Scribd
Upload
95 views3 pages

Network Configuration for VLANs and Security

This document contains the configuration of a network switch. It sets usernames and passwords for administrative access, defines VLANs and their associated network interfaces, enables remote management protocols, and configures SNMP, logging, NTP, and STP settings. It also applies filters to limit broadcast and multicast traffic on specific VLANs.

Uploaded by

Isaac Araujo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
95 views3 pages

Network Configuration for VLANs and Security

This document contains the configuration of a network switch. It sets usernames and passwords for administrative access, defines VLANs and their associated network interfaces, enables remote management protocols, and configures SNMP, logging, NTP, and STP settings. It also applies filters to limit broadcast and multicast traffic on specific VLANs.

Uploaded by

Isaac Araujo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

configure

no username guest
no ip snmp-server community public
no remote-devices enable

hostname M-BR-PA-CAH-CAL-SWT-006
!
!
terminal timeout 300
!
username admin access-level 15
username admin password 7 765634b9a7a0ea75278b23ecd66a4a99f30a62a3
username txn1 access-level 15
username txn1 password 7 7b767b39ebedfaa1a42c487344e97c0b6cab7ad6
!
clock timezone brasilia -3
!
banner login
~

################################################################
# ATENCAO: ACESSO PERMITIDO PARA PESSOAL AUTORIZADO. #
# DESCONECTE-SE IMEDIATAMENTE #
# ATTENTION: AUTHORIZED PERSONAL ONLY. DISCONNECT IMMEDIATELY. #
################################################################

~
!
cpu-dos-protect rate-limit global 150
!
interface vlan 2
no name
set-member untagged ethernet all
!
interface vlan 1
no name
no ip address
no set-member
!
interface vlan 3647
name GER_M-BR-PA-CAH-CAL-SWA-101_VLAN3647
ip add 172.21.53.201/29
set-member tagged ethernet 1/1
!
exit
!
interface vlan 104
name IPD_LOJAS MARILAR LTDA_115Mbps_ID-1378624
set-member tagged ethernet 1/1
set-member untagged ethernet 1/5
!
cpu-dos-protect rate-limit global 150
vlan-group 1
vlan-group 1 vlan all
!
interface ethernet 1/1
description UPLINK_M-BR-PA-CAH-CAL-SWA-101_Eth_2/5
no negotiation
speed-duplex 1000full
switchport native vlan 2
no switchport storm-control broadcast
no switchport storm-control multicast
no switchport storm-control dlf
!
interface ethernet range 1/2 1/4
shutdown
no switchport storm-control broadcast
no switchport storm-control multicast
no switchport storm-control dlf
switchport mtu 9198
switchport native vlan 2
!
interface ethernet 1/5
description IPD_LOJAS MARILAR LTDA_115MbpsMB_ID-1378624
rate-limit input rate 117760 burst 512
rate-limit output rate 117760 burst 512
negotiation
no capabilities all
capabilities 100full
capabilities 1000full
spanning-tree restricted-tcn
no spanning-tree 1
switchport native vlan 104
no switchport storm-control broadcast
no switchport storm-control multicast
no switchport storm-control dlf
switchport mtu 9198
!
interface ethernet range 1/6 1/8
shutdown
no switchport storm-control broadcast
no switchport storm-control multicast
no switchport storm-control dlf
switchport mtu 1522
switchport native vlan 2
!
no remote-devices enable
remote-devices enable ethernet range 1/1 1/4
!
ip default-gateway 172.21.53.193
!
ip telnet server
ip http server
ip http secure-server
ip ssh host-key generate
ip ssh server
!
ip snmp-server
ip snmp-server community 701hHg61 ro
ip snmp-server community G34@T@c5M rw
ip snmp-server host 200.204.1.68 version 2c G34@T@c5M
ip snmp-server host 200.204.1.71 version 2c G34@T@c5M
ip snmp-server host 200.204.1.89 version 2c G34@T@c5M
ip snmp-server host 200.204.1.91 version 2c G34@T@c5M
!
management http-client 200.204.1.68/32
management http-client 200.204.1.71/32
management http-client 200.204.1.89/32
management http-client 200.204.1.91/32
management snmp-client 200.204.1.68/32
management snmp-client 200.204.1.71/32
management snmp-client 200.204.1.89/32
management snmp-client 200.204.1.91/32
management ssh-client 200.148.96.8/32
management ssh-client 200.204.1.4/32
management ssh-client 200.204.1.68/32
management ssh-client 200.204.1.71/32
management ssh-client 200.204.1.89/32
management ssh-client 200.204.1.91/32
management ssh-client 200.204.1.168/32
management ssh-client 200.204.246.5/32
!
logging history ram 7
logging history flash 6
logging trap 7
logging host 200.153.1.138
logging host 200.204.1.106
!
sntp client
sntp server 200.204.1.103
!
spanning-tree 1
spanning-tree 1 vlan-group 1
!
spanning-tree bpduguard
!
meter new mode flow rate-limit 128 burst 128 remark BROADCAST_VLAN_GERENCIA
meter new mode flow rate-limit 128 burst 128 remark MULTICAST_VLAN_GERENCIA
!
filter new action red-deny match destination-mac host FF-FF-FF-FF-FF-FF match vlan
3647 ingress ethernet all meter 1 priority 0 remark BROADCAST_VLAN_GERENCIA
filter new action red-deny match destination-mac 01-00-00-00-00-00 01-00-00-00-00-
00 match vlan 3647 ingress ethernet all meter 2 priority 0 remark
MULTICAST_VLAN_GERENCIA
filter new action 802.1p 6 match vlan 3647 ingress ethernet all priority 8
!
exit
!
copy running-config startup-config 1
copy running-config startup-config 2

You might also like