faq обучение настройка
Текущее время: Пт июл 25, 2025 14:10

Часовой пояс: UTC + 3 часа




Начать новую тему Ответить на тему  [ Сообщений: 71 ]  На страницу Пред.  1, 2, 3, 4, 5  След.
Автор Сообщение
 Заголовок сообщения:
СообщениеДобавлено: Пн май 05, 2008 18:16 
Не в сети

Зарегистрирован: Пн сен 27, 2004 18:18
Сообщений: 1642
Откуда: Vault 13
Demin Ivan писал(а):
Именно.
ага, здорово! :) но в связи с этим возникает ключевой вопрос - когда?

_________________
с уважением, БП


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Пн май 05, 2008 18:30 
Не в сети
Сотрудник D-LINK
Сотрудник D-LINK

Зарегистрирован: Пт май 13, 2005 15:49
Сообщений: 20616
Откуда: D-Link, Moscow
Ориентировочно в мае.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Пн май 05, 2008 18:41 
Не в сети

Зарегистрирован: Пн сен 27, 2004 18:18
Сообщений: 1642
Откуда: Vault 13
Demin Ivan писал(а):
Ориентировочно в мае.
так же как с 5.0 не получится? ;)

/me скрестил пальцы, ноги и все что смог скрестить, лишь бы вышло в мае

_________________
с уважением, БП


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Пн май 05, 2008 20:27 
Не в сети
Сотрудник D-LINK
Сотрудник D-LINK

Зарегистрирован: Пт май 13, 2005 15:49
Сообщений: 20616
Откуда: D-Link, Moscow
Я думаю это должно быть по плану. Это же не релиз!:)


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Пн май 19, 2008 09:50 
Не в сети

Зарегистрирован: Вт авг 08, 2006 18:42
Сообщений: 195
Откуда: Moscow
Уважаемый All, столкнулся с проблемой...

Имеем DES-3526, FW 5.01-B27.

Amino --- DES3526 --- ISC DHCP Server на FreeBSD

DES-3526 - 192.168.0.209
Server - 192.168.0.213

Задача: Выдать AMINO адрес из подсети 192.168.1.0/24 по признаку vendor-class-identifier = Aminoaminet123fisys;

конфиг dhcpd.conf:

option domain-name "example.com";
#option domain-mame-servers 92.168.0.213;
option subnet-mask 255.255.255.0;
log-facility local7;
default-lease-time 3600;
max-lease-time 7200;
ddns-update-style none;

if exists agent.circuit-id
{
log ( info, concat ( " Lease for ",
binary-to-ascii (10, 8, ".", leased-address),
" Switch port: ",
binary-to-ascii (10, 8, ".", option agent.circuit-id),
" Switch MAC: ",
binary-to-ascii (16, 8, ".", option agent.remote-id)));
log ( info, concat ( " Vendor ", option vendor-class-identifier));
}

#match if exists agent.circuit-id;
#}

class "Amino" {
match if substring (option vendor-class-identifier, 0, 19) = "Aminoaminet124fisys";
}

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.110 192.168.0.160;
option routers 192.168.0.6;
allow unknown-clients;
}

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.213;
pool { range 192.168.1.55 192.168.1.100;
allow members of "Amino";
}

}


Настройки свича:

enable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state enable
config dhcp_relay option_82 check enable
config dhcp_relay option_82 policy replace
config dhcp_relay option_82 remote_id default
config dhcp_relay add ipif System 192.168.0.213
config dhcp_relay option_60 state enable
config dhcp_relay option_60 default mode relay
config dhcp_relay option_60 default relay 192.168.0.213
config dhcp_relay option_60 add string "Aminoaminet123fisys" relay 192.168.0.213
partial_match
config dhcp_relay option_61 state disable
config dhcp_relay option_61 default drop



Логи:

May 16 15:08:35 test_FreeBSD dhcpd: Lease for 192.168.0.160 Switch port: 0.4.0.20.0.5 Switch MAC: 0.6.0.19.5b.84.44.c1
May 16 15:08:35 test_FreeBSD dhcpd: Vendor Aminoaminet124fisys
May 16 15:08:35 test_FreeBSD dhcpd: DHCPDISCOVER from 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:36 test_FreeBSD dhcpd: DHCPOFFER on 192.168.0.160 to 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:36 test_FreeBSD dhcpd: Lease for 192.168.0.128 Switch port: 0.4.0.20.0.5 Switch MAC: 0.6.0.19.5b.84.44.c1
May 16 15:08:36 test_FreeBSD dhcpd: Vendor Aminoaminet124fisys
May 16 15:08:36 test_FreeBSD dhcpd: DHCPDISCOVER from 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:37 test_FreeBSD dhcpd: DHCPOFFER on 192.168.0.128 to 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:37 test_FreeBSD dhcpd: Lease for 192.168.0.128 Switch port: 0.4.0.20.0.5 Switch MAC: 0.6.0.19.5b.84.44.c1
May 16 15:08:37 test_FreeBSD dhcpd: Vendor Aminoaminet124fisys
May 16 15:08:37 test_FreeBSD dhcpd: DHCPREQUEST for 192.168.0.128 (192.168.0.213) from 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:37 test_FreeBSD dhcpd: DHCPACK on 192.168.0.128 to 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:37 test_FreeBSD dhcpd: Lease for 192.168.0.128 Switch port: 0.4.0.20.0.5 Switch MAC: 0.6.0.19.5b.84.44.c1
May 16 15:08:37 test_FreeBSD dhcpd: Vendor Aminoaminet124fisys
May 16 15:08:37 test_FreeBSD dhcpd: DHCPREQUEST for 192.168.0.128 from 00:02:02:0e:49:45 via 192.168.0.209
May 16 15:08:37 test_FreeBSD dhcpd: DHCPACK on 192.168.0.128 to 00:02:02:0e:49:45 via 192.168.0.209

Проблема:

В логах сервера отображается, что сервер данный признак распознаёт,
но никак не хочет выдать ИП из 192.168.1.0/24, он упорно выдаёт из сети 192.168.0.0/24.

При использовании Option 82 пакет от свича содержит Option 60.
Обязательно ли мне включать Option 60 для решения задачи или option 82 достаточно? Есть какое-либо описание данной функции? (Option 60)?

Уже весь мозг расковырял, а в чём проблема никак не могу понять...

Заранее спасибо.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Вт фев 03, 2009 12:36 
Не в сети

Зарегистрирован: Ср ноя 09, 2005 14:26
Сообщений: 808
Откуда: Alma-Ata
Доброго всем дня!
У меня вопрос к тем, кто у себя в сетках пользует ISC DHCP-сервер.
Какое количество классов (в моем случае - хостов с фиксированными IP-адресами, т.е. чтобы данный порт данной железяки ВСЕГДА получал один и тот же адрес) нормально поддерживает этот сервак? Откуда вопрос вылез - насколько я понял, какую-то базу (mysql и иже с ним) к серваку прикрутить стандартно нельзя. У меня есть около 2000 клиентов, которых я для начала хочу окучить таким сервисом. Это получится весьма приличный по размерам текстовый конфиг.....
И еще вдогонку - есть мысль, чтобы по выдаче клиенту IP-адреса, сервак отсылал цискиному роутеру команду открыть вирт.интерфейс (с ограничениями по скорости, еще по чему-нить)...
Ну типа того, как это делает RADIUS-сервер.... Как думаете - стоит в эту сторону думать? А может у кого-то уже такое есть и работает?


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Вт фев 03, 2009 18:50 
Не в сети

Зарегистрирован: Пн сен 27, 2004 18:18
Сообщений: 1642
Откуда: Vault 13
у Вас есть 2 варианта:
1. использовать БД, например MySQL для хранения сязок свич-порт-адрес и на основе этих данных генерить скриптом конфиг для сервера, скриптом же сможете и циской рулить ;)
2. использовать микротик в качестве DHCP сервера - его DHCP умеет с радиусом общаться ...

_________________
с уважением, БП


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 04, 2009 07:03 
Не в сети

Зарегистрирован: Ср ноя 09, 2005 14:26
Сообщений: 808
Откуда: Alma-Ata
2 snark
Цитата:
2. использовать микротик в качестве DHCP сервера - его DHCP умеет с радиусом общаться ...

Что есть "микротик"?
Просто я не имел дела с продуктами этой конторы - так, название слышал - не более.
Это вообще что - софт, железо?
Пллзз, укажите версию или марку, чтобы я мог предметно посмотреть.

Дополнение

И еще, 5-го мая 2008 годы вы в этой же ветке у И.Демина спрашивали
Цитата:
Цитата:
Demin Ivan писал(а):
Нет они будут отсекаться на свитче где подключён клиент.

т.е. пакет входит в порт, CPU свича его перехватывает, релит на сервер и, можно сказать, для сети этот пакет умирает, я правильно все понимаю?

Вы не в курсах, эта фича появилась? Если да, то когда (в какой прошивке она уже есть) и как ей пользоваться.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 04, 2009 14:56 
Не в сети

Зарегистрирован: Пн сен 27, 2004 18:18
Сообщений: 1642
Откуда: Vault 13
GreatFoolDad писал(а):
Что есть "микротик"?

микротик - это софт, спец. сборка линукса ... про их DHCP можно почитать тут и пусть Вас не смущает что текущий релиз 3.х, а дока для 2.х, просто дока для 2.х более полная, хотя может уже и документацию по 3.х доработали ...

GreatFoolDad писал(а):
5-го мая 2008 годы вы в этой же ветке у И.Демина спрашивали
Цитата:
Цитата:
Demin Ivan писал(а):
Нет они будут отсекаться на свитче где подключён клиент.

т.е. пакет входит в порт, CPU свича его перехватывает, релит на сервер и, можно сказать, для сети этот пакет умирает, я правильно все понимаю?
Вы не в курсах, эта фича появилась? Если да, то когда (в какой прошивке она уже есть) и как ей пользоваться.

в релизе который на фтп есть, включается командой
Код:
enable dhcp_local_relay
настраивать не надо, достаточно просто включить

_________________
с уважением, БП


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 04, 2009 15:56 
Не в сети

Зарегистрирован: Ср ноя 09, 2005 14:26
Сообщений: 808
Откуда: Alma-Ata
А возможности 3052 (3028) насколько аналогичны возможностям последних (5-х) прошивок для 3526 (в контексте дхцп-релея естессно)?
В моей тестовой схеме паровозом стоят 3526 и 3052.
при топологии
3052---3526---3627---дхцп-сервер
все классно работает для всех клиентов на всех l2-свичах
при топологии
3526---3052---3627---дхцп-сервер
клиенты с 3052 тоже замечательно работают, а вот те, кто сидит на 3526 не могут получить адрес. т.е. сервер им адрес выдает, но они его "не могут получить" и процесс (получения адреса клиентом) запускается по новой - и т.д..
настройки у 3526 (5.01.b52) и 3052(2.00-b14) делал полностью аналогичные.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 04, 2009 18:17 
Не в сети
Сотрудник D-LINK
Сотрудник D-LINK

Зарегистрирован: Пт янв 21, 2005 11:52
Сообщений: 11212
Откуда: D-Link, Moscow
2 GreatFoolDad > При это DHCP Relay задействован только на DES-3052 и DES-3526!? Версии прошивок какие используете?

_________________
С уважением,
Бигаров Руслан.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Чт фев 05, 2009 08:44 
Не в сети

Зарегистрирован: Ср ноя 09, 2005 14:26
Сообщений: 808
Откуда: Alma-Ata
2 Bigarov Ruslan
Да, релей включен на L2-свичах. 3627 занимается маршрутизацией.
версии: 3526 (5.01.b52) и 3052(2.00-b14)

Со схемами ситуация интересная получается......
При собранной схеме2 (3052 в середине) клиенты с 3526-го свича почему-то не всегда получают адреса. Я не понял этой зависимости - когда и почему они этого не делают. Хотя нет, почему - ясно. При этом на дхцп-сервер просто никаких пакетов не приходит. А вот почему не проходит - не знаю? Когда? Да вот утром пришел, включил этот стенд - и не работает. Но стоит этой схеме просто постоять включенной минут 20-30 , как все начинает работать (ничего не рестартую! - ни свичи, ни сервис, ни клиента). В схеме1 (3526 в середине) все работает сразу и как часы

а вообще, для предметности разговора, вот схемы
Изображение
и
Изображение
и конфиги:
Код:
#-------------------------------------------------------------------
#                       DES-3526 Configuration
#
#                       Firmware: Build 5.01.B52
#        Copyright(C) 2008 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------


# BASIC

config serial_port baud_rate 9600 auto_logout 10_minutes
enable telnet 23
enable web 80

# ACCOUNT LIST


# PASSWORD ENCRYPTION

disable password encryption
config terminal_line default

# BNR

config command_prompt default

# STORM

config traffic control_trap none
config traffic control 1-5 broadcast disable multicast disable unicast disable  action drop threshold 128000

# LOOP_DETECT

disable loopdetect
config loopdetect recover_timer 60
config loopdetect interval 10
config loopdetect mode port-based
config loopdetect ports 1-26 state disabled

# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# SYSLOG

disable syslog
config system_severity trap information
config system_severity log information

