This is an old revision of the document!
CCF# clock set 18:55:00 09 17 2020
Ruijie#show clock
Ruijie(config)#
ntp master
Ruijie(config)#ntp server 192.168.2.1 ——>set NTP server IP address
Ruijie(config)#ntp update-calendar ——>allow system to save clock in hardware even power interruption
Ruijie(config)#ntp server 192.168.1.2 source loopback 0 ——> specify interface loopback 0 to communicate with NTP Server
clock timezone bogota -5
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CCF
enable service ssh-server
ip domain-lookup
crypto key generate rsa
ip ssh version 2
ip ssh time-out 90
ip ssh authentication-retries 2
line vty 0 35
transport input ssh
mls qos map dscp-cos 24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
!
enable secret 5 xxxxxxxx
enable secret 0 xxxxxxxx
enable password xxxxxxxx
!
no aaa new-model
spanning-tree mode mstp no spanning-tree
!
interface aggregatePort 1
storm-control broadcast pps 3000
ip dhcp snooping trust
switchport mode trunk
switchport trunk allowed vlan all
!
interface aggregatePort 2
storm-control broadcast pps 3000
ip dhcp snooping trust
switchport mode trunk
switchport trunk allowed vlan all
!
interface aggregatePort 3
storm-control broadcast pps 3000
ip dhcp snooping trust
switchport mode trunk
switchport trunk allowed vlan all
!
interface aggregatePort 4
storm-control broadcast pps 3000
ip dhcp snooping trust
switchport mode trunk
switchport trunk allowed vlan all
!
interface aggregatePort 5
storm-control broadcast pps 3000
ip dhcp snooping trust
switchport mode trunk
switchport trunk allowed vlan all
!global
ip igmp snooping
ip igmp snooping querier
!Layer 3
ip igmp snooping vlan 1 querier
ip igmp snooping vlan 1 querier version 2
ip igmp snooping vlan 1 querier address 10.10.10.10
!Note: If an IP address is configured for the VLAN, it is used as the source address of the IGMP snooping querier.
!If there are multiple IP addresses, the minimum IP address defined on the VLAN is used.
!
Layer 2
vlan 1
name default
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
!
ip igmp snooping
!
vlan 1
name default
ip igmp snooping vlan 1
!
vlan 3
name CCA
ip igmp snooping vlan 3
!
vlan 4
name CCB
ip igmp snooping vlan 4
!
vlan 5
name CCC
ip igmp snooping vlan 5
!
vlan 6
name CCD
ip igmp snooping vlan 6
!
vlan 7
name CCE
ip igmp snooping vlan 7
!
vlan 8
name CCF
ip igmp snooping vlan 8
!
vlan 10
name CCH
ip igmp snooping vlan 10
!
vlan 11
name WIFI1
ip igmp snooping vlan 11
!
Vlan 12
name VOIP1_1
ip igmp snooping vlan 12
!
vlan 25
name DOMINIO_PV1
ip igmp snooping vlan 25
!
vlan 26
name WIFI1_1
ip igmp snooping vlan 26
!
vlan 28
name VOIP2_2
ip igmp snooping vlan 28
!
vlan 30
name ILO_HP1
ip igmp snooping vlan 30
!
vlan 33
name BODEGA_ARCHIVO1
ip igmp snooping vlan 33
!
vlan 35
name SAN1
ip igmp snooping vlan 35
!
vlan 40
name WIFI_GUEST1
ip igmp snooping vlan 40
!
vlan 50
name ADMINISTRACION1
ip igmp snooping vlan 50
!
vlan 60
name SEGURIDAD_CAMARAS1
ip igmp snooping vlan 60
!
vlan 100
name TELEFONIA_CISCO1
ip igmp snooping vlan 100
!
vlan 111
name WIFI_GRATIS1
ip igmp snooping vlan 111
!
vlan 200
name CLARO_SOPORTE1
ip igmp snooping vlan 200
!
vlan 500
name SERVER
ip igmp snooping vlan 500
!
vlan 501
name HYPERVISORES
ip igmp snooping vlan 501
!
vlan 502
name LAN-UTM
ip igmp snooping vlan 502
!
vlan 503
name DMZ
ip igmp snooping vlan 503
!
vlan 504
name OPERADOR1
ip igmp snooping vlan 504
!
vlan 505
name OPERADOR2
ip igmp snooping vlan 505
!
