Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cli
- configure
- set system root-authentication plain-text-password
- "Назначаю пароль на root"
- commit
- set system login user bks class super-user authentication plain-text-password
- "Назначаю пароль для админа"
- commit
- set system host-name Access_1
- set interfaces me0 unit 0 family inet address 192.168.250.101/24 "Назначаю ip адрес для managment интерфейса"
- delete system service telnet "Удаляю telnet"
- |
- set system services ssh |
- set system services ssh protocol-version v2 | "Настраиваю ssh"
- set system services ssh root-login deny |
- set system services ssh connection-limit 10 |
- set system services ssh rate-limit 5 |
- set chassis aggregated-devices ethernet device-count 1 |
- set interfaces ae0 aggregated-ether-options minimum-links 1 | "Настраиваю агрегацию интерфейсов"
- set interfaces ae0 aggregated-ether-options link-speed 10g |
- set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk | "Настраиваю trunk на агрегированном интерфейсе"
- set interfaces ae0 unit 0 family ethernet-switching vlan members all |
- delete interfaces xe-0/1/0 unit 0 | "Удаляю интерфейсы xe-0/1/0.0 и xe-0/1/0.0"
- delete interfaces xe-0/1/1 unit 0 |
- delete protocols rstp interface xe-0/1/0 | "удаляю rstp с интерфейсов xe-0/1/0.0 и xe-0/1/0.0, добавлюя rstp на агрегированном интерфейсе"
- delete protocols rstp interface xe-0/1/1 |
- set protocols rstp interface ae0 |
- set interfaces xe-0/1/0 ether-options 802.3ad ae0 | "Добавляю в агрегрированный канал интерфейсы xe-0/1/0.0 и xe-0/1/0.0 "
- set interfaces xe-0/1/1 ether-options 802.3ad ae0 |
- set interfaces ae0 aggregated-ether-options lacp active periodic fast | "Настраиваю свойства агрегированного канала"
- "Создаю vlan-ы, и настраивая на них dhcp snooping и arp protection"
- set vlans vlan_20 description “VLAN IT”
- set vlans vlan_20 vlan-id 20
- edit vlans vlan_20 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_21 description “VLAN IT_new”
- set vlans vlan_21 vlan-id 21
- edit vlans vlan_21 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_30 description “VLAN VDI”
- set vlans vlan_30 vlan-id 30
- edit vlans vlan_30 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_31 description “VLAN VDI”
- set vlans vlan_31 vlan-id 31
- edit vlans vlan_31 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_50 description “VLAN Servers”
- set vlans vlan_50 vlan-id 50
- edit vlans vlan_50 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_51 description “VLAN Vm_host”
- set vlans vlan_51 vlan-id 51
- edit vlans vlan_51 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_55 description “VLAN Servers”
- set vlans vlan_55 vlan-id 55
- edit vlans vlan_55 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_60 description “VLAN RD_collections”
- set vlans vlan_60 vlan-id 60
- edit vlans vlan_60 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_100 description “VLAN VIP_Users”
- set vlans vlan_100 vlan-id 100
- edit vlans vlan_100 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_102 description “VLAN 2nd_Floor ”
- set vlans vlan_102 vlan-id 102
- edit vlans vlan_102 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_103 description “VLAN 3rd_Floor”
- set vlans vlan_103 vlan-id 103
- edit vlans vlan_103 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_104 description “VLAN 4rd_floor”
- set vlans vlan_104 vlan-id 104
- edit vlans vlan_104 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_120 description “VLAN ip_phone”
- set vlans vlan_120 vlan-id 120
- edit vlans vlan_120 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_150 description “VLAN Kapital”
- set vlans vlan_150 vlan-id 150
- edit vlans vlan_150 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_160 description “VLAN WiFi”
- set vlans vlan_160 vlan-id 160
- edit vlans vlan_160 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_161 description “VLAN Guest_WiFi”
- set vlans vlan_161 vlan-id 161
- edit vlans vlan_161 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_162 description “VLAN VIP”
- set vlans vlan_162 vlan-id 162
- edit vlans vlan_162 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_163 description “VLAN VIP_WiFi”
- set vlans vlan_163 vlan-id 163
- edit vlans vlan_163 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_200 description “VLAN Printers”
- set vlans vlan_200 vlan-id 200
- edit vlans vlan_200 forwarding-options dhcp-security
- set arp-inspection
- exit
- set vlans vlan_10 description “VLAN Managment”
- set vlans vlan_10 vlan-id 10
- edit vlans vlan_10 forwarding-options dhcp-security
- set arp-inspection
- exit
- set interfaces irb unit 10 family inet address 10.1.10.101/24 | "Настраиваю L3 интерфейс Vlan-а для управления"
- set vlans LAN l3-interface irb.10 |
- set interfaces interface-range VL_104 member-range ge-0/0/0 to ge-0/0/35 |"Настраиваю диапазон интерфейсов и
- set interfaces interface-range VL_104 unit 0 family ethernet-switching interface-mode access |настраиваю их как access порты для 104
- set interfaces interface-range VL_104 unit 0 family ethernet-switching vlan members vlan_104 |vlan (этажный vlan) "
- set interfaces interface-range VL_Printers member-range ge-0/0/36 to ge-0/0/41 |"Настройка диапазона интерфейсов и
- set interfaces interface-range VL_Printers unit 0 family ethernet-switching interface-mode access |настраиваю их как access порты дляset interfaces interface-range VL_Printers unit 0 family ethernet-switching vlan members vlan_200| 200 vlan (vlan для принтеров) "
- set interfaces interface-range LANS_PORT member-range ge-0/0/0 to ge-0/0/47 |"Настраиваю диапазон интерфейсов для конечных устройств и
- set protocols rstp interface LANS_PORT edge |устанавливаю значение rstp - edge (как portfast cisco) "
- set protocols rstp bpdu-block-on-edge | "Указываю, что на портах для конечных устройств
- необходимо блокировать bpdu"
- edit forwarding-options |
- set storm-control-profiles STORM all bandwidth-percentage 10 | "Настраиваю защиту от штормов. Решил сделать процентное
- set storm-control-profiles STORM action-shutdown | соотношение - если 10% от общего траффика занимает Так
- exit | "нехороший" траффик - порт блокируется, вроде
- | рекомендуют некоторые вендоры"
- set interfaces interface-range LANS_PORT unit 0 family ethernet-switching storm-control STORM | "Назначаю профиль защиты от штормов для ранее созданного диапазона портов для конечных устройств"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement