disable address_binding dhcp_snoop
  699.  
  700. disable address_binding dhcp_snoop ipv6
  701.  
  702. disable address_binding nd_snoop
  703.  
  704. disable address_binding trap_log
  705.  
  706. config address_binding dhcp_snoop max_entry ports 1-27 limit no_limit
  707.  
  708.  
  709. # DHCPV6_SNOOPING
  710.  
  711.  
  712.  
  713. # ND_SNOOPING
  714.  
  715.  
  716.  
  717. # DhcpServerScreening
  718.  
  719.  
  720. config filter dhcp_server port all state disable
  721.  
  722. config filter dhcp_server illegal_server_log_suppress_duration 5min
  723.  
  724. config filter dhcp_server trap_log disable
  725.  
  726.  
  727. # ARPSpoofingPrevention
  728.  
  729.  
  730.  
  731. # MAC_ADDRESS_TABLE_NOTIFICATION
  732.  
  733.  
  734. disable mac_notification
  735.  
  736. config mac_notification interval 1 historysize 1
  737.  
  738. config mac_notification ports 1-27 disable
  739.  
  740.  
  741. # STP
  742.  
  743.  
  744. config stp version rstp
  745.  
  746. config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 6 fbpdu disable hellotime 2 lbd enable lbd_recover_timer 60 nni_bpdu_addr dot1ad
  747.  
  748. config stp priority 32768 instance_id 0
  749.  
  750. config stp mst_config_id name 00:21:91:C0:86:00 revision_level 0
  751.  
  752. disable stp
  753.  
  754. config stp ports 1-27 externalCost auto edge false p2p auto state enable restricted_role false restricted_tcn false lbd disable
  755.  
  756. config stp mst_ports 1-27 instance_id 0 internalCost auto priority 128
  757.  
  758. config stp ports 1-27 fbpdu disable
  759.  
  760.  
  761. # BPDU_TUNNEL
  762.  
  763.  
  764. config bpdu_tunnel ports all type none
  765.  
  766. disable bpdu_tunnel
  767.  
  768.  
  769. # BPDU_PROTECTION
  770.  
  771.  
  772. config bpdu_protection ports 1-27 mode drop
  773.  
  774.  
  775. # SAFEGUARD_ENGINE
  776.  
  777.  
  778. config safeguard_engine state enable utilization rising 90 falling 80 trap_log enable mode fuzzy
  779.  
  780.  
  781. # BANNER_PROMP
  782.  
  783.  
  784. config command_prompt default
  785.  
  786. config greeting_message default
  787.  
  788.  
  789. # SSH
  790.  
  791.  
  792. config ssh algorithm 3DES enable
  793.  
  794. config ssh algorithm AES128 enable
  795.  
  796. config ssh algorithm AES192 enable
  797.  
  798. config ssh algorithm AES256 enable
  799.  
  800. config ssh algorithm arcfour enable
  801.  
  802. config ssh algorithm blowfish enable
  803.  
  804. config ssh algorithm cast128 enable
  805.  
  806. config ssh algorithm twofish128 enable
  807.  
  808. config ssh algorithm twofish192 enable
  809.  
  810. config ssh algorithm twofish256 enable
  811.  
  812. config ssh algorithm MD5 enable
  813.  
  814. config ssh algorithm SHA1 enable
  815.  
  816. config ssh algorithm RSA enable
  817.  
  818. config ssh algorithm DSA enable
  819.  
  820. config ssh authmode password enable
  821.  
  822. config ssh authmode publickey enable
  823.  
  824. config ssh authmode hostbased enable
  825.  
  826. config ssh server maxsession 8
  827.  
  828. config ssh server contimeout 120
  829.  
  830. config ssh server authfail 2
  831.  
  832. config ssh server rekey never
  833.  
  834. config ssh server port 22
  835.  
  836. config ssh user SmartAV authmode password
  837.  
  838. disable ssh
  839.  
  840.  
  841. # SERVER_PROFILE
  842.  
  843.  
  844.  
  845. # DNSRESOLVER
  846.  
  847.  
  848. disable dns_resolver
  849.  
  850. config name_server timeout 3
  851.  
  852.  
  853. # CMDLOG
  854.  
  855.  
  856. disable command logging
  857.  
  858.  
  859. # BCPING
  860.  
  861.  
  862. enable broadcast_ping_reply
  863.  
  864.  
  865. # SNTP
  866.  
  867.  
  868. enable sntp
  869.  
  870. config time_zone operator + hour 4 min 0
  871.  
  872. config sntp primary 192.168.12.170 secondary 0.0.0.0 poll-interval 720
  873.  
  874. config dst disable
  875.  
  876.  
  877. # LACP
  878.  
  879.  
  880. config link_aggregation algorithm ip_source
  881.  
  882. config lacp_port 1-27 mode passive
  883.  
  884.  
  885. # IP
  886.  
  887.  
  888. config ipif_mac_mapping ipif System mac_offset 0
  889.  
  890. config ipif System ipaddress 172.16.0.1/16 vlan managment
  891.  
  892. config ipif System dhcpv6_client disable
  893.  
  894. config ipif System ip_directed_broadcast disable
  895.  
  896. config ipif System proxy_arp disable local disable
  897.  
  898. config ipif System ip_mtu 1500
  899.  
  900. config ipif System dhcpv6_client disable
  901.  
  902. config ipif System ip_directed_broadcast disable
  903.  
  904. disable autoconfig
  905.  
  906.  
  907. # ip_tunnel
  908.  
  909.  
  910.  
  911. # ERPS
  912.  
  913.  
  914. disable erps
  915.  
  916. config erps log disable
  917.  
  918. config erps trap disable
  919.  
  920.  
  921. # DHCP_SERVER
  922.  
  923.  
  924. config dhcp ping_packets 2
  925.  
  926. config dhcp ping_timeout 500
  927.  
  928. disable dhcp_server
  929.  
  930.  
  931. # WAC
  932.  
  933.  
  934. config wac switch_http_port 80
  935.  
  936. config wac method local
  937.  
  938. config wac authorization network local enable
  939.  
  940. config wac authorization network radius enable
  941.  
  942. disable wac
  943.  
  944. config wac ports 1-27 aging_time 1440 idle_time infinite block_time 60
  945.  
  946.  
  947. # JWAC
  948.  
  949.  
  950. config jwac switch_http_port 80
  951.  
  952. config jwac clear_quarantine_server_url
  953.  
  954. config jwac radius_protocol pap
  955.  
  956. disable jwac quarantine_server_monitor
  957.  
  958. config jwac quarantine_server_error_timeout 30
  959.  
  960. enable jwac forcible_logout
  961.  
  962. enable jwac udp_filtering
  963.  
  964. enable jwac redirect
  965.  
  966. config jwac redirect destination quarantine_server delay_time 1
  967.  
  968. disable jwac
  969.  
  970. config jwac authenticate_page english
  971.  
  972. config jwac authorization network radius enable
  973.  
  974. config jwac authorization network local enable
  975.  
  976. config jwac ports 1-27 auth_mode host_based max_authenticating_host 50 aging_time 1440 idle_time infinite block_time 60
  977.  
  978.  
  979. # SFLOW
  980.  
  981.  
  982.  
  983. # LLDP
  984.  
  985.  
  986. disable lldp
  987.  
  988. config lldp message_tx_interval 30
  989.  
  990. config lldp tx_delay 2
  991.  
  992. config lldp message_tx_hold_multiplier 4
  993.  
  994. config lldp reinit_delay 2
  995.  
  996. config lldp notification_interval 5
  997.  
  998. config lldp ports 1-27 notification disable
  999.  
  1000. config lldp ports 1-27 admin_status tx_and_rx
  1001.  
  1002.  
  1003. # MBA
  1004.  
  1005.  
  1006. disable mac_based_access_control
  1007.  
  1008. config mac_based_access_control authorization network radius enable local enable
  1009.  
  1010. config mac_based_access_control ports 1-27 state disable
  1011.  
  1012. config mac_based_access_control ports 1-27 mode host_based
  1013.  
  1014. config mac_based_access_control method local
  1015.  
  1016. config mac_based_access_control password default
  1017.  