vlan 506
name OPERADOR3
ip igmp snooping vlan 506
!
vlan 507
name RADIUS-UTM
ip igmp snooping vlan 507
!
vlan 508
name LAN-RADIUS
ip igmp snooping vlan 508
!
vlan 509
name WIFI-GUEST
ip igmp snooping vlan 509
!
vlan 510
name WIFI-CORP
ip igmp snooping vlan 510
!
vlan 511
name IMPRESORAS
ip igmp snooping vlan 511
!
vlan 512
name VVIP
ip igmp snooping vlan 512
!
vlan 513
name VMOTION-VMWARE
ip igmp snooping vlan 513
!
vlan 514
name VOIP1
ip igmp snooping vlan 514
!
vlan 515
name VOIP2
ip igmp snooping vlan 515
!
vlan 516
name CAIP
ip igmp snooping vlan 516
!
vlan 517
name SISTEMAS
ip igmp snooping vlan 517
!
vlan 518
name VIP
ip igmp snooping vlan 518
!
vlan 519
name TESORERIA
ip igmp snooping vlan 519
!
vlan 520
name CONTROL_TOWER
ip igmp snooping vlan 520
!
vlan 521
name WIRELESS
ip igmp snooping vlan 521
!
vlan 522
name ILO
ip igmp snooping vlan 522
!
vlan 523
name BODEGA_ARCHIVO
ip igmp snooping vlan 523
!
vlan 524
name SAN
ip igmp snooping vlan 524
!
vlan 525
name ADMINISTRACION
ip igmp snooping vlan 525
!
vlan 526
name CLARO_SOPORTE
ip igmp snooping vlan 526
!
vlan 527
name RED_TEL
ip igmp snooping vlan 527
!
vlan 528
name HELPDESK
ip igmp snooping vlan 528
!
vlan 529
name SEC_RISK
ip igmp snooping vlan 529
!
vlan 530
name TRANSPORT
ip igmp snooping vlan 530
!
vlan 531
name VP_OPERATIONS
ip igmp snooping vlan 531
!
vlan 532
name EDIF_ADMON
ip igmp snooping vlan 532
!
interface GigabitEthernet0/1
storm-control broadcast pps 3000
description CONEXION PUERTO AP RUIJJIE IP: X.X.X.X MAC: X.X.X.X.X.X
switchport mode trunk
switchport trunk native vlan 521
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/2
storm-control broadcast pps 3000
description CONEXION PUERTO AP RUIJJIE IP: X.X.X.X MAC: X.X.X.X.X.X
switchport mode trunk
switchport trunk native vlan 521
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/3
storm-control broadcast pps 3000
description CONEXION PUERTO AP RUIJJIE IP: X.X.X.X MAC: X.X.X.X.X.X
switchport mode trunk
switchport trunk native vlan 521
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/4
storm-control broadcast pps 3000
description CONEXION PUERTO AP RUIJJIE IP: X.X.X.X MAC: X.X.X.X.X.X
switchport mode trunk
switchport trunk native vlan 521
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/5
storm-control broadcast pps 3000
description CONEXION PUERTO IMPRESORA IP: X.X.X.X
switchport mode trunk
switchport trunk allowed vlan add 12,28,100,514,515
switchport trunk native vlan 511
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/6
storm-control broadcast pps 3000
description CONEXION PUERTO IMPRESORA IP: X.X.X.X
switchport mode trunk
switchport trunk allowed vlan add 12,28,100,514,515
switchport trunk native vlan 511
spanning-tree portfast
poe enable
!
this method would let all the marked tags pass with the exception of the native VLAN
interface GigabitEthernet0/7
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan add 12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
this method would let only the marked tags pass including native VLAN
interface GigabitEthernet0/8
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/9
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/10
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/11
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/12
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/13
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/14
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/15
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/16
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/17
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/18
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/19
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/20
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/21
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/22
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/23
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/24
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/25
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/26
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/27
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/28
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/29
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/30
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/31
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/32
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/33
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/34
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/35
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/36
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/37
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/38
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/39
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/40
storm-control broadcast pps 3000
description CONEXION USUARIO: YYYY
switchport mode trunk
switchport trunk allowed vlan only 8,12,28,100,514,515
switchport trunk native vlan 8
spanning-tree portfast
poe enable
!
interface GigabitEthernet0/41
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 4 mode active
no poe enable
!
