AAA配置
conf t
!aaa new-model! aaa group server tacacs+ LOGINTACserver 172.16.30.220Server 172.16.40.1!tacacs-server host 172.16.30.220 key n3w3ggtacacs-server host 172.16.40.1 key n3w3gg!ip tacacs source-interface gi 0/1!aaa authentication login default group LOGINTAC local aaa authentication enable default enable group LOGINTACaaa authorization config-commandsaaa authorization exec default group LOGINTAC if-authenticatedaaa authorization commands 1 default if-authenticatedaaa authorization commands 15 default if-authenticatedaaa accounting commands 1 default start-stop group LOGINTACaaa accounting commands 15 default start-stop group LOGINTAC!!endwr
Clock 配置
CLIENT:
clock timezone PST -8clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00ntp authentication-key 1 md5 n3w3ggntp server 10.1.37.21 key 1 NTP SERVER:!
ntp clock-period 17177077ntp source GigabitEthernet4.1ntp master 4ntp update-calendarntp server 10.1.37.10ntp server 10.1.37.52
默认配置
en
config t!hostname **********!service timestamps log datetime localtime show-timezone service timestamps debug datetime localtime show-timezone service password-encryptionno ip domain-lookup!enable secret **********!user admin privilege 15 secret **********!line con 0exec-timeout 200 0logging synchronous!line vty 0 4exec-timeout 200 0logging synchronous!endwr
默认交换机配置
VTP MODE CLIENT
VTP DOMAIN WH7VTP passwordSpanning-tree portfast bpduguard default
!Errdisable recovery cause bpduguardErrdisable recovery interval 240
Snmp-syslog-netflow
Use for syslog filter (logging facility local0 - Switches)
(logging facility local1 - Routers) logging trap errorslogging facility local1logging 10.1.37.22snmp-server community $reed ROsnmp-server host 10.1.37.22 $reedip flow-export source GigabitEthernet0/1
ip flow-export version 5ip flow-export destination 10.1.37.21 9996( ip flow-export destination 71.94.141.193 9996 = only on external devices )
( logging 71.94.141.194 = For external devices)interface Serial1/0
ip route-cache flow