核心交换机办公网常用配置

1.配置VSS

2.根据用途划分VLAN

   如：有线、无线、管理、行政、服务器（idrac、管理等）

3.配置远程登录

4.配置与接入、汇聚交换机互联  

interface TenGigabitEthernet1/2/1
 description 29.10
 switchport trunk allowed vlan 1-63,71-4094
 switchport mode trunk
 channel-protocol lacp
 channel-group 10 mode active

interface TenGigabitEthernet2/2/1
 description 29.10
 switchport trunk allowed vlan 1-63,71-4094
 switchport mode trunk
 channel-protocol lacp
 channel-group 10 mode active

interface Port-channel10
 description 10.11.29.10
 switchport
 switchport trunk allowed vlan 1-63,71-4094
 switchport mode trunk

  注：配置trunk口只注意排除掉RSPAN VLAN。

5.各VLAN网关配置ACL、DHCP中继  

interface Vlan3
 ip address 10.11.3.254 255.255.255.0
 ip access-group vlan3 out
 ip helper-address 10.11.103.11
 ip helper-address 10.11.103.12

  ACL主要为限制跨网段访问445端口  

ip access-list extended vlan102
 permit tcp any host 10.11.102.11 eq 445
 permit tcp any host 10.11.102.12 eq 445
 deny   tcp any 10.11.102.0 0.0.0.255 eq 445
 permit ip any any

6.配置VTP

  vtp domain xxx

  vtp mode server

  vtp password xxx

7.配置SNMP

snmp-server community xxx RO

8.抓包  

monitor session 1 source interface Gi1/3/23
monitor session 1 source interface Gi2/3/23
monitor session 1 destination interface Gi1/3/22