interface GigabitEthernet0/42
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 4 mode active
no poe enable
!
interface GigabitEthernet0/43
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 3 mode active
no poe enable
!
interface GigabitEthernet0/44
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 3 mode active
no poe enable
!
interface GigabitEthernet0/45
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 2 mode active
no poe enable
!
interface GigabitEthernet0/46
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 2 mode active
no poe enable
!
interface GigabitEthernet0/47
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 1 mode active
no poe enable
!
interface GigabitEthernet0/48
description CONEXION SWITCH IP: X.X.X.X MAC: X.X.X.X.X.X.
port-group 1 mode active
no poe enable
!
interface Vlan1
description Default
no ip address dhcp
ip address 10.1.0.10 255.255.254.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.1.0.1
!ip default-network 10.1.0.1
ip routing
!
snmp-server community private rw 472pv
snmp-server community public ro 472pb
snmp-server enable traps
snmp-server location Bogota-472
snmp-server contact Ing.o Fabian Espejo
snmp-server chassis-id 1234567890
!Colocar el serial de la maquina en el chassis-id
Ruijie# show version
Ruijie# show version slot
Ruijie(config)#show snmp host
Ruijie(config)#show snmp view
Ruijie(config)#show snmp user (para el caso de config snmp v3.0)
Ruijie(config)#snmp-server host 192.168.1.2 traps private ——>by default , SNMP trap version is version 1
Ruijie(config)#snmp-server host 1.1.1.1 version 2c private ——>set SNMP trap version to version 2c
Ruijie#show running-config | include interface GigabitEthernet 0/18
Ruijie#show interfaces description
Ruijie# show interface status
Ruijie# show aggregatePort summary
Ruijie# show interfaces aggregatePort 1
Ruijie# show aggregatePort load-balance
Ruijie# show int aggreagtePort 1
SW1(config)#interface range gigabitEthernet 0/23-24 ——>configure a range of interfaces with the same commands
Ruijie# show cpu
Ruijie# show memory
Ruijie# show power
Ruijie# show fan
Ruijie# show temperature
Ruijie# show clock
Ruijie# show log
Ruijie# more flash:syslog.txt
Ruijie# dir
Ruijie# show arp
Ruijie# show mac-address-table
Ruijie#show mac-address-table count
Ruijie# show arp
Ruijie# show arp detail
Ruijie# show arp count
Ruijie# show ip route
Ruijie# show ip route count
Ruijie# show ip interface brief
Ruijie# show interface description
Ruijie# show interface counters
!
line console 0
password itccol200x
login
line vty 0 35
password itccol200x
login
!
Ruijie#write mem
Ruijie#copy running-config startup-config
Ruijie>enable
Ruijie#configure termina
Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#storm-control broadcast level 1 ——>storm-control limits the number of broadcast packets to 1% of the bandwidth that is 1G*1%=10M
Ruijie(config-if-GigabitEthernet 0/1)#storm-control unicast level 1 ——>storm-control limites the number of unknown unicast packets to 1% of the bandwidth that is 1G*1% =10M
Ruijie(config-if-GigabitEthernet 0/1)#storm-control multicast level 1
To configure storm control on a port with keyword pps, perform this task:
Ruijie>enable
Ruijie#configure termina
Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#storm-control broadcast pps 200 ——>storm-control limits the number of broadcast packets to 200 packets per seconds
Ruijie(config-if-GigabitEthernet 0/1)#storm-control unicast pps 200 ——>storm-control limits the number of unknown unicast packets to 200 packets per seconds
Ruijie(config-if-GigabitEthernet 0/1)#storm-control multicast 200
Ruijie(config-if-GigabitEthernet 0/1)#end
Si tenemos problemas de conectiviad, con un solo cable conectado y es una instalacion nueva aplicar las siguientes lineas:
Ruijie(config)#no spanning-tree mode
Ruijie(config)#no spanning-tree vlan 1,3-5,7,9-11 (todas las vlans que apliquen)
Dynamic mode:
SW1(config)#interface range gigabitEthernet 0/1-2
SW1(config-if-range)#port-group 1 mode active ——>put G0/1 and G0/2 in AP 1 in dynamic mode
SW1(config-if-range)#exit
SW1(config)#interface aggregateport 1
SW1(config-if-AggregatePort 1)#switchport mode trunk ——>configure AP 1 as Trunk
SW1(config-if-AggregatePort 1)#exit
SW2 is the same.