본문 바로가기
업무이야기/L4

Piolink L4 전체 설정

by 쫑콩아빠 2011. 11. 9.
반응형
Piolink L4  전체 설정

 

switch(config)# sh run

Current configuration (ver 3.3.3):

!

configure

!

hostname switch

terminal length 30

terminal timeout 10

mac-ageing 300

!

! Alias setting

!

!

! Port setting

!

port 1 enable

port 1 duplex auto

port 1 speed auto

port 2 enable

port 2 duplex auto

port 2 speed auto

port 3 enable

port 3 duplex auto

port 3 speed auto

port 4 enable

port 4 duplex auto

port 4 speed auto

port 5 enable

port 5 duplex auto

port 5 speed auto

port 6 enable

port 6 duplex auto

port 6 speed auto

port 7 enable

port 7 duplex auto

port 7 speed auto

port 8 enable

port 8 duplex auto

port 8 speed auto

port 9 enable

port 9 duplex full

port 9 speed 10

port 9 mdi-mdix mdi

port 10 enable

port 10 duplex auto

port 10 speed auto

port 11 enable

port 11 duplex auto

port 11 speed auto

port 12 enable

port 12 duplex auto

port 12 speed auto

port 13 enable

port 13 duplex auto

port 13 speed auto

port 14 enable

port 14 duplex auto

port 14 speed auto

port 15 enable

port 15 duplex auto

port 15 speed auto

port 16 enable

port 16 duplex auto

port 16 speed auto

port 17 enable copper

port 17 duplex auto copper

port 17 speed auto copper

port 17 enable fiber

port 17 duplex auto fiber

port 17 speed auto fiber

port 18 enable copper

port 18 duplex auto copper

port 18 speed auto copper

port 18 enable fiber

port 18 duplex auto fiber

port 18 speed auto fiber

!

! Mirroring setting

!

mirroring disable

!

! VLAN setting

!

vlan lan 20

vlan lan up

vlan lan port 1,2,3,4,5,6,7,8 untagged

vlan pvid lan port 1

vlan pvid lan port 2

vlan pvid lan port 3

vlan pvid lan port 4

vlan pvid lan port 5

vlan pvid lan port 6

vlan pvid lan port 7

vlan pvid lan port 8

vlan wan 10

vlan wan up

vlan wan port 9,10 untagged

vlan pvid wan port 9

vlan pvid wan port 10

!

! Trunk setting

!

!

! STP setting

!

!

! IP route & IP DNS setting

!

ip address 192.168.100.1/24 interface mgmt

ip address 203.1.9.129/26 interface lan

ip address 203.1.11.46/30 interface wan

ip route default gateway 203.1.11.45

!

! IP masquerading setting

!

!

! Port-boundary configuration

!

port-boundary 1

  promisc on

  protocol all

  sip 0.0.0.0/0

  dip 0.0.0.0/0

  boundary server

  port 1,2,3,4,5,6,7,8

  enable

  apply

port-boundary 2

  promisc off

  protocol all

  sip 0.0.0.0/0

  dip 0.0.0.0/0

  boundary client

  port 9,10

  enable

  apply

!

! SNMP setting

!

snmp community public

snmp load-timeout 60

snmp disable

!

! RADIUS setting

!

radius

  disable

..

!

! ARP setting

!

!

! Logging setting

!

logging priority all information

logging buffer 200

logging rotate 12:00 sunday

logging server enable

!

! System environment setting

!

proxy-arp disable

passive-proxy-arp enable

compare-src-mac disable

multicast-bridge disable

!

! Router configuration

!

interface lan

  ..

interface wan

  ..

!

!

! SLB configuration

!

! Define SLB service 'slb1'

slb slb1

  priority 50

  sticky 60

  lb-method rr

  vip 203.1.9.130

  vport tcp:80,tcp:53,tcp:9797,tcp:8000,udp:53

  natmode dest-nat

  no session-sync

  enable

  apply

! Define Reals of SLB service 'slb1'

  real 1

    name real1

    rip 203.1.9.131

    rport 0

    weight 1

    max-connection 0

    enable

    apply

  real 2

    name real2

    rip 203.1.9.132

    rport 0

    weight 1

    max-connection 0

    enable

    apply

! Define Healthcheck of SLB service 'slb1'

  health 1

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 80

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  health 2

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 53

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  health 4

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 8000

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  ..

!

!

! Layer7 configuration

!

layer7

  ..

!

!

! L7SLB configuration

!

!

!

! L7CSLB configuration

!

!

!

! FWLB configuration

!

!

!

! CSLB configuration

!

!

!

! Security configuration

!

security

  asymmetric-filtering disable

!

! Security system configuration

!

  system

!

! Security system protection configuration

!

    protection

      synflood disable

      ipspoof disable

      dos dead-timeout 60

      dos alive-timeout 7200

      dosprotect disable

      apply

!

! Security system access policy configuration

!

    access

      default-policy accept

      apply

    ..

!

! Security firewall configuration

!

  firewall

! Security firewall content configuration

! Security firewall content group configuration

! Security firewall filter configuration

! Security firewall filter group configuration

! Security firewall policy configuration

    ..

!

! Advanced security configuration

!

  advanced

!

! Security DoS protection configuration (advanced)

!

    dos

      ..

!

! Security flood control configuration (advanced)

!

!

! Security scan protection configuration (advanced)

!

    scan

      portscan

        weight 21

        delay 300

        highportweight 1

        lowportweight 3

        disable

        ..

      osfingerprinting disable

      interface any

      ..

!

! Security worm protection configuration (advanced)

!

    worm

      ramen disable

      sadmind disable

      nimda disable

      codered disable

      sqlslammer disable

      blaster disable

      welchia disable

      sasser1 disable

      sasser2 disable

      korgo disable

      interface any

      ..

!

! Security spam mail protection configuration (advanced)

!

    mail

      interface any

      searchlimit 0

      ..

!

! Security e-mail worm protection configuration (advanced)

!

    ..

  ..

!

!

!

! QoS configuration

!

qos

  disable

  ..

! End of QoS configuration

! Network Monitoring Status

!

!

! Failover configuration

!

!

end

switch(config)#

반응형