DGS-3627:admin#show config active
Command: show config active

#-------------------------------------------------------------------------------
#                       DGS-3627 Gigabit Ethernet Switch
#                                Configuration
#
#                           Firmware: Build 2.82.B13
#           Copyright(C) 2010 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------------------

# STACK

config stacking force_master_role state disable

# DOUBLE_VLAN

disable double_vlan

# BASIC

# ACCOUNT LIST
... (поскипано)

# ACCOUNT END
# PASSWORD ENCRYPTION
disable password encryption
config serial_port auto_logout 10_minutes
enable telnet 23
disable web
enable clipaging

# DEBUG

debug config state disable
debug config error_reboot enable

# STORM

config traffic control auto_recover_time 0
config traffic trap none
config traffic control  1-27 broadcast disable multicast disable unicast disable action drop threshold 131072 countdown 0 time_interval 5

# LOOP_DETECT
# GM

config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100

# GM_H
# SYSLOG

disable syslog
config system_severity log information
config system_severity trap information
config log_save_timing on_demand

# QOS

enable hol_prevention
disable cpu_rx_rate_control 0
disable cpu_rx_rate_control 1
disable cpu_rx_rate_control 2
config 802.1p default_priority 1-27 0
config bandwidth_control 1-27 rx_rate no_limit tx_rate no_limit
config per_queue bandwidth_control ports 1-27 0 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 1 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 2 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 3 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 4 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 5 min_rate  no_limit  max_rate no_limit
config per_queue bandwidth_control ports 1-27 6 min_rate  no_limit  max_rate no_limit
config scheduling_mechanism ports 1-27 strict
config scheduling ports 1-27 0  max_packet  1
config scheduling ports 1-27 1  max_packet  2
config scheduling ports 1-27 2  max_packet  3
config scheduling ports 1-27 3  max_packet  4
config scheduling ports 1-27 4  max_packet  5
config scheduling ports 1-27 5  max_packet  6
config scheduling ports 1-27 6  max_packet  7
config 802.1p user_priority ports 1-27 0  2
config 802.1p user_priority ports 1-27 1  0
config 802.1p user_priority ports 1-27 2  1
config 802.1p user_priority ports 1-27 3  3
config 802.1p user_priority ports 1-27 4  4
config 802.1p user_priority ports 1-27 5  5
config 802.1p user_priority ports 1-27 6  6
config 802.1p user_priority ports 1-27 7  6

# MIRROR

disable mirror

# TRAF-SEGMENTATION

config traffic_segmentation 1-27 forward_list all

# SSL

disable ssl
...

# PORT

enable jumbo_frame
config jumbo_frame ports 1-27 state enable
config ports 1 speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable description 1
*** (порты 2-20)
config ports 21-22,24 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
config ports 21-24 medium_type fiber speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 23 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state disable
config ports 25-27 speed auto  flow_control disable learning enable state enable

# OAM
# DDM

config ddm trap disable
config ddm log enable
config ddm ports 21-24 state enable shutdown alarm

# PORT_LOCK

config port_security ports 1-27 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset

# SNMPv3
...
# MANAGEMENT

enable snmp traps
enable snmp authenticate_traps
enable snmp
enable snmp linkchange_traps
disable rmon
config snmp linkchange_traps ports 1-27 enable

# VLAN

enable pvid auto_assign
config vlan default delete 1-27
config vlan default add untagged 3,5-27
config vlan default advertisement enable
*** (примерно 30 вланов)
disable qinq
disable gvrp
enable vlan_trunk
config vlan_trunk ports 23-24 state enable
config gvrp 1 state disable ingress_checking enable acceptable_frame admit_all pvid 276
config gvrp 2,20 state disable ingress_checking enable acceptable_frame admit_all pvid 40
config gvrp 3,7-8,12-13,16-18,21,23-27 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 4 state disable ingress_checking enable acceptable_frame admit_all pvid 729
config gvrp 5 state disable ingress_checking enable acceptable_frame admit_all pvid 31
config gvrp 6 state disable ingress_checking enable acceptable_frame admit_all pvid 284
config gvrp 9 state disable ingress_checking enable acceptable_frame admit_all pvid 223
config gvrp 10 state disable ingress_checking enable acceptable_frame admit_all pvid 798
config gvrp 11 state disable ingress_checking enable acceptable_frame admit_all pvid 269
config gvrp 14 state disable ingress_checking enable acceptable_frame admit_all pvid 8
config gvrp 15 state disable ingress_checking enable acceptable_frame admit_all pvid 272
config gvrp 19 state disable ingress_checking enable acceptable_frame admit_all pvid 19
config gvrp 22 state disable ingress_checking enable acceptable_frame admit_all pvid 80

# PROTOCOL_VLAN
# QINQ
# SUBNETVLAN

config vlan_precedence port 1-27 mac_based_vlan

# SUPERVLAN
# RSPAN

disable rspan

# MEF
# 8021X

disable 802.1x
...

# guestvlan
# TR
# ACL

enable cpu_interface_filtering

# NLB
# LIMITED_MULTICAST_RANGE
# MULTICAST_VLAN
# FDB

config fdb aging_time 300

# ADDRBIND

config address_binding ip_mac ports 1-27 forward_dhcppkt enable
disable address_binding dhcp_snoop
disable address_binding dhcp_snoop ipv6
disable address_binding nd_snoop
disable address_binding trap_log
config address_binding dhcp_snoop max_entry ports 1-27 limit no_limit

# DHCPV6_SNOOPING
# ND_SNOOPING
# DhcpServerScreening

config filter dhcp_server port all state disable
config filter dhcp_server illegal_server_log_suppress_duration 5min
config filter dhcp_server trap_log disable

# ARPSpoofingPrevention
# MAC_ADDRESS_TABLE_NOTIFICATION

disable mac_notification
config mac_notification interval 1 historysize 1
config mac_notification ports 1-27 disable

# STP

disable stp
...