# QOS

config scheduling 0 max_packet 0 max_latency 0
config scheduling 1 max_packet 0 max_latency 0
config scheduling 2 max_packet 0 max_latency 0
config scheduling 3 max_packet 0 max_latency 0
config 802.1p user_priority 0  1
config 802.1p user_priority 1  0
config 802.1p user_priority 2  0
config 802.1p user_priority 3  1
config 802.1p user_priority 4  2
config 802.1p user_priority 5  2
config 802.1p user_priority 6  3
config 802.1p user_priority 7  3
config 802.1p default_priority 1-26 0
config bandwidth_control 1-26 rx_rate no_limit tx_rate no_limit

# MIRROR

disable mirror

# TRAF-SEGMENTATION

config traffic_segmentation 1-26 forward_list 25-26

# PORT

config ports 1-16,18-24 speed auto flow_control disable mdix auto learning enable state enable trap enable
config ports 17 speed auto flow_control enable mdix auto learning enable state enable trap enable
config ports 25 medium_type copper speed auto flow_control disable mdix auto learning enable state enable trap enable
config ports 25 medium_type fiber speed auto flow_control disable learning enable state enable trap enable
config ports 26 medium_type copper speed auto flow_control enable mdix auto learning enable state enable trap enable
config ports 26 medium_type fiber speed auto flow_control enable learning enable state enable trap enable

# PORT_LOCK

disable port_security trap_log
config port_security ports 1-26 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# 8021X

disable 802.1x
config 802.1x auth_protocol radius_eap
config 802.1x capability ports 1-26 none
config 802.1x auth_parameter ports 1-26 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab03001346e7e59b
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp host 10.25.0.10 v2c  private
create snmp host 10.25.0.11 v2c  private
create snmp host 10.25.0.20 v2c  private
create snmp host 10.25.0.254 v2c  private
create snmp host 10.25.0.10 v2c  public
create snmp host 10.25.0.11 v2c  public
create snmp host 10.25.0.20 v2c  public
create snmp host 10.25.0.254 v2c  public

# MANAGEMENT

create trusted_host 10.25.0.10
create trusted_host 10.25.0.20
create trusted_host 10.25.0.254
create trusted_host 10.25.0.11
create trusted_host 10.25.0.12
create trusted_host 10.25.0.17
create trusted_host 10.25.0.18
create trusted_host 10.25.0.110
create trusted_host 10.25.0.111
create trusted_host 10.25.0.112
enable snmp traps
enable snmp authenticate traps
config snmp system_name D3526G01143
config snmp system_location orbita-1 d.32
disable rmon

# VLAN

disable asymmetric_vlan
config vlan default delete 1-26
config vlan default advertisement disable
create vlan VLAN3 tag 3
config vlan VLAN3 add tagged 23-26
config vlan VLAN3 add forbidden 3-22
config vlan VLAN3 advertisement enable
create vlan VLAN68 tag 68
config vlan VLAN68 add tagged 23-26
config vlan VLAN68 add untagged 1-22
config vlan VLAN68 advertisement disable
disable gvrp
config gvrp 1-22 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 23-26 state disable ingress_checking enable acceptable_frame admit_all pvid 1

# FDB

config fdb aging_time 300
config multicast port_filtering_mode 1-26 forward_unregistered_groups

# MAC_ADDRESS_TABLE_NOTIFICATION

config mac_notification interval 1 historysize 1
disable mac_notification
config mac_notification ports 1-26 disable

# STP

config stp version rstp
config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu disable
config stp priority 32768 instance_id 0
config stp hellotime 2
config stp mst_config_id name 00:13:46:E7:E5:9B revision_level 0
disable stp
config stp ports 1-26 externalCost auto edge false p2p false state disable
config stp ports 1-26 fbpdu disable
config stp ports 1-26 restricted_role false
config stp ports 1-26 restricted_tcn false
config stp mst_ports 1-26 instance_id 0 internalCost auto priority 128

# SSH

config ssh server maxsession 8
config ssh server contimeout 300
config ssh server authfail 2
config ssh server rekey never
config ssh server port 22
disable ssh

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout timeout 600

# SAFE_GUARD

config safeguard_engine state disable cpu_utilization rising_threshold 100 falling_threshold 20 trap_log disable

# TIMERANGE


# ACL

create access_profile ip udp src_port_mask 0xFFFF dst_port_mask 0xFFFF profile_id 4
config access_profile profile_id 4 add access_id 1 ip udp src_port 68 dst_port 67 port 1 deny
config access_profile profile_id 4 add access_id 2 ip udp src_port 68 dst_port 67 port 2 deny
config access_profile profile_id 4 add access_id 3 ip udp src_port 68 dst_port 67 port 3 deny
config access_profile profile_id 4 add access_id 4 ip udp src_port 68 dst_port 67 port 4 deny
config access_profile profile_id 4 add access_id 5 ip udp src_port 68 dst_port 67 port 5 deny
config access_profile profile_id 4 add access_id 6 ip udp src_port 68 dst_port 67 port 6 deny
config access_profile profile_id 4 add access_id 7 ip udp src_port 68 dst_port 67 port 7 deny
config access_profile profile_id 4 add access_id 8 ip udp src_port 68 dst_port 67 port 8 deny
config access_profile profile_id 4 add access_id 9 ip udp src_port 68 dst_port 67 port 9 deny
config access_profile profile_id 4 add access_id 10 ip udp src_port 68 dst_port 67 port 10 deny
config access_profile profile_id 4 add access_id 11 ip udp src_port 68 dst_port 67 port 11 deny
config access_profile profile_id 4 add access_id 12 ip udp src_port 68 dst_port 67 port 12 deny
config access_profile profile_id 4 add access_id 13 ip udp src_port 68 dst_port 67 port 13 deny
config access_profile profile_id 4 add access_id 14 ip udp src_port 68 dst_port 67 port 14 deny
config access_profile profile_id 4 add access_id 15 ip udp src_port 68 dst_port 67 port 15 deny
config access_profile profile_id 4 add access_id 16 ip udp src_port 68 dst_port 67 port 16 deny
config access_profile profile_id 4 add access_id 17 ip udp src_port 68 dst_port 67 port 17 deny
config access_profile profile_id 4 add access_id 18 ip udp src_port 68 dst_port 67 port 18 deny
config access_profile profile_id 4 add access_id 19 ip udp src_port 68 dst_port 67 port 19 deny
config access_profile profile_id 4 add access_id 20 ip udp src_port 68 dst_port 67 port 20 deny
config access_profile profile_id 4 add access_id 21 ip udp src_port 68 dst_port 67 port 21 deny
config access_profile profile_id 4 add access_id 22 ip udp src_port 68 dst_port 67 port 22 deny
config access_profile profile_id 4 add access_id 23 ip udp src_port 68 dst_port 67 port 23 deny
config access_profile profile_id 4 add access_id 24 ip udp src_port 68 dst_port 67 port 24 deny
config access_profile profile_id 4 add access_id 27 ip udp src_port 67 dst_port 68 port 1 deny
config access_profile profile_id 4 add access_id 28 ip udp src_port 67 dst_port 68 port 2 deny
config access_profile profile_id 4 add access_id 29 ip udp src_port 67 dst_port 68 port 3 deny
config access_profile profile_id 4 add access_id 30 ip udp src_port 67 dst_port 68 port 4 deny
config access_profile profile_id 4 add access_id 31 ip udp src_port 67 dst_port 68 port 5 deny
config access_profile profile_id 4 add access_id 32 ip udp src_port 67 dst_port 68 port 6 deny
config access_profile profile_id 4 add access_id 33 ip udp src_port 67 dst_port 68 port 7 deny
config access_profile profile_id 4 add access_id 34 ip udp src_port 67 dst_port 68 port 8 deny
config access_profile profile_id 4 add access_id 35 ip udp src_port 67 dst_port 68 port 9 deny
config access_profile profile_id 4 add access_id 36 ip udp src_port 67 dst_port 68 port 10 deny
config access_profile profile_id 4 add access_id 37 ip udp src_port 67 dst_port 68 port 11 deny
config access_profile profile_id 4 add access_id 38 ip udp src_port 67 dst_port 68 port 12 deny
config access_profile profile_id 4 add access_id 39 ip udp src_port 67 dst_port 68 port 13 deny
config access_profile profile_id 4 add access_id 40 ip udp src_port 67 dst_port 68 port 14 deny
config access_profile profile_id 4 add access_id 41 ip udp src_port 67 dst_port 68 port 15 deny
config access_profile profile_id 4 add access_id 42 ip udp src_port 67 dst_port 68 port 16 deny
config access_profile profile_id 4 add access_id 43 ip udp src_port 67 dst_port 68 port 17 deny
config access_profile profile_id 4 add access_id 44 ip udp src_port 67 dst_port 68 port 18 deny
config access_profile profile_id 4 add access_id 45 ip udp src_port 67 dst_port 68 port 19 deny
config access_profile profile_id 4 add access_id 46 ip udp src_port 67 dst_port 68 port 20 deny
config access_profile profile_id 4 add access_id 47 ip udp src_port 67 dst_port 68 port 21 deny
config access_profile profile_id 4 add access_id 48 ip udp src_port 67 dst_port 68 port 22 deny
config access_profile profile_id 4 add access_id 49 ip udp src_port 67 dst_port 68 port 23 deny
config access_profile profile_id 4 add access_id 50 ip udp src_port 67 dst_port 68 port 24 deny

disable cpu_interface_filtering

# SNTP

enable sntp
config time_zone operator + hour 6 min 0
config sntp primary 10.25.0.19 secondary 10.25.0.19 poll-interval 2880
config dst disable

# IPBIND
config address_binding ip_mac ports 1-24 state enable
config address_binding ip_mac ports 16 allow_zeroip enable
disable address_binding acl_mode

enable address_binding trap_log
enable address_binding dhcp_snoop
config address_binding dhcp_snoop max_entry ports 1-26 limit no_limit


# FILTER


# ARP_Spoofing_Prevention


# ROUTE

create iproute default 10.25.8.3 1

# SNOOP

disable igmp_snooping
config igmp_snooping default host_timeout 260 router_timeout 260 leave_timer 2 state disable
config igmp_snooping querier default query_interval 125 max_response_time 10 robustness_variable 2
config igmp_snooping querier default last_member_query_interval 1 state disable
config igmp_snooping VLAN3 host_timeout 260 router_timeout 260 leave_timer 2 state disable
config igmp_snooping querier VLAN3 query_interval 125 max_response_time 10 robustness_variable 2
config igmp_snooping querier VLAN3 last_member_query_interval 1 state disable
config igmp_snooping VLAN68 host_timeout 260 router_timeout 260 leave_timer 2 state disable
config igmp_snooping querier VLAN68 query_interval 125 max_response_time 10 robustness_variable 2
config igmp_snooping querier VLAN68 last_member_query_interval 1 state disable
config limited_multicast_addr ports 1-26 access deny state disable

# LACP

config link_aggregation algorithm mac_source
config lacp_port 1-26 mode passive

# GVLAN


# IP

config ipif System vlan VLAN3 ipaddress 10.25.1.143/16 state enable
disable autoconfig

# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up enable
config gratuitous_arp send dup_ip_detected enable
config gratuitous_arp learning enable

# LLDP

disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-26 notification disable
config lldp ports 1-26 admin_status tx_and_rx

# ACCESS_AUTHENTICATION_CONTROL

config authen_login default method local
config authen_enable default method local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
config authen enable_admin all state enable
disable authen_policy

# DHCP_RELAY

enable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state enable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy replace
config dhcp_relay option_82 remote_id default
config dhcp_relay option_60 state disable
config dhcp_relay option_60 default mode drop
config dhcp_relay option_61 state disable
config dhcp_relay option_61 default drop
config dhcp_relay add ipif System 10.33.0.49

# DHCP_LOCAL_RELAY

enable dhcp_local_relay

#-------------------------------------------------------------------
#             End of configuration file for DES-3526
#-------------------------------------------------------------------

Код:
#-------------------------------------------------------------------
#                       DES-3052 Configuration
#
#                       Firmware: Build 2.00-B14
#        Copyright(C) 2008 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------


# BASIC

config serial_port baud_rate 9600 auto_logout 10_minutes
# ACCOUNT LIST

# ACCOUNT END

# PASSWORD ENCRYPTION
disable password encryption
config terminal_line default
enable clipaging

# STORM

config traffic control  1 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  2 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  3 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  4 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  5 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  6 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  7 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  8 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  9 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  10 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  11 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  12 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  13 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  14 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  15 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  16 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  17 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  18 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  19 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  20 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  21 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  22 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  23 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  24 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  25 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  26 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  27 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  28 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  29 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  30 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  31 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  32 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  33 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  34 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  35 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  36 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  37 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  38 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  39 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  40 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  41 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  42 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  43 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  44 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  45 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  46 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  47 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  48 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  49 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  50 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  51 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control  52 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic trap none

# LOOP_DETECT

disable loopdetect
config loopdetect recover_timer 60
config loopdetect interval 10
config loopdetect port 1 state disabled
config loopdetect port 2 state disabled
config loopdetect port 3 state disabled
config loopdetect port 4 state disabled
config loopdetect port 5 state disabled
config loopdetect port 6 state disabled
config loopdetect port 7 state disabled
config loopdetect port 8 state disabled
config loopdetect port 9 state disabled
config loopdetect port 10 state disabled
config loopdetect port 11 state disabled
config loopdetect port 12 state disabled
config loopdetect port 13 state disabled
config loopdetect port 14 state disabled
config loopdetect port 15 state disabled
config loopdetect port 16 state disabled
config loopdetect port 17 state disabled
config loopdetect port 18 state disabled
config loopdetect port 19 state disabled
config loopdetect port 20 state disabled
config loopdetect port 21 state disabled
config loopdetect port 22 state disabled
config loopdetect port 23 state disabled
config loopdetect port 24 state disabled
config loopdetect port 25 state disabled
config loopdetect port 26 state disabled
config loopdetect port 27 state disabled
config loopdetect port 28 state disabled
config loopdetect port 29 state disabled
config loopdetect port 30 state disabled
config loopdetect port 31 state disabled
config loopdetect port 32 state disabled
config loopdetect port 33 state disabled
config loopdetect port 34 state disabled
config loopdetect port 35 state disabled
config loopdetect port 36 state disabled
config loopdetect port 37 state disabled
config loopdetect port 38 state disabled
config loopdetect port 39 state disabled
config loopdetect port 40 state disabled
config loopdetect port 41 state disabled
config loopdetect port 42 state disabled
config loopdetect port 43 state disabled
config loopdetect port 44 state disabled
config loopdetect port 45 state disabled
config loopdetect port 46 state disabled
config loopdetect port 47 state disabled
config loopdetect port 48 state disabled
config loopdetect port 49 state disabled
config loopdetect port 50 state disabled
config loopdetect port 51 state disabled
config loopdetect port 52 state disabled

# QOS

config scheduling_mechanism strict
config scheduling 0 weight 1
config scheduling 1 weight 2
config scheduling 2 weight 4
config scheduling 3 weight 8
config 802.1p user_priority 0  1
config 802.1p user_priority 1  0
config 802.1p user_priority 2  0
config 802.1p user_priority 3  1
config 802.1p user_priority 4  2
config 802.1p user_priority 5  2
config 802.1p user_priority 6  3
config 802.1p user_priority 7  3
config 802.1p default_priority 1 0
config 802.1p default_priority 2 0
config 802.1p default_priority 3 0
config 802.1p default_priority 4 0
config 802.1p default_priority 5 0
config 802.1p default_priority 6 0
config 802.1p default_priority 7 0
config 802.1p default_priority 8 0
config 802.1p default_priority 9 0
config 802.1p default_priority 10 0
config 802.1p default_priority 11 0
config 802.1p default_priority 12 0
config 802.1p default_priority 13 0
config 802.1p default_priority 14 0
config 802.1p default_priority 15 0
config 802.1p default_priority 16 0
config 802.1p default_priority 17 0
config 802.1p default_priority 18 0
config 802.1p default_priority 19 0
config 802.1p default_priority 20 0
config 802.1p default_priority 21 0
config 802.1p default_priority 22 0
config 802.1p default_priority 23 0
config 802.1p default_priority 24 0
config 802.1p default_priority 25 0
config 802.1p default_priority 26 0
config 802.1p default_priority 27 0
config 802.1p default_priority 28 0
config 802.1p default_priority 29 0
config 802.1p default_priority 30 0
config 802.1p default_priority 31 0
config 802.1p default_priority 32 0
config 802.1p default_priority 33 0
config 802.1p default_priority 34 0
config 802.1p default_priority 35 0
config 802.1p default_priority 36 0
config 802.1p default_priority 37 0
config 802.1p default_priority 38 0
config 802.1p default_priority 39 0
config 802.1p default_priority 40 0
config 802.1p default_priority 41 0
config 802.1p default_priority 42 0
config 802.1p default_priority 43 0
config 802.1p default_priority 44 0
config 802.1p default_priority 45 0
config 802.1p default_priority 46 0
config 802.1p default_priority 47 0
config 802.1p default_priority 48 0
config 802.1p default_priority 49 0
config 802.1p default_priority 50 0
config 802.1p default_priority 51 0
config 802.1p default_priority 52 0
config cos mapping  port 1 ethernet 802.1p
config cos mapping  port 2 ethernet 802.1p
config cos mapping  port 3 ethernet 802.1p
config cos mapping  port 4 ethernet 802.1p
config cos mapping  port 5 ethernet 802.1p
config cos mapping  port 6 ethernet 802.1p
config cos mapping  port 7 ethernet 802.1p
config cos mapping  port 8 ethernet 802.1p
config cos mapping  port 9 ethernet 802.1p
config cos mapping  port 10 ethernet 802.1p
config cos mapping  port 11 ethernet 802.1p
config cos mapping  port 12 ethernet 802.1p
config cos mapping  port 13 ethernet 802.1p
config cos mapping  port 14 ethernet 802.1p
config cos mapping  port 15 ethernet 802.1p
config cos mapping  port 16 ethernet 802.1p
config cos mapping  port 17 ethernet 802.1p
config cos mapping  port 18 ethernet 802.1p
config cos mapping  port 19 ethernet 802.1p
config cos mapping  port 20 ethernet 802.1p
config cos mapping  port 21 ethernet 802.1p
config cos mapping  port 22 ethernet 802.1p
config cos mapping  port 23 ethernet 802.1p
config cos mapping  port 24 ethernet 802.1p
config cos mapping  port 25 ethernet 802.1p
config cos mapping  port 26 ethernet 802.1p
config cos mapping  port 27 ethernet 802.1p
config cos mapping  port 28 ethernet 802.1p
config cos mapping  port 29 ethernet 802.1p
config cos mapping  port 30 ethernet 802.1p
config cos mapping  port 31 ethernet 802.1p
config cos mapping  port 32 ethernet 802.1p
config cos mapping  port 33 ethernet 802.1p
config cos mapping  port 34 ethernet 802.1p
config cos mapping  port 35 ethernet 802.1p
config cos mapping  port 36 ethernet 802.1p
config cos mapping  port 37 ethernet 802.1p
config cos mapping  port 38 ethernet 802.1p
config cos mapping  port 39 ethernet 802.1p
config cos mapping  port 40 ethernet 802.1p
config cos mapping  port 41 ethernet 802.1p
config cos mapping  port 42 ethernet 802.1p
config cos mapping  port 43 ethernet 802.1p
config cos mapping  port 44 ethernet 802.1p
config cos mapping  port 45 ethernet 802.1p
config cos mapping  port 46 ethernet 802.1p
config cos mapping  port 47 ethernet 802.1p
config cos mapping  port 48 ethernet 802.1p
config cos mapping  port 49 ethernet 802.1p
config cos mapping  port 50 ethernet 802.1p
config cos mapping  port 51 ethernet 802.1p
config cos mapping  port 52 ethernet 802.1p
config cos tos value 0 class 0
config cos tos value 1 class 0
config cos tos value 2 class 0
config cos tos value 3 class 0
config cos tos value 4 class 0
config cos tos value 5 class 0
config cos tos value 6 class 0
config cos tos value 7 class 0
config dscp_mapping dscp_value 0 class 0
config dscp_mapping dscp_value 1 class 0
config dscp_mapping dscp_value 2 class 0
config dscp_mapping dscp_value 3 class 0
config dscp_mapping dscp_value 4 class 0
config dscp_mapping dscp_value 5 class 0
config dscp_mapping dscp_value 6 class 0
config dscp_mapping dscp_value 7 class 0
config dscp_mapping dscp_value 8 class 0
config dscp_mapping dscp_value 9 class 0
config dscp_mapping dscp_value 10 class 0
config dscp_mapping dscp_value 11 class 0
config dscp_mapping dscp_value 12 class 0
config dscp_mapping dscp_value 13 class 0
config dscp_mapping dscp_value 14 class 0
config dscp_mapping dscp_value 15 class 0
config dscp_mapping dscp_value 16 class 0
config dscp_mapping dscp_value 17 class 0
config dscp_mapping dscp_value 18 class 0
config dscp_mapping dscp_value 19 class 0
config dscp_mapping dscp_value 20 class 0
config dscp_mapping dscp_value 21 class 0
config dscp_mapping dscp_value 22 class 0
config dscp_mapping dscp_value 23 class 0
config dscp_mapping dscp_value 24 class 0
config dscp_mapping dscp_value 25 class 0
config dscp_mapping dscp_value 26 class 0
config dscp_mapping dscp_value 27 class 0
config dscp_mapping dscp_value 28 class 0
config dscp_mapping dscp_value 29 class 0
config dscp_mapping dscp_value 30 class 0
config dscp_mapping dscp_value 31 class 0
config dscp_mapping dscp_value 32 class 0
config dscp_mapping dscp_value 33 class 0
config dscp_mapping dscp_value 34 class 0
config dscp_mapping dscp_value 35 class 0
config dscp_mapping dscp_value 36 class 0
config dscp_mapping dscp_value 37 class 0
config dscp_mapping dscp_value 38 class 0
config dscp_mapping dscp_value 39 class 0
config dscp_mapping dscp_value 40 class 0
config dscp_mapping dscp_value 41 class 0
config dscp_mapping dscp_value 42 class 0
config dscp_mapping dscp_value 43 class 0
config dscp_mapping dscp_value 44 class 0
config dscp_mapping dscp_value 45 class 0
config dscp_mapping dscp_value 46 class 0
config dscp_mapping dscp_value 47 class 0
config dscp_mapping dscp_value 48 class 0
config dscp_mapping dscp_value 49 class 0
config dscp_mapping dscp_value 50 class 0
config dscp_mapping dscp_value 51 class 0
config dscp_mapping dscp_value 52 class 0
config dscp_mapping dscp_value 53 class 0
config dscp_mapping dscp_value 54 class 0
config dscp_mapping dscp_value 55 class 0
config dscp_mapping dscp_value 56 class 0
config dscp_mapping dscp_value 57 class 0
config dscp_mapping dscp_value 58 class 0
config dscp_mapping dscp_value 59 class 0
config dscp_mapping dscp_value 60 class 0
config dscp_mapping dscp_value 61 class 0
config dscp_mapping dscp_value 62 class 0
config dscp_mapping dscp_value 63 class 0

# MIRROR

disable mirror

# BANDWIDTH

 config bandwidth 1  rx_rate no_limit  tx_rate no_limit
 config bandwidth 2  rx_rate no_limit  tx_rate no_limit
 config bandwidth 3  rx_rate no_limit  tx_rate no_limit
 config bandwidth 4  rx_rate no_limit  tx_rate no_limit
 config bandwidth 5  rx_rate no_limit  tx_rate no_limit
 config bandwidth 6  rx_rate no_limit  tx_rate no_limit
 config bandwidth 7  rx_rate no_limit  tx_rate no_limit
 config bandwidth 8  rx_rate no_limit  tx_rate no_limit
 config bandwidth 9  rx_rate no_limit  tx_rate no_limit
 config bandwidth 10  rx_rate no_limit  tx_rate no_limit
 config bandwidth 11  rx_rate no_limit  tx_rate no_limit
 config bandwidth 12  rx_rate no_limit  tx_rate no_limit
 config bandwidth 13  rx_rate no_limit  tx_rate no_limit
 config bandwidth 14  rx_rate no_limit  tx_rate no_limit
 config bandwidth 15  rx_rate no_limit  tx_rate no_limit
 config bandwidth 16  rx_rate no_limit  tx_rate no_limit
 config bandwidth 17  rx_rate no_limit  tx_rate no_limit
 config bandwidth 18  rx_rate no_limit  tx_rate no_limit
 config bandwidth 19  rx_rate no_limit  tx_rate no_limit
 config bandwidth 20  rx_rate no_limit  tx_rate no_limit
 config bandwidth 21  rx_rate no_limit  tx_rate no_limit
 config bandwidth 22  rx_rate no_limit  tx_rate no_limit
 config bandwidth 23  rx_rate no_limit  tx_rate no_limit
 config bandwidth 24  rx_rate no_limit  tx_rate no_limit
 config bandwidth 25  rx_rate no_limit  tx_rate no_limit
 config bandwidth 26  rx_rate no_limit  tx_rate no_limit
 config bandwidth 27  rx_rate no_limit  tx_rate no_limit
 config bandwidth 28  rx_rate no_limit  tx_rate no_limit
 config bandwidth 29  rx_rate no_limit  tx_rate no_limit
 config bandwidth 30  rx_rate no_limit  tx_rate no_limit
 config bandwidth 31  rx_rate no_limit  tx_rate no_limit
 config bandwidth 32  rx_rate no_limit  tx_rate no_limit
 config bandwidth 33  rx_rate no_limit  tx_rate no_limit
 config bandwidth 34  rx_rate no_limit  tx_rate no_limit
 config bandwidth 35  rx_rate no_limit  tx_rate no_limit
 config bandwidth 36  rx_rate no_limit  tx_rate no_limit
 config bandwidth 37  rx_rate no_limit  tx_rate no_limit
 config bandwidth 38  rx_rate no_limit  tx_rate no_limit
 config bandwidth 39  rx_rate no_limit  tx_rate no_limit
 config bandwidth 40  rx_rate no_limit  tx_rate no_limit
 config bandwidth 41  rx_rate no_limit  tx_rate no_limit
 config bandwidth 42  rx_rate no_limit  tx_rate no_limit
 config bandwidth 43  rx_rate no_limit  tx_rate no_limit
 config bandwidth 44  rx_rate no_limit  tx_rate no_limit
 config bandwidth 45  rx_rate no_limit  tx_rate no_limit
 config bandwidth 46  rx_rate no_limit  tx_rate no_limit
 config bandwidth 47  rx_rate no_limit  tx_rate no_limit
 config bandwidth 48  rx_rate no_limit  tx_rate no_limit
 config bandwidth 49  rx_rate no_limit  tx_rate no_limit
 config bandwidth 50  rx_rate no_limit  tx_rate no_limit
 config bandwidth 51  rx_rate no_limit  tx_rate no_limit
 config bandwidth 52  rx_rate no_limit  tx_rate no_limit

# SYSLOG

disable syslog
config log_save_timing on_demand

# TRAF-SEGMENTATION

config traffic_segmentation 1 forward_list 49-52
config traffic_segmentation 2 forward_list 49-52
config traffic_segmentation 3 forward_list 49-52
config traffic_segmentation 4 forward_list 49-52
config traffic_segmentation 5 forward_list 49-52
config traffic_segmentation 6 forward_list 49-52
config traffic_segmentation 7 forward_list 49-52
config traffic_segmentation 8 forward_list 49-52
config traffic_segmentation 9 forward_list 49-52
config traffic_segmentation 10 forward_list 49-52
config traffic_segmentation 11 forward_list 49-52
config traffic_segmentation 12 forward_list 49-52
config traffic_segmentation 13 forward_list 49-52
config traffic_segmentation 14 forward_list 49-52
config traffic_segmentation 15 forward_list 49-52
config traffic_segmentation 16 forward_list 49-52
config traffic_segmentation 17 forward_list 49-52
config traffic_segmentation 18 forward_list 49-52
config traffic_segmentation 19 forward_list 49-52
config traffic_segmentation 20 forward_list 49-52
config traffic_segmentation 21 forward_list 49-52
config traffic_segmentation 22 forward_list 49-52
config traffic_segmentation 23 forward_list 49-52
config traffic_segmentation 24 forward_list 49-52
config traffic_segmentation 25 forward_list 49-52
config traffic_segmentation 26 forward_list 49-52
config traffic_segmentation 27 forward_list 49-52
config traffic_segmentation 28 forward_list 49-52
config traffic_segmentation 29 forward_list 49-52
config traffic_segmentation 30 forward_list 49-52
config traffic_segmentation 31 forward_list 49-52
config traffic_segmentation 32 forward_list 49-52
config traffic_segmentation 33 forward_list 49-52
config traffic_segmentation 34 forward_list 49-52
config traffic_segmentation 35 forward_list 49-52
config traffic_segmentation 36 forward_list 49-52
config traffic_segmentation 37 forward_list 49-52
config traffic_segmentation 38 forward_list 49-52
config traffic_segmentation 39 forward_list 49-52
config traffic_segmentation 40 forward_list 49-52
config traffic_segmentation 41 forward_list 49-52
config traffic_segmentation 42 forward_list 49-52
config traffic_segmentation 43 forward_list 49-52
config traffic_segmentation 44 forward_list 49-52
config traffic_segmentation 45 forward_list 49-52
config traffic_segmentation 46 forward_list 49-52
config traffic_segmentation 47 forward_list 49-52
config traffic_segmentation 48 forward_list 49-52
config traffic_segmentation 49 forward_list 49-52
config traffic_segmentation 50 forward_list 49-52
config traffic_segmentation 51 forward_list 49-52
config traffic_segmentation 52 forward_list 49-52

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout 600

# PORT

 config ports 1  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 1  mdix auto
 config ports 2  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 2  mdix auto
 config ports 3  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 3  mdix auto
 config ports 4  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 4  mdix auto
 config ports 5  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 5  mdix auto
 config ports 6  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 6  mdix auto
 config ports 7  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 7  mdix auto
 config ports 8  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 8  mdix auto
 config ports 9  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 9  mdix auto
 config ports 10  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 10  mdix auto
 config ports 11  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 11  mdix auto
 config ports 12  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 12  mdix auto
 config ports 13  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 13  mdix auto
 config ports 14  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 14  mdix auto
 config ports 15  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 15  mdix auto
 config ports 16  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 16  mdix auto
 config ports 17  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 17  mdix auto
 config ports 18  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 18  mdix auto
 config ports 19  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 19  mdix auto
 config ports 20  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 20  mdix auto
 config ports 21  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 21  mdix auto
 config ports 22  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 22  mdix auto
 config ports 23  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 23  mdix auto
 config ports 24  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 24  mdix auto
 config ports 25  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 25  mdix auto
 config ports 26  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 26  mdix auto
 config ports 27  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 27  mdix auto
 config ports 28  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 28  mdix auto
 config ports 29  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 29  mdix auto
 config ports 30  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 30  mdix auto
 config ports 31  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 31  mdix auto
 config ports 32  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 32  mdix auto
 config ports 33  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 33  mdix auto
 config ports 34  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 34  mdix auto
 config ports 35  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 35  mdix auto
 config ports 36  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 36  mdix auto
 config ports 37  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 37  mdix auto
 config ports 38  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 38  mdix auto
 config ports 39  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 39  mdix auto
 config ports 40  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 40  mdix auto
 config ports 41  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 41  mdix auto
 config ports 42  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 42  mdix auto
 config ports 43  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 43  mdix auto
 config ports 44  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 44  mdix auto
 config ports 45  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 45  mdix auto
 config ports 46  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 46  mdix auto
 config ports 47  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 47  mdix auto
 config ports 48  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 48  mdix auto
 config ports 49 medium_type fiber speed auto flow_control disable state enable  learning enable  clear_description
 config ports 49  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 49  mdix auto
 config ports 50 medium_type fiber speed auto flow_control disable state enable  learning enable  clear_description
 config ports 50  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 50  mdix auto
 config ports 51  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 51  mdix auto
 config ports 52  speed auto flow_control disable state enable  learning enable  clear_description
 config ports 52  mdix auto

# TIME_RANGE


# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# MANAGEMENT

enable snmp traps
enable snmp authenticate traps
config snmp system_name D3052G06004
disable rmon

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp view restricted all
delete snmp view CommunityView all
delete snmp group public
delete snmp group private
delete snmp group ReadGroup
delete snmp group WriteGroup
config snmp engineID 800000ab03001cf0a1da6f
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3  noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp user initial initial

# VLAN

disable asymmetric_vlan
disable qinq
config vlan default delete 1-52
config vlan default advertisement enable
create vlan VLAN3 tag 3 advertisement
config vlan VLAN3 add tagged 49-52
create vlan VLAN68 tag 68
config vlan VLAN68 add tagged 49-52
config vlan VLAN68 add untagged 1-48
create vlan VLAN131 tag 131
config vlan VLAN131 add tagged 49-52
create vlan VLAN689 tag 689
config vlan VLAN689 add tagged 49-52
disable gvrp
config gvrp 1 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 2 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 3 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 4 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 5 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 6 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 7 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 8 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 9 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 10 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 11 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 12 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 13 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 14 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 15 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 16 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 17 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 18 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 19 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 20 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 21 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 22 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 23 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 24 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 25 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 26 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 27 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 28 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 29 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 30 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 31 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 32 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 33 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 34 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 35 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 36 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 37 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 38 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 39 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 40 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 41 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 42 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 43 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 44 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 45 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 46 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 47 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 48 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 49 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 50 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 51 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 52 state disable ingress_checking enable acceptable_frame admit_all pvid 1

# 8021X

disable 802.1x
config 802.1x auth_protocol radius_eap
config 802.1x capability ports 1 none
config 802.1x capability ports 2 none
config 802.1x capability ports 3 none
config 802.1x capability ports 4 none
config 802.1x capability ports 5 none
config 802.1x capability ports 6 none
config 802.1x capability ports 7 none
config 802.1x capability ports 8 none
config 802.1x capability ports 9 none
config 802.1x capability ports 10 none
config 802.1x capability ports 11 none
config 802.1x capability ports 12 none
config 802.1x capability ports 13 none
config 802.1x capability ports 14 none
config 802.1x capability ports 15 none
config 802.1x capability ports 16 none
config 802.1x capability ports 17 none
config 802.1x capability ports 18 none
config 802.1x capability ports 19 none
config 802.1x capability ports 20 none
config 802.1x capability ports 21 none
config 802.1x capability ports 22 none
config 802.1x capability ports 23 none
config 802.1x capability ports 24 none
config 802.1x capability ports 25 none
config 802.1x capability ports 26 none
config 802.1x capability ports 27 none
config 802.1x capability ports 28 none
config 802.1x capability ports 29 none
config 802.1x capability ports 30 none
config 802.1x capability ports 31 none
config 802.1x capability ports 32 none
config 802.1x capability ports 33 none
config 802.1x capability ports 34 none
config 802.1x capability ports 35 none
config 802.1x capability ports 36 none
config 802.1x capability ports 37 none
config 802.1x capability ports 38 none
config 802.1x capability ports 39 none
config 802.1x capability ports 40 none
config 802.1x capability ports 41 none
config 802.1x capability ports 42 none
config 802.1x capability ports 43 none
config 802.1x capability ports 44 none
config 802.1x capability ports 45 none
config 802.1x capability ports 46 none
config 802.1x capability ports 47 none
config 802.1x capability ports 48 none
config 802.1x capability ports 49 none
config 802.1x capability ports 50 none
config 802.1x capability ports 51 none
config 802.1x capability ports 52 none
config 802.1x auth_parameter ports 1 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 2 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 3 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 4 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 5 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 6 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 7 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 8 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 9 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 10 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 11 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 12 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 13 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 14 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 15 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 16 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 17 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 18 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 19 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 20 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 21 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 22 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 23 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 24 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 25 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 26 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 27 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 28 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 29 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 30 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 31 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 32 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 33 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 34 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 35 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 36 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 37 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 38 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 39 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 40 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 41 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 42 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 43 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 44 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 45 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 46 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 47 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 48 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 49 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 50 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 51 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 52 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config radius parameter timeout 5 retransmit 2

# PORT_LOCK

disable port_security trap_log
 config port_security ports 1 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 2 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 3 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 4 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 5 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 6 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 7 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 8 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 9 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 10 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 11 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 12 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 13 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 14 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 15 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 16 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 17 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 18 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 19 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 20 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 21 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 22 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 23 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 24 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 25 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 26 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 27 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 28 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 29 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 30 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 31 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 32 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 33 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 34 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 35 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 36 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 37 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 38 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 39 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 40 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 41 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 42 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 43 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 44 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 45 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 46 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 47 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 48 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 49 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 50 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 51 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
 config port_security ports 52 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout

# FDB

config fdb aging_time 300
config multicast port_filtering_mode all  filter_unregistered_groups
config multicast port_filtering_mode 1-52  forward_unregistered_groups

# MAC_ADDRESS_TABLE_NOTIFICATION

config mac_notification interval 1 historysize 1
disable mac_notification
config mac_notification ports 1 disable
config mac_notification ports 2 disable
config mac_notification ports 3 disable
config mac_notification ports 4 disable
config mac_notification ports 5 disable
config mac_notification ports 6 disable
config mac_notification ports 7 disable
config mac_notification ports 8 disable
config mac_notification ports 9 disable
config mac_notification ports 10 disable
config mac_notification ports 11 disable
config mac_notification ports 12 disable
config mac_notification ports 13 disable
config mac_notification ports 14 disable
config mac_notification ports 15 disable
config mac_notification ports 16 disable
config mac_notification ports 17 disable
config mac_notification ports 18 disable
config mac_notification ports 19 disable
config mac_notification ports 20 disable
config mac_notification ports 21 disable
config mac_notification ports 22 disable
config mac_notification ports 23 disable
config mac_notification ports 24 disable
config mac_notification ports 25 disable
config mac_notification ports 26 disable
config mac_notification ports 27 disable
config mac_notification ports 28 disable
config mac_notification ports 29 disable
config mac_notification ports 30 disable
config mac_notification ports 31 disable
config mac_notification ports 32 disable
config mac_notification ports 33 disable
config mac_notification ports 34 disable
config mac_notification ports 35 disable
config mac_notification ports 36 disable
config mac_notification ports 37 disable
config mac_notification ports 38 disable
config mac_notification ports 39 disable
config mac_notification ports 40 disable
config mac_notification ports 41 disable
config mac_notification ports 42 disable
config mac_notification ports 43 disable
config mac_notification ports 44 disable
config mac_notification ports 45 disable
config mac_notification ports 46 disable
config mac_notification ports 47 disable
config mac_notification ports 48 disable
config mac_notification ports 49 disable
config mac_notification ports 50 disable
config mac_notification ports 51 disable
config mac_notification ports 52 disable

# STP

disable stp
config stp version rstp
config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu enable hellotime 2 lbd enable lbd_recover_timer 60
config stp priority 32768 instance_id 0
config stp ports 1 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 1 instance_id 0 internalCost auto priority 128
config stp ports 1 fbpdu enable
config stp ports 1 restricted_role false
config stp ports 1 restricted_tcn false
config stp ports 2 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 2 instance_id 0 internalCost auto priority 128
config stp ports 2 fbpdu enable
config stp ports 2 restricted_role false
config stp ports 2 restricted_tcn false
config stp ports 3 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 3 instance_id 0 internalCost auto priority 128
config stp ports 3 fbpdu enable
config stp ports 3 restricted_role false
config stp ports 3 restricted_tcn false
config stp ports 4 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 4 instance_id 0 internalCost auto priority 128
config stp ports 4 fbpdu enable
config stp ports 4 restricted_role false
config stp ports 4 restricted_tcn false
config stp ports 5 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 5 instance_id 0 internalCost auto priority 128
config stp ports 5 fbpdu enable
config stp ports 5 restricted_role false
config stp ports 5 restricted_tcn false
config stp ports 6 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 6 instance_id 0 internalCost auto priority 128
config stp ports 6 fbpdu enable
config stp ports 6 restricted_role false
config stp ports 6 restricted_tcn false
config stp ports 7 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 7 instance_id 0 internalCost auto priority 128
config stp ports 7 fbpdu enable
config stp ports 7 restricted_role false
config stp ports 7 restricted_tcn false
config stp ports 8 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 8 instance_id 0 internalCost auto priority 128
config stp ports 8 fbpdu enable
config stp ports 8 restricted_role false
config stp ports 8 restricted_tcn false
config stp ports 9 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 9 instance_id 0 internalCost auto priority 128
config stp ports 9 fbpdu enable
config stp ports 9 restricted_role false
config stp ports 9 restricted_tcn false
config stp ports 10 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 10 instance_id 0 internalCost auto priority 128
config stp ports 10 fbpdu enable
config stp ports 10 restricted_role false
config stp ports 10 restricted_tcn false
config stp ports 11 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 11 instance_id 0 internalCost auto priority 128
config stp ports 11 fbpdu enable
config stp ports 11 restricted_role false
config stp ports 11 restricted_tcn false
config stp ports 12 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 12 instance_id 0 internalCost auto priority 128
config stp ports 12 fbpdu enable
config stp ports 12 restricted_role false
config stp ports 12 restricted_tcn false
config stp ports 13 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 13 instance_id 0 internalCost auto priority 128
config stp ports 13 fbpdu enable
config stp ports 13 restricted_role false
config stp ports 13 restricted_tcn false
config stp ports 14 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 14 instance_id 0 internalCost auto priority 128
config stp ports 14 fbpdu enable
config stp ports 14 restricted_role false
config stp ports 14 restricted_tcn false
config stp ports 15 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 15 instance_id 0 internalCost auto priority 128
config stp ports 15 fbpdu enable
config stp ports 15 restricted_role false
config stp ports 15 restricted_tcn false
config stp ports 16 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 16 instance_id 0 internalCost auto priority 128
config stp ports 16 fbpdu enable
config stp ports 16 restricted_role false
config stp ports 16 restricted_tcn false
config stp ports 17 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 17 instance_id 0 internalCost auto priority 128
config stp ports 17 fbpdu enable
config stp ports 17 restricted_role false
config stp ports 17 restricted_tcn false
config stp ports 18 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 18 instance_id 0 internalCost auto priority 128
config stp ports 18 fbpdu enable
config stp ports 18 restricted_role false
config stp ports 18 restricted_tcn false
config stp ports 19 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 19 instance_id 0 internalCost auto priority 128
config stp ports 19 fbpdu enable
config stp ports 19 restricted_role false
config stp ports 19 restricted_tcn false
config stp ports 20 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 20 instance_id 0 internalCost auto priority 128
config stp ports 20 fbpdu enable
config stp ports 20 restricted_role false
config stp ports 20 restricted_tcn false
config stp ports 21 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 21 instance_id 0 internalCost auto priority 128
config stp ports 21 fbpdu enable
config stp ports 21 restricted_role false
config stp ports 21 restricted_tcn false
config stp ports 22 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 22 instance_id 0 internalCost auto priority 128
config stp ports 22 fbpdu enable
config stp ports 22 restricted_role false
config stp ports 22 restricted_tcn false
config stp ports 23 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 23 instance_id 0 internalCost auto priority 128
config stp ports 23 fbpdu enable
config stp ports 23 restricted_role false
config stp ports 23 restricted_tcn false
config stp ports 24 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 24 instance_id 0 internalCost auto priority 128
config stp ports 24 fbpdu enable
config stp ports 24 restricted_role false
config stp ports 24 restricted_tcn false
config stp ports 25 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 25 instance_id 0 internalCost auto priority 128
config stp ports 25 fbpdu enable
config stp ports 25 restricted_role false
config stp ports 25 restricted_tcn false
config stp ports 26 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 26 instance_id 0 internalCost auto priority 128
config stp ports 26 fbpdu enable
config stp ports 26 restricted_role false
config stp ports 26 restricted_tcn false
config stp ports 27 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 27 instance_id 0 internalCost auto priority 128
config stp ports 27 fbpdu enable
config stp ports 27 restricted_role false
config stp ports 27 restricted_tcn false
config stp ports 28 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 28 instance_id 0 internalCost auto priority 128
config stp ports 28 fbpdu enable
config stp ports 28 restricted_role false
config stp ports 28 restricted_tcn false
config stp ports 29 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 29 instance_id 0 internalCost auto priority 128
config stp ports 29 fbpdu enable
config stp ports 29 restricted_role false
config stp ports 29 restricted_tcn false
config stp ports 30 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 30 instance_id 0 internalCost auto priority 128
config stp ports 30 fbpdu enable
config stp ports 30 restricted_role false
config stp ports 30 restricted_tcn false
config stp ports 31 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 31 instance_id 0 internalCost auto priority 128
config stp ports 31 fbpdu enable
config stp ports 31 restricted_role false
config stp ports 31 restricted_tcn false
config stp ports 32 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 32 instance_id 0 internalCost auto priority 128
config stp ports 32 fbpdu enable
config stp ports 32 restricted_role false
config stp ports 32 restricted_tcn false
config stp ports 33 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 33 instance_id 0 internalCost auto priority 128
config stp ports 33 fbpdu enable
config stp ports 33 restricted_role false
config stp ports 33 restricted_tcn false
config stp ports 34 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 34 instance_id 0 internalCost auto priority 128
config stp ports 34 fbpdu enable
config stp ports 34 restricted_role false
config stp ports 34 restricted_tcn false
config stp ports 35 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 35 instance_id 0 internalCost auto priority 128
config stp ports 35 fbpdu enable
config stp ports 35 restricted_role false
config stp ports 35 restricted_tcn false
config stp ports 36 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 36 instance_id 0 internalCost auto priority 128
config stp ports 36 fbpdu enable
config stp ports 36 restricted_role false
config stp ports 36 restricted_tcn false
config stp ports 37 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 37 instance_id 0 internalCost auto priority 128
config stp ports 37 fbpdu enable
config stp ports 37 restricted_role false
config stp ports 37 restricted_tcn false
config stp ports 38 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 38 instance_id 0 internalCost auto priority 128
config stp ports 38 fbpdu enable
config stp ports 38 restricted_role false
config stp ports 38 restricted_tcn false
config stp ports 39 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 39 instance_id 0 internalCost auto priority 128
config stp ports 39 fbpdu enable
config stp ports 39 restricted_role false
config stp ports 39 restricted_tcn false
config stp ports 40 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 40 instance_id 0 internalCost auto priority 128
config stp ports 40 fbpdu enable
config stp ports 40 restricted_role false
config stp ports 40 restricted_tcn false
config stp ports 41 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 41 instance_id 0 internalCost auto priority 128
config stp ports 41 fbpdu enable
config stp ports 41 restricted_role false
config stp ports 41 restricted_tcn false
config stp ports 42 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 42 instance_id 0 internalCost auto priority 128
config stp ports 42 fbpdu enable
config stp ports 42 restricted_role false
config stp ports 42 restricted_tcn false
config stp ports 43 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 43 instance_id 0 internalCost auto priority 128
config stp ports 43 fbpdu enable
config stp ports 43 restricted_role false
config stp ports 43 restricted_tcn false
config stp ports 44 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 44 instance_id 0 internalCost auto priority 128
config stp ports 44 fbpdu enable
config stp ports 44 restricted_role false
config stp ports 44 restricted_tcn false
config stp ports 45 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 45 instance_id 0 internalCost auto priority 128
config stp ports 45 fbpdu enable
config stp ports 45 restricted_role false
config stp ports 45 restricted_tcn false
config stp ports 46 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 46 instance_id 0 internalCost auto priority 128
config stp ports 46 fbpdu enable
config stp ports 46 restricted_role false
config stp ports 46 restricted_tcn false
config stp ports 47 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 47 instance_id 0 internalCost auto priority 128
config stp ports 47 fbpdu enable
config stp ports 47 restricted_role false
config stp ports 47 restricted_tcn false
config stp ports 48 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 48 instance_id 0 internalCost auto priority 128
config stp ports 48 fbpdu enable
config stp ports 48 restricted_role false
config stp ports 48 restricted_tcn false
config stp ports 49 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 49 instance_id 0 internalCost auto priority 128
config stp ports 49 fbpdu enable
config stp ports 49 restricted_role false
config stp ports 49 restricted_tcn false
config stp ports 50 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 50 instance_id 0 internalCost auto priority 128
config stp ports 50 fbpdu enable
config stp ports 50 restricted_role false
config stp ports 50 restricted_tcn false
config stp ports 51 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 51 instance_id 0 internalCost auto priority 128
config stp ports 51 fbpdu enable
config stp ports 51 restricted_role false
config stp ports 51 restricted_tcn false
config stp ports 52 externalCost auto edge false p2p auto state enable lbd disable
config stp mst_ports 52 instance_id 0 internalCost auto priority 128
config stp ports 52 fbpdu enable
config stp ports 52 restricted_role false
config stp ports 52 restricted_tcn false
config stp mst_config_id name 00:1C:F0:A1:DA:6F revision_level 0

# MULTI FILTER

config max_mcast_group port 1 max_group 256
config max_mcast_group port 2 max_group 256
config max_mcast_group port 3 max_group 256
config max_mcast_group port 4 max_group 256
config max_mcast_group port 5 max_group 256
config max_mcast_group port 6 max_group 256
config max_mcast_group port 7 max_group 256
config max_mcast_group port 8 max_group 256
config max_mcast_group port 9 max_group 256
config max_mcast_group port 10 max_group 256
config max_mcast_group port 11 max_group 256
config max_mcast_group port 12 max_group 256
config max_mcast_group port 13 max_group 256
config max_mcast_group port 14 max_group 256
config max_mcast_group port 15 max_group 256
config max_mcast_group port 16 max_group 256
config max_mcast_group port 17 max_group 256
config max_mcast_group port 18 max_group 256
config max_mcast_group port 19 max_group 256
config max_mcast_group port 20 max_group 256
config max_mcast_group port 21 max_group 256
config max_mcast_group port 22 max_group 256
config max_mcast_group port 23 max_group 256
config max_mcast_group port 24 max_group 256
config max_mcast_group port 25 max_group 256
config max_mcast_group port 26 max_group 256
config max_mcast_group port 27 max_group 256
config max_mcast_group port 28 max_group 256
config max_mcast_group port 29 max_group 256
config max_mcast_group port 30 max_group 256
config max_mcast_group port 31 max_group 256
config max_mcast_group port 32 max_group 256
config max_mcast_group port 33 max_group 256
config max_mcast_group port 34 max_group 256
config max_mcast_group port 35 max_group 256
config max_mcast_group port 36 max_group 256
config max_mcast_group port 37 max_group 256
config max_mcast_group port 38 max_group 256
config max_mcast_group port 39 max_group 256
config max_mcast_group port 40 max_group 256
config max_mcast_group port 41 max_group 256
config max_mcast_group port 42 max_group 256
config max_mcast_group port 43 max_group 256
config max_mcast_group port 44 max_group 256
config max_mcast_group port 45 max_group 256
config max_mcast_group port 46 max_group 256
config max_mcast_group port 47 max_group 256
config max_mcast_group port 48 max_group 256
config max_mcast_group port 49 max_group 256
config max_mcast_group port 50 max_group 256
config max_mcast_group port 51 max_group 256
config max_mcast_group port 52 max_group 256

# SAFEGUARD_ENGINE

config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy

# BANNER_PROMP

config command_prompt default
config greeting_message default

# SSH

 config ssh algorithm 3DES enable
 config ssh algorithm AES128 enable
 config ssh algorithm AES192 enable
 config ssh algorithm AES256 enable
 config ssh algorithm arcfour enable
 config ssh algorithm blowfish enable
 config ssh algorithm cast128 enable
 config ssh algorithm twofish128 enable
 config ssh algorithm twofish192 enable
 config ssh algorithm twofish256 enable
 config ssh algorithm MD5 enable
 config ssh algorithm SHA1 enable
 config ssh algorithm RSA enable
 config ssh algorithm DSA enable
 config ssh authmode password enable
 config ssh authmode publickey enable
 config ssh authmode hostbased enable
 config ssh server maxsession 8
 config ssh server contimeout 120
 config ssh server authfail 2
 config ssh server rekey never
 disable ssh

# SNOOP

disable igmp_snooping
config igmp_snooping data_driven_learning max_learned_entry 56
config igmp_snooping vlan_name default host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name default aged_out disable
config igmp_snooping querier all query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config igmp_snooping vlan_name VLAN3 host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name VLAN3 aged_out disable
config igmp_snooping vlan_name VLAN68 host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name VLAN68 aged_out disable
config igmp_snooping vlan_name VLAN131 host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name VLAN131 aged_out disable
config igmp_snooping vlan_name VLAN689 host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping data_driven_learning vlan_name VLAN689 aged_out disable
config igmp access_authentication port 1 state disable
config igmp access_authentication port 2 state disable
config igmp access_authentication port 3 state disable
config igmp access_authentication port 4 state disable
config igmp access_authentication port 5 state disable
config igmp access_authentication port 6 state disable
config igmp access_authentication port 7 state disable
config igmp access_authentication port 8 state disable
config igmp access_authentication port 9 state disable
config igmp access_authentication port 10 state disable
config igmp access_authentication port 11 state disable
config igmp access_authentication port 12 state disable
config igmp access_authentication port 13 state disable
config igmp access_authentication port 14 state disable
config igmp access_authentication port 15 state disable
config igmp access_authentication port 16 state disable
config igmp access_authentication port 17 state disable
config igmp access_authentication port 18 state disable
config igmp access_authentication port 19 state disable
config igmp access_authentication port 20 state disable
config igmp access_authentication port 21 state disable
config igmp access_authentication port 22 state disable
config igmp access_authentication port 23 state disable
config igmp access_authentication port 24 state disable
config igmp access_authentication port 25 state disable
config igmp access_authentication port 26 state disable
config igmp access_authentication port 27 state disable
config igmp access_authentication port 28 state disable
config igmp access_authentication port 29 state disable
config igmp access_authentication port 30 state disable
config igmp access_authentication port 31 state disable
config igmp access_authentication port 32 state disable
config igmp access_authentication port 33 state disable
config igmp access_authentication port 34 state disable
config igmp access_authentication port 35 state disable
config igmp access_authentication port 36 state disable
config igmp access_authentication port 37 state disable
config igmp access_authentication port 38 state disable
config igmp access_authentication port 39 state disable
config igmp access_authentication port 40 state disable
config igmp access_authentication port 41 state disable
config igmp access_authentication port 42 state disable
config igmp access_authentication port 43 state disable
config igmp access_authentication port 44 state disable
config igmp access_authentication port 45 state disable
config igmp access_authentication port 46 state disable
config igmp access_authentication port 47 state disable
config igmp access_authentication port 48 state disable
config igmp access_authentication port 49 state disable
config igmp access_authentication port 50 state disable
config igmp access_authentication port 51 state disable
config igmp access_authentication port 52 state disable

# VLAN_TRUNK

disable vlan_trunk

# SMTP

disable smtp

# ACL

disable cpu_interface_filtering

# SNTP

enable sntp
config time_zone operator + hour 6 min 0
config sntp primary 10.25.0.19 secondary 10.25.0.19 poll-interval 2880
config dst disable

# DOS_PREVENTION

disable dos_prevention trap_log
config dos_prevention dos_type land_attack action drop state enable
config dos_prevention dos_type blat_attack action drop state enable
config dos_prevention dos_type smurf_attack action drop state enable
config dos_prevention dos_type tcp_null_scan action drop state enable
config dos_prevention dos_type tcp_xmascan action drop state enable
config dos_prevention dos_type tcp_synfin action drop state enable
config dos_prevention dos_type tcp_syn_srcport_less_1024 action drop state enable

# LACP

config lacp_port 1-52 mode passive
config link_aggregation algorithm mac_source

# ADDRBIND

config address_binding ip_mac ports 1 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 1 limit 5
config address_binding ip_mac ports 2 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 2 limit 5
config address_binding ip_mac ports 3 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 3 limit 5
config address_binding ip_mac ports 4 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 4 limit 5
config address_binding ip_mac ports 5 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 5 limit 5
config address_binding ip_mac ports 6 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 6 limit 5
config address_binding ip_mac ports 7 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 7 limit 5
config address_binding ip_mac ports 8 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 8 limit 5
config address_binding ip_mac ports 9 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 9 limit 5
config address_binding ip_mac ports 10 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 10 limit 5
config address_binding ip_mac ports 11 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 11 limit 5
config address_binding ip_mac ports 12 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 12 limit 5
config address_binding ip_mac ports 13 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 13 limit 5
config address_binding ip_mac ports 14 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 14 limit 5
config address_binding ip_mac ports 15 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 15 limit 5
config address_binding ip_mac ports 16 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 16 limit 5
config address_binding ip_mac ports 17 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 17 limit 5
config address_binding ip_mac ports 18 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 18 limit 5
config address_binding ip_mac ports 19 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 19 limit 5
config address_binding ip_mac ports 20 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 20 limit 5
config address_binding ip_mac ports 21 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 21 limit 5
config address_binding ip_mac ports 22 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 22 limit 5
config address_binding ip_mac ports 23 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 23 limit 5
config address_binding ip_mac ports 24 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 24 limit 5
config address_binding ip_mac ports 25 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 25 limit 5
config address_binding ip_mac ports 26 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 26 limit 5
config address_binding ip_mac ports 27 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 27 limit 5
config address_binding ip_mac ports 28 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 28 limit 5
config address_binding ip_mac ports 29 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 29 limit 5
config address_binding ip_mac ports 30 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 30 limit 5
config address_binding ip_mac ports 31 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 31 limit 5
config address_binding ip_mac ports 32 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 32 limit 5
config address_binding ip_mac ports 33 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 33 limit 5
config address_binding ip_mac ports 34 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 34 limit 5
config address_binding ip_mac ports 35 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 35 limit 5
config address_binding ip_mac ports 36 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 36 limit 5
config address_binding ip_mac ports 37 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 37 limit 5
config address_binding ip_mac ports 38 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 38 limit 5
config address_binding ip_mac ports 39 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 39 limit 5
config address_binding ip_mac ports 40 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 40 limit 5
config address_binding ip_mac ports 41 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 41 limit 5
config address_binding ip_mac ports 42 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 42 limit 5
config address_binding ip_mac ports 43 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 43 limit 5
config address_binding ip_mac ports 44 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 44 limit 5
config address_binding ip_mac ports 45 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 45 limit 5
config address_binding ip_mac ports 46 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 46 limit 5
config address_binding ip_mac ports 47 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 47 limit 5
config address_binding ip_mac ports 48 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding dhcp_snoop max_entry ports 48 limit 5
config address_binding ip_mac ports 49 state disable allow_zeroip disable forward_dhcppkt disable
config address_binding dhcp_snoop max_entry ports 49 limit no_limit
config address_binding ip_mac ports 50 state disable allow_zeroip disable forward_dhcppkt disable
config address_binding dhcp_snoop max_entry ports 50 limit no_limit
config address_binding ip_mac ports 51 state disable allow_zeroip disable forward_dhcppkt disable
config address_binding dhcp_snoop max_entry ports 51 limit no_limit
config address_binding ip_mac ports 52 state disable allow_zeroip disable forward_dhcppkt disable
config address_binding dhcp_snoop max_entry ports 52 limit no_limit
enable address_binding dhcp_snoop
enable address_binding trap_log

# IP

config ipif System vlan VLAN3 ipaddress 10.25.6.4/16 state enable
enable telnet 23
enable web 80
disable autoconfig

# LLDP

disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-52 notification disable
config lldp ports 1-52 admin_status tx_and_rx

# MLDSNP


# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up enable
config gratuitous_arp send dup_ip_detected enable
config gratuitous_arp learning enable

# AAA

config authen_login default method local
config authen_enable default method  local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
disable authen_policy
config admin local_enable




# DHCP_RELAY

enable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state enable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy replace
config dhcp_relay option_82 remote_id default
config dhcp_relay add ipif System 10.33.0.49

# DHCP_LOCAL_RELAY

disable dhcp_local_relay

# ROUTE

create iproute default 10.25.8.3 1

#-------------------------------------------------------------------
#             End of configuration file for DES-3052
#-------------------------------------------------------------------


Код:
#-------------------------------------------------------------------------------
#                      DGS-3627G Gigabit Ethernet Switch
#                                Configuration
#
#                           Firmware: Build 2.40.B75
#           Copyright(C) 2008 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------------------


# STACK


# DOUBLE_VLAN

disable double_vlan

# BASIC

config serial_port auto_logout 10_minutes
enable telnet 23
enable web 80
enable clipaging

# STORM

config traffic trap none
config traffic control  1-27 broadcast disable multicast disable unicast disable action drop threshold 131072 countdown 0 time_interval 5

# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# GM_H


# SYSLOG

disable syslog
config system_severity log information
config system_severity trap information
config log_save_timing on_demand

# QOS

config scheduling_mechanism strict
config scheduling 0 max_packet 1
config scheduling 1 max_packet 2
config scheduling 2 max_packet 3
config scheduling 3 max_packet 4
config scheduling 4 max_packet 5
config scheduling 5 max_packet 6
config scheduling 6 max_packet 7
config 802.1p user_priority 0  2
config 802.1p user_priority 1  0
config 802.1p user_priority 2  1
config 802.1p user_priority 3  3
config 802.1p user_priority 4  4
config 802.1p user_priority 5  5
config 802.1p user_priority 6  6
config 802.1p user_priority 7  6
enable hol_prevention
config 802.1p default_priority 1-27 0
config bandwidth_control 1-27 rx_rate no_limit tx_rate no_limit

# MIRROR

disable mirror

# TRAF-SEGMENTATION

config traffic_segmentation 1-22,25-27 forward_list all
config traffic_segmentation 23 forward_list 1-23,25-27
config traffic_segmentation 24 forward_list 1-22,24-27

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout 600

# PORT

disable jumbo_frame
config ports 1-20 speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 21-24 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
config ports 21-24 medium_type fiber speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 25-27 speed auto  flow_control disable learning enable state enable

# PORT_LOCK

config port_security ports 1-27 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp group ReadGroup
delete snmp group WriteGroup
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab03001cf02052c0
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3  noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp user initial initial

# MANAGEMENT

enable snmp traps
enable snmp authenticate_traps
disable snmp
enable snmp linkchange_traps
config snmp system_name D3627G08003
disable rmon
config snmp linkchange_traps ports 1-27 enable

# VLAN

enable pvid auto_assign
config vlan default delete 1-27
config vlan default add untagged 1-20,25-27
config vlan default advertisement enable
create vlan VLAN3 tag 3
config vlan VLAN3 add tagged 21-23 advertisement disable
create vlan VLAN33 tag 33
config vlan VLAN33 add untagged 24 advertisement disable
create vlan VLAN68 tag 68
config vlan VLAN68 add tagged 22-23 advertisement disable
disable qinq
disable gvrp
config gvrp 1-21,25-27 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 22-23 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 24 state disable ingress_checking enable acceptable_frame admit_all pvid 33

# PROTOCOL_VLAN


# QINQ

config qinq ports 1-27  missdrop disable tpid 0x8100
create vlan_translation ports 22 cvid 3 add svid 33
create vlan_translation ports 24 cvid 33 add svid 3

# RSPAN

disable rspan

# 8021X

disable 802.1x
config 802.1x auth_protocol radius_eap
config 802.1x capability ports 1-27 none
config 802.1x auth_parameter ports 1-27 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable

# guestvlan



# TR


# ACL

create access_profile profile_id 4 ip udp src_port_mask 0xFFFF dst_port_mask 0xFFFF
config access_profile profile_id 4 add access_id 22 ip udp src_port 68 dst_port 67  port 22 permit rx_rate no_limit
config access_profile profile_id 4 add access_id 53 ip udp src_port 67 dst_port 68  port 24 permit rx_rate no_limit
create access_profile profile_id 5 ip vlan udp src_port_mask 0xFFFF dst_port_mask 0xFFFF
config access_profile profile_id 5 add access_id 22 ip vlan VLAN68 udp src_port 68 dst_port 67  port 22 permit rx_rate no_limit
config access_profile profile_id 5 add access_id 53 ip vlan VLAN33 udp src_port 67 dst_port 68  port 24 permit rx_rate no_limit
disable cpu_interface_filtering

# LIMITED_MULTICAST_RANGE


# MULTICAST_VLAN


# FDB

config fdb aging_time 300

# ADDRBIND
config address_binding dhcp_snoop max_entry ports 1 limit no_limit
config address_binding dhcp_snoop max_entry ports 2 limit no_limit
config address_binding dhcp_snoop max_entry ports 3 limit no_limit
config address_binding dhcp_snoop max_entry ports 4 limit no_limit
config address_binding dhcp_snoop max_entry ports 5 limit no_limit
config address_binding dhcp_snoop max_entry ports 6 limit no_limit
config address_binding dhcp_snoop max_entry ports 7 limit no_limit
config address_binding dhcp_snoop max_entry ports 8 limit no_limit
config address_binding dhcp_snoop max_entry ports 9 limit no_limit
config address_binding dhcp_snoop max_entry ports 10 limit no_limit
config address_binding dhcp_snoop max_entry ports 11 limit no_limit
config address_binding dhcp_snoop max_entry ports 12 limit no_limit
config address_binding dhcp_snoop max_entry ports 13 limit no_limit
config address_binding dhcp_snoop max_entry ports 14 limit no_limit
config address_binding dhcp_snoop max_entry ports 15 limit no_limit
config address_binding dhcp_snoop max_entry ports 16 limit no_limit
config address_binding dhcp_snoop max_entry ports 17 limit no_limit
config address_binding dhcp_snoop max_entry ports 18 limit no_limit
config address_binding dhcp_snoop max_entry ports 19 limit no_limit
config address_binding dhcp_snoop max_entry ports 20 limit no_limit
config address_binding dhcp_snoop max_entry ports 21 limit no_limit
config address_binding dhcp_snoop max_entry ports 22 limit no_limit
config address_binding dhcp_snoop max_entry ports 23 limit no_limit
config address_binding dhcp_snoop max_entry ports 24 limit no_limit
config address_binding dhcp_snoop max_entry ports 25 limit no_limit
config address_binding dhcp_snoop max_entry ports 26 limit no_limit
config address_binding dhcp_snoop max_entry ports 27 limit no_limit
config address_binding ip_mac ports 1-27 forward_dhcppkt enable
disable address_binding dhcp_snoop

disable address_binding trap_log

# DhcpServerScreening

config filter dhcp_server port all state disable
config filter dhcp_server illegal_server_log_suppress_duration 5min
config filter dhcp_server trap_log disable

# MAC_ADDRESS_TABLE_NOTIFICATION

disable mac_notification
config mac_notification interval 1 historysize 1
config mac_notification ports 1-27 disable

# STP

 config stp version rstp
 config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu enable hellotime 2 lbd enable lbd_recover_timer 60
 config stp priority 32768 instance_id 0
 config stp mst_config_id name 00:1C:F0:20:52:C0 revision_level 0
 disable stp
 config stp ports 1-27 externalCost auto  edge false p2p auto state enable lbd disable
 config stp mst_ports 1-27 instance_id 0 internalCost auto priority 128
config stp ports 1-27 fbpdu enable

# BPDU_TUNNEL

 config bpdu_tunnel ports all type none
disable bpdu_tunnel

# SAFEGUARD_ENGINE

config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy

# BANNER_PROMP

config command_prompt default
config greeting_message default

# SSH

 config ssh algorithm 3DES enable
 config ssh algorithm AES128 enable
 config ssh algorithm AES192 enable
 config ssh algorithm AES256 enable
 config ssh algorithm arcfour enable
 config ssh algorithm blowfish enable
 config ssh algorithm cast128 enable
 config ssh algorithm twofish128 enable
 config ssh algorithm twofish192 enable
 config ssh algorithm twofish256 enable
 config ssh algorithm MD5 enable
 config ssh algorithm SHA1 enable
 config ssh algorithm RSA enable
 config ssh algorithm DSA enable
 config ssh authmode password enable
 config ssh authmode publickey enable
 config ssh authmode hostbased enable
 config ssh server maxsession 8
 config ssh server contimeout 120
 config ssh server authfail 2
 config ssh server rekey never
 disable ssh

# SNTP

enable sntp
config time_zone operator + hour 6 min 0
config sntp primary 10.25.0.19 secondary 0.0.0.0 poll-interval 2880
config dst disable

# LACP

config link_aggregation algorithm ip_source
config lacp_port 1-27 mode passive

# IP

config ipif_mac_mapping ipif System mac_offset 0
config ipif System ipaddress 10.25.8.3/16 vlan VLAN3
config ipif System proxy_arp disable local disable
config ipif_mac_mapping ipif DHCP33 mac_offset 1
create ipif DHCP33 10.33.0.48/16 VLAN33 state enable
config ipif DHCP33 proxy_arp disable local disable
config ipif_mac_mapping ipif DHCP68 mac_offset 2
create ipif DHCP68 10.68.0.48/16 VLAN68 state enable
config ipif DHCP68 proxy_arp disable local disable
config ipif DHCP33 ip_mtu 1500
config ipif DHCP68 ip_mtu 1500
config ipif System ip_mtu 1500
disable autoconfig

# MCFILTER

config multicast filtering_mode default forward_unregistered_groups

# SNOOP

config igmp_snooping vlan default host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config limited_multicast_addr ports 1-27 state disable

# MLDSNP

config mld_snooping vlan default node_timeout 260 router_timeout 260 done_timer 2 state disable fast_done disable
config mld_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable

# ACCESS_AUTHENTICATION_CONTROL

config authen_login default method local
config authen_enable default method  local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
disable authen_policy

# AAA_LOCAL_ENABLE_PASSWORD


# NDP

config ipv6 nd ns ipif System retrans_time 0
config ipv6 nd ra ipif System state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif DHCP33 retrans_time 0
config ipv6 nd ra ipif DHCP33 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif DHCP68 retrans_time 0
config ipv6 nd ra ipif DHCP68 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600

# WAC

 config wac method local
 disable wac

# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up disable
config gratuitous_arp send dup_ip_detected disable
config gratuitous_arp learning disable

# ROUTE

config route preference static 60
config route preference rip 100
config route preference ospfIntra 80
config route preference ospfInter 90
config route preference ospfExt1 110
config route preference ospfExt2 115
create iproute default 10.25.0.19 10 primary

# PROUTE

create policy_route name From_DHCP
config policy_route name From_DHCP acl profile_id 4 access_id 53 nexthop 10.25.8.3 state enable
create policy_route name To_DHCP
config policy_route name To_DHCP acl profile_id 4 access_id 22 nexthop 10.33.0.48 state enable

# LLDP

disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-27 notification disable
config lldp ports 1-27 admin_status tx_and_rx

# IGMP

config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif System last_member_query_interval 1
config igmp ipif DHCP33 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif DHCP33 last_member_query_interval 1
config igmp ipif DHCP68 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif DHCP68 last_member_query_interval 1

# PIMSM

disable pim
config pim cbsr hash_masklen 30
config pim cbsr bootstrap_period 60
config pim register_suppression_time 60
config pim register_probe_time 5
config pim last_hop_spt_switchover never
config pim crp holdtime 150 priority 192
config pim crp wildcard_prefix_cnt 0
config pim ipif System state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif System priority -1
config pim ipif DHCP33 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif DHCP33 priority -1
config pim ipif DHCP68 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif DHCP68 priority -1

# DVMRP

disable dvmrp
config dvmrp ipif System metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif DHCP33 metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif DHCP68 metric 1 probe 10 neighbor_timeout 35 state disable

# RIP

disable rip
config rip ipif System tx_mode disable state disable
config rip ipif System rx_mode disable state disable
config rip ipif DHCP33 tx_mode disable state disable
config rip ipif DHCP33 rx_mode disable state disable
config rip ipif DHCP68 tx_mode disable state disable
config rip ipif DHCP68 rx_mode disable state disable

# MD5


# SFLOW


# OSPF

config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif System authentication none metric 1 state disable passive disable
config ospf ipif DHCP33 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif DHCP33 authentication none metric 1 state disable passive disable
config ospf ipif DHCP68 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif DHCP68 authentication none metric 1 state disable passive disable
config ospf router_id 0.0.0.0
disable ospf

# DNSR

disable dnsr
config dnsr primary nameserver 0.0.0.0
config dnsr secondary nameserver 0.0.0.0
disable dnsr cache
disable dnsr static

# DHCP_RELAY

disable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state disable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy keep

# DHCP_SERVER

config dhcp ping_packets 2
config dhcp ping_timeout 500
disable dhcp_server

# VRRP

config vrrp ipif System authtype none
config vrrp ipif DHCP33 authtype none
config vrrp ipif DHCP68 authtype none
disable vrrp

disable vrrp ping


#-------------------------------------------------------------------
#             End of configuration file for DGS-3627G
#-------------------------------------------------------------------
[/img]


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Чт фев 05, 2009 17:22 
Не в сети
Сотрудник D-LINK
Сотрудник D-LINK

Зарегистрирован: Пт май 13, 2005 15:49
Сообщений: 20616
Откуда: D-Link, Moscow
Я Вам прошивки выслал.


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 18, 2009 11:20 
Не в сети

Зарегистрирован: Ср ноя 09, 2005 14:26
Сообщений: 808
Откуда: Alma-Ata
Иван, прошивки получил. Спасибо.
На 3052 установил.
Но 3052-й как лез со своими запросами к ДХЦП-серверу (поперек 3526), так и лезет. (т.е. запросы от клиента, подключенного к 3526 дублирует 3052 - в тестовой схеме это, конечно, некритично, но если все 30ХХ начнут дублировать все проходящие сквозь них запросы - это будет полный караул)
Конфиги их обоих на предыдущей странице.

У меня еще ряд вопросов появился.
вот схема:
Изображение

Клиенты получают адреса - все классно. А вот что дальше делать с ними - не пойму.
вопросы вот какие:
1. каким АЦЛ-ом мне грамотно разрешить весь клиентский трафик, при этом запретив как можно больше "чего не надо". Для теста я разрешил все IP - АЦЛ 5 в конфиге. Но мне кажется, что это как-то несекурно.

2. как на циске настроить прохождение клиентского трафика? В моем случае клиентский трафик (10.68.0.0/16) приходит на цискин интерфейс Gi0/1.168 с адресом 10.168.0.1/16. Я на Gi0/1.168 уже и секондери инт вешал (10.68.0.1/16)......

Короче, прошу хелпа, т.к. сам разобраться в маршрутизации пока не могу, а время поджимает.
Вот конфиги:
Код:
#-------------------------------------------------------------------------------
#                      DGS-3627G Gigabit Ethernet Switch
#                                Configuration
#
#                           Firmware: Build 2.40.B75
#           Copyright(C) 2008 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------------------


# STACK


# DOUBLE_VLAN

disable double_vlan

# BASIC

config serial_port auto_logout 10_minutes
enable telnet 23
enable web 80
enable clipaging

# STORM

config traffic trap none
config traffic control  1-27 broadcast disable multicast disable unicast disable action drop threshold 131072 countdown 0 time_interval 5

# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# GM_H


# SYSLOG

disable syslog
config system_severity log information
config system_severity trap information
config log_save_timing on_demand

# QOS

config scheduling_mechanism strict
config scheduling 0 max_packet 1
config scheduling 1 max_packet 2
config scheduling 2 max_packet 3
config scheduling 3 max_packet 4
config scheduling 4 max_packet 5
config scheduling 5 max_packet 6
config scheduling 6 max_packet 7
config 802.1p user_priority 0  2
config 802.1p user_priority 1  0
config 802.1p user_priority 2  1
config 802.1p user_priority 3  3
config 802.1p user_priority 4  4
config 802.1p user_priority 5  5
config 802.1p user_priority 6  6
config 802.1p user_priority 7  6
enable hol_prevention
config 802.1p default_priority 1-27 0
config bandwidth_control 1-27 rx_rate no_limit tx_rate no_limit

# MIRROR

disable mirror

# TRAF-SEGMENTATION

config traffic_segmentation 1-22,25-27 forward_list all
config traffic_segmentation 23 forward_list 1-23,25-27
config traffic_segmentation 24 forward_list 1-22,24-27

# SSL

disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout 600

# PORT

disable jumbo_frame
config ports 1-20 speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 21-24 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
config ports 21-24 medium_type fiber speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 25-27 speed auto  flow_control disable learning enable state enable

# PORT_LOCK

config port_security ports 1-27 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# SNMPv3

delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp group ReadGroup
delete snmp group WriteGroup
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab03001cf02052c0
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3  noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp user initial initial

# MANAGEMENT

enable snmp traps
enable snmp authenticate_traps
disable snmp
enable snmp linkchange_traps
config snmp system_name D3627G08003
disable rmon
config snmp linkchange_traps ports 1-27 enable

# VLAN

enable pvid auto_assign
config vlan default delete 1-27
config vlan default add untagged 1-20,25-27
config vlan default advertisement enable
create vlan VLAN3 tag 3
config vlan VLAN3 add tagged 21-23 advertisement disable
create vlan VLAN33 tag 33
config vlan VLAN33 add untagged 24 advertisement disable
create vlan VLAN68 tag 68
config vlan VLAN68 add tagged 22 advertisement disable
create vlan VLAN99 tag 99
config vlan VLAN99 add tagged 22 advertisement disable
create vlan VLAN168 tag 168
config vlan VLAN168 add tagged 23 advertisement disable
disable qinq
disable gvrp
config gvrp 1-21,25-27 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 22-23 state disable ingress_checking enable acceptable_frame admit_all pvid 68
config gvrp 24 state disable ingress_checking enable acceptable_frame admit_all pvid 33

# PROTOCOL_VLAN


# QINQ

config qinq ports 1-27  missdrop disable tpid 0x8100
create vlan_translation ports 22 cvid 3 add svid 33
create vlan_translation ports 22 cvid 68 replace svid 168
create vlan_translation ports 24 cvid 33 add svid 3

# RSPAN

disable rspan

# 8021X

disable 802.1x
config 802.1x auth_protocol radius_eap
config 802.1x capability ports 1-27 none
config 802.1x auth_parameter ports 1-27 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable

# guestvlan


# TR


# ACL

create access_profile profile_id 4 ip udp src_port_mask 0xFFFF dst_port_mask 0xFFFF
config access_profile profile_id 4 add access_id 22 ip udp src_port 68 dst_port 67  port 22 permit rx_rate no_limit
config access_profile profile_id 4 add access_id 53 ip udp src_port 67 dst_port 68  port 24 permit rx_rate no_limit
create access_profile profile_id 5 ip vlan
config access_profile profile_id 5 add access_id 22 ip vlan VLAN68  port 22 permit rx_rate no_limit
config access_profile profile_id 5 add access_id 23 ip vlan VLAN168  port 23 permit rx_rate no_limit
disable cpu_interface_filtering

# LIMITED_MULTICAST_RANGE


# MULTICAST_VLAN


# FDB

config fdb aging_time 300

# ADDRBIND
config address_binding dhcp_snoop max_entry ports 1 limit no_limit
config address_binding dhcp_snoop max_entry ports 2 limit no_limit
config address_binding dhcp_snoop max_entry ports 3 limit no_limit
config address_binding dhcp_snoop max_entry ports 4 limit no_limit
config address_binding dhcp_snoop max_entry ports 5 limit no_limit
config address_binding dhcp_snoop max_entry ports 6 limit no_limit
config address_binding dhcp_snoop max_entry ports 7 limit no_limit
config address_binding dhcp_snoop max_entry ports 8 limit no_limit
config address_binding dhcp_snoop max_entry ports 9 limit no_limit
config address_binding dhcp_snoop max_entry ports 10 limit no_limit
config address_binding dhcp_snoop max_entry ports 11 limit no_limit
config address_binding dhcp_snoop max_entry ports 12 limit no_limit
config address_binding dhcp_snoop max_entry ports 13 limit no_limit
config address_binding dhcp_snoop max_entry ports 14 limit no_limit
config address_binding dhcp_snoop max_entry ports 15 limit no_limit
config address_binding dhcp_snoop max_entry ports 16 limit no_limit
config address_binding dhcp_snoop max_entry ports 17 limit no_limit
config address_binding dhcp_snoop max_entry ports 18 limit no_limit
config address_binding dhcp_snoop max_entry ports 19 limit no_limit
config address_binding dhcp_snoop max_entry ports 20 limit no_limit
config address_binding dhcp_snoop max_entry ports 21 limit no_limit
config address_binding dhcp_snoop max_entry ports 22 limit no_limit
config address_binding dhcp_snoop max_entry ports 23 limit no_limit
config address_binding dhcp_snoop max_entry ports 24 limit no_limit
config address_binding dhcp_snoop max_entry ports 25 limit no_limit
config address_binding dhcp_snoop max_entry ports 26 limit no_limit
config address_binding dhcp_snoop max_entry ports 27 limit no_limit
config address_binding ip_mac ports 1-27 forward_dhcppkt enable
disable address_binding dhcp_snoop

disable address_binding trap_log

# DhcpServerScreening

config filter dhcp_server port all state disable
config filter dhcp_server illegal_server_log_suppress_duration 5min
config filter dhcp_server trap_log disable

# MAC_ADDRESS_TABLE_NOTIFICATION

disable mac_notification
config mac_notification interval 1 historysize 1
config mac_notification ports 1-27 disable

# STP

 config stp version rstp
 config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu enable hellotime 2 lbd enable lbd_recover_timer 60
 config stp priority 32768 instance_id 0
 config stp mst_config_id name 00:1C:F0:20:52:C0 revision_level 0
 disable stp
 config stp ports 1-20 externalCost auto  edge false p2p auto state enable lbd disable
 config stp mst_ports 1-27 instance_id 0 internalCost auto priority 128
config stp ports 1-20 fbpdu enable
 config stp ports 21-27 externalCost auto  edge false p2p auto state disable lbd disable
config stp ports 21-27 fbpdu disable

# BPDU_TUNNEL

 config bpdu_tunnel ports all type none
disable bpdu_tunnel

# SAFEGUARD_ENGINE

config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy

# BANNER_PROMP

config command_prompt default
config greeting_message default

# SSH

 config ssh algorithm 3DES enable
 config ssh algorithm AES128 enable
 config ssh algorithm AES192 enable
 config ssh algorithm AES256 enable
 config ssh algorithm arcfour enable
 config ssh algorithm blowfish enable
 config ssh algorithm cast128 enable
 config ssh algorithm twofish128 enable
 config ssh algorithm twofish192 enable
 config ssh algorithm twofish256 enable
 config ssh algorithm MD5 enable
 config ssh algorithm SHA1 enable
 config ssh algorithm RSA enable
 config ssh algorithm DSA enable
 config ssh authmode password enable
 config ssh authmode publickey enable
 config ssh authmode hostbased enable
 config ssh server maxsession 8
 config ssh server contimeout 120
 config ssh server authfail 2
 config ssh server rekey never
 disable ssh

# SNTP

enable sntp
config time_zone operator + hour 6 min 0
config sntp primary 10.25.0.19 secondary 0.0.0.0 poll-interval 2880
config dst disable

# LACP

config link_aggregation algorithm ip_source
config lacp_port 1-27 mode passive

# IP

config ipif_mac_mapping ipif System mac_offset 0
config ipif System ipaddress 10.25.88.3/16 vlan VLAN3
config ipif System proxy_arp disable local disable
config ipif_mac_mapping ipif RM99 mac_offset 3
create ipif RM99 10.125.1.3/24 VLAN99 state enable
config ipif RM99 proxy_arp disable local disable
config ipif_mac_mapping ipif RC168 mac_offset 4
create ipif RC168 10.168.0.48/16 VLAN168 state enable
config ipif RC168 proxy_arp disable local disable
config ipif_mac_mapping ipif DHCP33 mac_offset 1
create ipif DHCP33 10.33.0.48/16 VLAN33 state enable
config ipif DHCP33 proxy_arp disable local disable
config ipif_mac_mapping ipif DHCP68 mac_offset 2
create ipif DHCP68 10.68.0.48/16 VLAN68 state enable
config ipif DHCP68 proxy_arp disable local disable
config ipif RM99 ip_mtu 1500
config ipif RC168 ip_mtu 1500
config ipif DHCP33 ip_mtu 1500
config ipif DHCP68 ip_mtu 1500
config ipif System ip_mtu 1500
disable autoconfig

# MCFILTER

config multicast filtering_mode default forward_unregistered_groups

# SNOOP

config igmp_snooping vlan default host_timeout 260 router_timeout 260 leave_timer 2 state disable fast_leave disable
config igmp_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable
config limited_multicast_addr ports 1-27 state disable

# MLDSNP

config mld_snooping vlan default node_timeout 260 router_timeout 260 done_timer 2 state disable fast_done disable
config mld_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable

# ACCESS_AUTHENTICATION_CONTROL

config authen_login default method local
config authen_enable default method  local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
disable authen_policy

# AAA_LOCAL_ENABLE_PASSWORD


# NDP

config ipv6 nd ns ipif System retrans_time 0
config ipv6 nd ra ipif System state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif RM99 retrans_time 0
config ipv6 nd ra ipif RM99 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif RC168 retrans_time 0
config ipv6 nd ra ipif RC168 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif DHCP33 retrans_time 0
config ipv6 nd ra ipif DHCP33 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif DHCP68 retrans_time 0
config ipv6 nd ra ipif DHCP68 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600

# WAC

 config wac method local
 disable wac

# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up disable
config gratuitous_arp send dup_ip_detected disable
config gratuitous_arp learning disable
enable gratuitous_arp ipif RM99 trap
enable gratuitous_arp ipif RM99 log
enable gratuitous_arp ipif System trap
enable gratuitous_arp ipif System log

# ROUTE

config route preference static 60
config route preference rip 100
config route preference ospfIntra 80
config route preference ospfInter 90
config route preference ospfExt1 110
config route preference ospfExt2 115
create iproute default 10.25.0.19 10 primary

# PROUTE

create policy_route name From_Client
config policy_route name From_Client acl profile_id 5 access_id 22 nexthop 10.137.0.1 state enable
create policy_route name From_DHCP
config policy_route name From_DHCP acl profile_id 4 access_id 53 nexthop 10.125.8.3 state enable
create policy_route name To_Client
config policy_route name To_Client acl profile_id 5 access_id 23 nexthop 10.68.0.48 state enable
create policy_route name To_DHCP
config policy_route name To_DHCP acl profile_id 4 access_id 22 nexthop 10.33.0.48 state enable

# LLDP

disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-27 notification disable
config lldp ports 1-27 admin_status tx_and_rx

# IGMP

config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif System last_member_query_interval 1
config igmp ipif RM99 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif RM99 last_member_query_interval 1
config igmp ipif RC168 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif RC168 last_member_query_interval 1
config igmp ipif DHCP33 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif DHCP33 last_member_query_interval 1
config igmp ipif DHCP68 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif DHCP68 last_member_query_interval 1

# PIMSM

disable pim
config pim cbsr hash_masklen 30
config pim cbsr bootstrap_period 60
config pim register_suppression_time 60
config pim register_probe_time 5
config pim last_hop_spt_switchover never
config pim crp holdtime 150 priority 192
config pim crp wildcard_prefix_cnt 0
config pim ipif System state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif System priority -1
config pim ipif RM99 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif RM99 priority -1
config pim ipif RC168 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif RC168 priority -1
config pim ipif DHCP33 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif DHCP33 priority -1
config pim ipif DHCP68 state disable hello 30 jp_interval 60 mode dm dr_priority 1
config pim cbsr ipif DHCP68 priority -1

# DVMRP

disable dvmrp
config dvmrp ipif System metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif RM99 metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif RC168 metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif DHCP33 metric 1 probe 10 neighbor_timeout 35 state disable
config dvmrp ipif DHCP68 metric 1 probe 10 neighbor_timeout 35 state disable

# RIP

disable rip
config rip ipif System tx_mode disable state disable
config rip ipif System rx_mode disable state disable
config rip ipif RM99 tx_mode disable state disable
config rip ipif RM99 rx_mode disable state disable
config rip ipif RC168 tx_mode disable state disable
config rip ipif RC168 rx_mode disable state disable
config rip ipif DHCP33 tx_mode disable state disable
config rip ipif DHCP33 rx_mode disable state disable
config rip ipif DHCP68 tx_mode disable state disable
config rip ipif DHCP68 rx_mode disable state disable

# MD5


# SFLOW


# OSPF

create ospf area 10.125.1.0 type nssa  translate enable stub_summary enabled metric 0
config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif System authentication none metric 1 state enable passive disable
config ospf ipif DHCP33 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif DHCP33 authentication none metric 1 state disable passive disable
config ospf ipif DHCP68 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif DHCP68 authentication none metric 1 state disable passive disable
config ospf ipif RM99 area 10.125.1.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif RM99 authentication none metric 1 state enable passive disable
config ospf ipif RC168 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif RC168 authentication none metric 1 state disable passive disable
create ospf aggregation 10.125.1.0 10.125.1.0/24 lsdb_type nssa_ext advertise disable
config ospf router_id 10.25.88.3
enable ospf

# DNSR

disable dnsr
config dnsr primary nameserver 0.0.0.0
config dnsr secondary nameserver 0.0.0.0
disable dnsr cache
disable dnsr static

# DHCP_RELAY

disable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state disable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy keep

# DHCP_SERVER

config dhcp ping_packets 2
config dhcp ping_timeout 500
disable dhcp_server

# VRRP

config vrrp ipif System authtype none
config vrrp ipif RM99 authtype none
config vrrp ipif RC168 authtype none
config vrrp ipif DHCP33 authtype none
config vrrp ipif DHCP68 authtype none
disable vrrp

disable vrrp ping


#-------------------------------------------------------------------
#             End of configuration file for DGS-3627G
#-------------------------------------------------------------------


и конфиг цискиного интерфейса:
[code]
sh run int gi0/1.168
Building configuration...

Current configuration : 553 bytes
!
interface GigabitEthernet0/1.168
description Test
encapsulation dot1Q 168
[code] ip address 10.68.0.1 255.255.0.0 secondary
ip address 10.168.0.1 255.255.0.0
no ip redirects
ip nat inside
ip flow ingress
no ip mroute-cache
ip policy route-map tst2
pppoe enable group global
no snmp trap link-status
no cdp enable
end
[/code]

еще так делал - убирал тут строку
[code]
ip address 10.68.0.1 255.255.0.0 secondary
[/code]
и добавлял
[code]
ip route 10.68.0.0 255.255.0.0 10.168.0.48
[/code]

Может я какие маршруты на 3627-м не прописал еще??????


Вернуться наверх
 Профиль  
 
 Заголовок сообщения:
СообщениеДобавлено: Ср фев 18, 2009 16:16 
Не в сети
Сотрудник D-LINK
Сотрудник D-LINK

Зарегистрирован: Пт май 13, 2005 15:49
Сообщений: 20616
Откуда: D-Link, Moscow
Вы не могли бы повторить то же самое по почте с конфигами слитыми по TFTP в виде файлов?


Вернуться наверх
 Профиль  
 
Показать сообщения за:  Сортировать по:  
Начать новую тему Ответить на тему  [ Сообщений: 71 ]  На страницу Пред.  1, 2, 3, 4, 5  След.

Часовой пояс: UTC + 3 часа


Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 14


Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Найти:
Перейти:  
Создано на основе phpBB® Forum Software © phpBB Group
Русская поддержка phpBB