  1018. config mac_based_access_control max_users 128
  1019.  
  1020.  
  1021. # MCFILTER
  1022.  
  1023.  
  1024. config multicast filtering_mode default filter_unregistered_groups
  1025.  
  1026. config multicast filtering_mode VLAN6 filter_unregistered_groups
  1027.  
  1028. config multicast filtering_mode VLAN7 filter_unregistered_groups
  1029.  
  1030. config multicast filtering_mode VLAN8 filter_unregistered_groups
  1031.  
  1032. config multicast filtering_mode VLAN9 filter_unregistered_groups
  1033.  
  1034. config multicast filtering_mode VLAN10 filter_unregistered_groups
  1035.  
  1036. config multicast filtering_mode VLAN11 filter_unregistered_groups
  1037.  
  1038. config multicast filtering_mode VLAN12 filter_unregistered_groups
  1039.  
  1040. config multicast filtering_mode VLAN14 filter_unregistered_groups
  1041.  
  1042. config multicast filtering_mode VLAN15 filter_unregistered_groups
  1043.  
  1044. config multicast filtering_mode VLAN16 filter_unregistered_groups
  1045.  
  1046. config multicast filtering_mode VLAN17 filter_unregistered_groups
  1047.  
  1048. config multicast filtering_mode VLAN18 filter_unregistered_groups
  1049.  
  1050. config multicast filtering_mode VLAN26 filter_unregistered_groups
  1051.  
  1052. config multicast filtering_mode VLAN27 filter_unregistered_groups
  1053.  
  1054. config multicast filtering_mode VLAN28 filter_unregistered_groups
  1055.  
  1056. config multicast filtering_mode VLAN31 filter_unregistered_groups
  1057.  
  1058. config multicast filtering_mode VLAN32 filter_unregistered_groups
  1059.  
  1060. config multicast filtering_mode VLAN33 filter_unregistered_groups
  1061.  
  1062. config multicast filtering_mode VLAN34 filter_unregistered_groups
  1063.  
  1064. config multicast filtering_mode VLAN35 filter_unregistered_groups
  1065.  
  1066. config multicast filtering_mode VLAN37 filter_unregistered_groups
  1067.  
  1068. config multicast filtering_mode VLAN40 filter_unregistered_groups
  1069.  
  1070. config multicast filtering_mode VLAN58 filter_unregistered_groups
  1071.  
  1072. config multicast filtering_mode VLAN61 filter_unregistered_groups
  1073.  
  1074. config multicast filtering_mode VLAN77 filter_unregistered_groups
  1075.  
  1076. config multicast filtering_mode VLAN84 filter_unregistered_groups
  1077.  
  1078. config multicast filtering_mode VLAN90 filter_unregistered_groups
  1079.  
  1080. config multicast filtering_mode VLAN91 filter_unregistered_groups
  1081.  
  1082. config multicast filtering_mode VLAN97 filter_unregistered_groups
  1083.  
  1084. config multicast filtering_mode VLAN98 filter_unregistered_groups
  1085.  
  1086. config multicast filtering_mode VLAN99 filter_unregistered_groups
  1087.  
  1088. config multicast filtering_mode VLAN100 filter_unregistered_groups
  1089.  
  1090. config multicast filtering_mode VLAN108 filter_unregistered_groups
  1091.  
  1092. config multicast filtering_mode VLAN115 filter_unregistered_groups
  1093.  
  1094. config multicast filtering_mode VLAN124 filter_unregistered_groups
  1095.  
  1096. config multicast filtering_mode VLAN125 filter_unregistered_groups
  1097.  
  1098. config multicast filtering_mode VLAN130 filter_unregistered_groups
  1099.  
  1100. config multicast filtering_mode VLAN138 filter_unregistered_groups
  1101.  
  1102. config multicast filtering_mode VLAN140 filter_unregistered_groups
  1103.  
  1104. config multicast filtering_mode TV filter_unregistered_groups
  1105.  
  1106. config multicast filtering_mode TIME filter_unregistered_groups
  1107.  
  1108. config multicast filtering_mode managment filter_unregistered_groups
  1109.  