# BPDU_TUNNEL

config bpdu_tunnel ports all type none
disable bpdu_tunnel

# BPDU_PROTECTION

enable bpdu_protection
config bpdu_protection ports 8 state enable
config bpdu_protection ports 1-27 mode shutdown

# SAFEGUARD_ENGINE

config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy

# BANNER_PROMP

config command_prompt default
config greeting_message default

# SSH

disable ssh
...

# SERVER_PROFILE
# DNSRESOLVER

disable dns_resolver
config name_server timeout 3

# CMDLOG

disable command logging

# BCPING

disable broadcast_ping_reply

# SNTP

enable sntp
config time_zone operator + hour 4 min 0
config sntp primary 217.148.211.60 secondary 0.0.0.0 poll-interval 720
config dst disable

# LACP

config link_aggregation algorithm ip_source
config lacp_port 1-27 mode passive

# IP

config ipif_mac_mapping ipif System mac_offset 0
config ipif System ipaddress *.*.*.*/* vlan default
config ipif System dhcpv6_client disable
config ipif System ip_directed_broadcast  disable
config ipif System proxy_arp disable local disable
disable ipif System
config ipif_mac_mapping ipif IF1 mac_offset 15
create ipif IF1 *.*.*.*/* v1 state enable
config ipif IF1 proxy_arp disable local disable
config ipif_mac_mapping ipif IF2 mac_offset 19
create ipif IF2 *.*.*.*/* v2 state enable
config ipif IF2 proxy_arp disable local disable
(далее идут примерно 20 primary IPIF'ов)
create ipif IF2_1 *.*.*.*/* v40 state enable secondary
config ipif IF2_1 proxy_arp disable local disable
*** (далее еще десяток секондарей)
config ipif IF1 ip_mtu 1500
config ipif IF2 ip_mtu 1500
***
config ipif IF1 dhcpv6_client disable
config ipif IF2 dhcpv6_client disable
***
config ipif IF1  ip_directed_broadcast  disable
config ipif IF2  ip_directed_broadcast  disable
***
disable autoconfig

# ip_tunnel
# ERPS

disable erps
config erps log disable
config erps trap disable

# DHCP_SERVER

disable dhcp_server
...

# WAC

disable wac
...

# JWAC

disable jwac
...

# SFLOW
# LLDP

disable lldp
...

# MBA

disable mac_based_access_control
...

# MCFILTER
# COMPOUND_AUTHENTICATION

config authentication ports 1-27 auth_mode host_based
config authentication ports 1-27 multi_authen_methods none
enable authorization attributes
config authentication server failover block

# SNOOP

config limited_multicast_addr ports 1-27 state disable

# MLDSNP
# ACCESS_AUTHENTICATION_CONTROL

... (конфиг authen поскипан)

# AAA_LOCAL_ENABLE_PASSWORD
# AAA ADMIN PWD LIST

config admin local_enable
...

# AAA ADMIN PWD END
# NDP

config ipv6 nd ns ipif System retrans_time 0
config ipv6 nd ra ipif System state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
config ipv6 nd ns ipif IF1 retrans_time 0
config ipv6 nd ra ipif IF1 state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
*** (здесь конфиг для остальных IPIF'ов)

# RIPng

disable ripng
...

# ARP

config arp_aging time 20
config gratuitous_arp send ipif_status_up disable
config gratuitous_arp send dup_ip_detected disable
config gratuitous_arp learning disable

# ROUTEFILTER
# ROUTE

config route preference static 60
config route preference default 1
config route preference rip 100
config route preference ospfIntra 80
config route preference ospfInter 90
config route preference ospfExt1 110
config route preference ospfExt2 115
config route preference ebgp 70
config route preference ibgp 130
create iproute default *.*.*.* 1 primary
create route redistribute dst ospf src static mettype 2 metric 20
create route redistribute dst ospf src local mettype 2 metric 20
config ecmp algorithm ip_destination   crc_low
enable ecmp ospf

# PROUTE
# RELAY6

config dhcpv6_relay hop_count  4
disable dhcpv6_relay

# DHCPv6_SERVER

disable dhcpv6_server
...

# IGMP

config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif System last_member_query_interval 1
config igmp check_subscriber_source_network ipif System enable
config igmp ipif IF1 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif IF1 last_member_query_interval 1
config igmp check_subscriber_source_network ipif IF1 enable
*** (аналогично для всех IPIF'ов)

# PIMSM

disable pim
...

# DVMRP

disable dvmrp
...

# IPMROUTE
# RIP

disable rip
...

# MD5
# OSPF

config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif System authentication none metric 1 state disable passive disable
config ospf ipif IF1 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif IF1 authentication none metric 1 state disable passive disable
*** (далее для всех IPIF'ов)
config ospf router_id *.*.*.*
enable ospf

# BGP
# OSPFv3

config ospfv3 router_id 0.0.0.0
disable ospfv3

# DNSR

disable dnsr
config dnsr primary nameserver 0.0.0.0
config dnsr secondary nameserver 0.0.0.0
disable dnsr cache
disable dnsr static

# MLD

config mld ipif System query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 version 2 state disable
config mld ipif IF1 query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 version 2 state disable
*** (далее для всех IPIF'ов)

# PIM6

disable pim6
...

# DHCP_RELAY

disable dhcp_relay
...
disable dhcp_local_relay

# VRRP

...
disable vrrp
disable vrrp ping

#-------------------------------------------------------------------
#             End of configuration file for DGS-3627
#-------------------------------------------------------------------