  1110. config multicast filtering_mode megafon filter_unregistered_groups
  1111.  
  1112. config multicast filtering_mode inet filter_unregistered_groups
  1113.  
  1114. config multicast filtering_mode wifi filter_unregistered_groups
  1115.  
  1116. config multicast filtering_mode wifi_ filter_unregistered_groups
  1117.  
  1118.  
  1119. # COMPOUND_AUTHENTICATION
  1120.  
  1121.  
  1122. config authentication ports 1-27 auth_mode host_based
  1123.  
  1124. config authentication ports 1-27 multi_authen_methods none
  1125.  
  1126. enable authorization network
  1127.  
  1128. config authentication server failover block
  1129.  
  1130.  
  1131. # SNOOP
  1132.  
  1133.  
  1134. enable igmp_snooping
  1135.  
  1136. config limited_multicast_addr ports 1-27 state disable
  1137.  
  1138.  
  1139. # MLDSNP
  1140.  
  1141.  
  1142.  
  1143. # ACCESS_AUTHENTICATION_CONTROL
  1144.  
  1145.  
  1146. config authen_login default method local
  1147.  
  1148. config authen_enable default method local_enable
  1149.  
  1150. config authen application console login default
  1151.  
  1152. config authen application console enable default
  1153.  
  1154. config authen application telnet login default
  1155.  
  1156. config authen application telnet enable default
  1157.  
  1158. config authen application ssh login default
  1159.  
  1160. config authen application ssh enable default
  1161.  
  1162. config authen application http login default
  1163.  
  1164. config authen application http enable default
  1165.  
  1166. config authen parameter response_timeout 30
  1167.  
  1168. config authen parameter attempt 3
  1169.  
  1170. disable authen_policy
  1171.  
  1172. config accounting service network state disable
  1173.  
  1174. config accounting service shell state disable
  1175.  
  1176. config accounting service system state disable
  1177.  
  1178.  
  1179. # AAA_LOCAL_ENABLE_PASSWORD
  1180.  
  1181.  
  1182. # AAA ADMIN PWD LIST
  1183.  
  1184. config admin local_enable
  1185.  
  1186.  
  1187.  
  1188.  
  1189.  
  1190.  
  1191.  
  1192. # AAA ADMIN PWD END
  1193.  
  1194.  
  1195. # NDP
  1196.  
  1197.  
  1198. config ipv6 nd ns ipif System retrans_time 0
  1199.  
  1200. config ipv6 nd ra ipif System state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
  1201.  
  1202.  
  1203. # RIPng
  1204.  
  1205.  
  1206. disable ripng
  1207.  
  1208. config ripng method split_horizon
  1209.  
  1210. config ripng update 30
  1211.  
  1212. config ripng expire 180
  1213.  
  1214. config ripng garbage_collection 120
  1215.  
  1216. config ripng ipif System state disable metric 1
  1217.  
  1218.  
  1219. # ARP
  1220.  
  1221.  
  1222. config arp_aging time 5
  1223.  
  1224. config gratuitous_arp send ipif_status_up disable
  1225.  
  1226. config gratuitous_arp send dup_ip_detected disable
  1227.  
  1228. config gratuitous_arp learning disable
  1229.  
  1230.  
  1231. # ROUTEFILTER
  1232.  
  1233.  
  1234.  
  1235. # ROUTE
  1236.  
  1237.  
  1238. config route preference static 60
  1239.  
  1240. config route preference default 1
  1241.  
  1242. config route preference rip 100
  1243.  
  1244. config route preference ospfIntra 80
  1245.  
  1246. config route preference ospfInter 90
  1247.  
  1248. config route preference ospfExt1 110
  1249.  
  1250. config route preference ospfExt2 115
  1251.  
  1252. config route preference ebgp 70
  1253.  
  1254. config route preference ibgp 130
  1255.  
  1256. create iproute default 172.16.0.254 1 primary
  1257.  
  1258. config ecmp algorithm ip_destination crc_low
  1259.  
  1260. enable ecmp ospf
  1261.  
  1262.  
  1263. # PROUTE
  1264.  
  1265.  
  1266.  
  1267. # RELAY6
  1268.  
  1269.  
  1270. config dhcpv6_relay hop_count 4
  1271.  
  1272. disable dhcpv6_relay
  1273.  
  1274.  
  1275. # DHCPv6_SERVER
  1276.  
  1277.  
  1278. disable dhcpv6_server
  1279.  
  1280. config dhcpv6_server ipif System state enable
  1281.  
  1282.  
  1283. # IGMP
  1284.  
  1285.  
  1286. config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
  1287.  
  1288. config igmp ipif System last_member_query_interval 1
  1289.  
  1290. config igmp check_subscriber_source_network ipif System enable
  1291.  
  1292.  
  1293. # PIMSM
  1294.  
  1295.  
  1296. disable pim
  1297.  
  1298. config pim cbsr hash_masklen 30
  1299.  
  1300. config pim cbsr bootstrap_period 60
  1301.  
  1302. config pim register_suppression_time 60
  1303.  
  1304. config pim register_probe_time 5
  1305.  
  1306. config pim last_hop_spt_switchover never
  1307.  
  1308. config pim crp holdtime 150 priority 192
  1309.  
  1310. config pim crp wildcard_prefix_cnt 0
  1311.  
  1312. config pim ipif System state disable hello 30 jp_interval 60 mode dm dr_priority 1
  1313.  
  1314. config pim cbsr ipif System priority -1
  1315.  
  1316.  
  1317. # DVMRP
  1318.  
  1319.  
  1320. disable dvmrp
  1321.  
  1322. config dvmrp ipif System metric 1 probe 10 neighbor_timeout 35 state disable
  1323.  
  1324.  
  1325. # IPMROUTE
  1326.  
  1327.  
  1328.  
  1329. # RIP
  1330.  
  1331.  
  1332. disable rip
  1333.  
  1334. config rip ipif System tx_mode disable state disable
  1335.  
  1336. config rip ipif System rx_mode disable state disable
  1337.  
  1338.  
  1339. # MD5
  1340.  
  1341.  
  1342.  
  1343. # OSPF
  1344.  
  1345.  
  1346. config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
  1347.  
  1348. config ospf ipif System authentication none metric 1 state disable passive disable
  1349.  
  1350. config ospf router_id 0.0.0.0
  1351.  
  1352. disable ospf
  1353.  
  1354.  
  1355. # BGP
  1356.  
  1357.  
  1358.  
  1359. # OSPFv3
  1360.  
  1361.  
  1362. config ospfv3 router_id 0.0.0.0
  1363.  
  1364. disable ospfv3
  1365.  
  1366.  
  1367. # DNSR
  1368.  
  1369.  
  1370. disable dnsr
  1371.  
  1372. config dnsr primary nameserver 0.0.0.0
  1373.  
  1374. config dnsr secondary nameserver 0.0.0.0
  1375.  
  1376. disable dnsr cache
  1377.  
  1378. disable dnsr static
  1379.  
  1380.  
  1381. # DHCP_RELAY
  1382.  
  1383.  
  1384. disable dhcp_relay
  1385.  
  1386. config dhcp_relay hops 4 time 0
  1387.  
  1388. config dhcp_relay option_82 state disable
  1389.  
  1390. config dhcp_relay option_82 check disable
  1391.  
  1392. config dhcp_relay option_82 policy replace
  1393.  
  1394. config dhcp_relay option_60 state disable
  1395.  
  1396. config dhcp_relay option_61 state disable
  1397.  
  1398. config dhcp_relay option_60 default mode drop
  1399.  
  1400. config dhcp_relay option_61 default drop
  1401.  
  1402. disable dhcp_local_relay
  1403.  
  1404.  
  1405. # VRRP
  1406.  
  1407.  
  1408. config vrrp ipif System authtype none
  1409.  
  1410. disable vrrp
  1411.  
  1412.  
  1413. disable vrrp ping
  1414.  
  1415.  
  1416.  
  1417. #-------------------------------------------------------------------
  1418.  
  1419. # End of configuration file for DGS-3627G
  1420.  
  1421. #-------------------------------------------------------------------#
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!