[Core switch]dis cu # version 7.1.070, Release 7557P03 # sysname Core switch # telnet server enable telnet server acl 2999 # forward-path-detection enable # mirroring-group 1 local # loopback-detection global enable vlan 1 to 4094 loopback-detection interval-time 5 # system-working-mode standard xbar load-balance password-recovery enable # vlan 1 # vlan 2 to 10 # vlan 100 # stp global enable # ftth # interface NULL0 # interface Vlan-interface1 # interface Vlan-interface2 ip address 172.25.16.1 255.255.255.192 # interface Vlan-interface3 ip address 172.25.16.65 255.255.255.192 # interface Vlan-interface4 ip address 172.25.16.129 255.255.255.192 # interface Vlan-interface5 ip address 172.25.16.193 255.255.255.192 # interface Vlan-interface6 ip address 172.25.17.1 255.255.255.192 # interface Vlan-interface7 # interface Vlan-interface8 ip address 172.25.17.65 255.255.255.192 # interface Vlan-interface9 ip address 172.25.17.129 255.255.255.192 # interface Vlan-interface10 ip address 172.25.17.193 255.255.255.224 # interface Vlan-interface100 ip address 172.25.17.253 255.255.255.240 # interface GigabitEthernet0/0/1 port link-mode bridge undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/2 port link-mode bridge port access vlan 2 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/3 port link-mode bridge port access vlan 3 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/4 port link-mode bridge port access vlan 4 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/5 port link-mode bridge port access vlan 5 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/6 port link-mode bridge port access vlan 6 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/7 port link-mode bridge port access vlan 6 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/8 port link-mode bridge port access vlan 8 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/9 port link-mode bridge port access vlan 9 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/10 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/11 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/12 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/13 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/14 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/15 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/16 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound mirroring-group 1 monitor-port # interface GigabitEthernet0/0/17 port link-mode bridge port access vlan 7 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/18 port link-mode bridge port access vlan 7 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/19 port link-mode bridge undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/20 port link-mode bridge port access vlan 100 undo stp enable packet-filter 3000 inbound mirroring-group 1 mirroring-port both # interface GigabitEthernet0/0/21 port link-mode bridge port access vlan 100 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/22 port link-mode bridge port access vlan 10 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/23 port link-mode bridge port access vlan 100 undo stp enable packet-filter 3000 inbound # interface GigabitEthernet0/0/24 port link-mode bridge port access vlan 100 undo stp enable packet-filter 3000 inbound # interface M-GigabitEthernet0/0/0 # interface Ten-GigabitEthernet0/0/25 port link-mode bridge # interface Ten-GigabitEthernet0/0/26 port link-mode bridge # interface Ten-GigabitEthernet0/0/27 port link-mode bridge # interface Ten-GigabitEthernet0/0/28 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 4 authentication-mode scheme user-role level-15 set authentication password hash $h$6$wfpItb0+wRwTRDPP$kmO4IgVC0S2/Lbg+9/ejXaH/+H9T939o8N5jdZUmqGVCGoPdvTjo6AKRL47FGhtinr3FV65N69xjH19tAut0Hw== # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 172.25.17.254 # acl number 2999 rule 5 permit source 172.25.17.240 0.0.0.15 # acl number 3000 rule 0 deny udp destination-port eq 135 rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 136 rule 3 deny tcp destination-port eq 136 rule 4 deny udp destination-port eq netbios-ns rule 5 deny tcp destination-port eq 137 rule 6 deny udp destination-port eq netbios-dgm rule 7 deny tcp destination-port eq 138 rule 8 deny udp destination-port eq netbios-ssn rule 9 deny tcp destination-port eq 139 rule 10 deny udp destination-port eq 445 rule 11 deny tcp destination-port eq 445 rule 12 deny udp destination-port eq 539 rule 13 deny tcp destination-port eq 539 rule 14 deny udp destination-port eq 593 rule 15 deny tcp destination-port eq 593 rule 16 deny udp destination-port eq 1433 rule 17 deny tcp destination-port eq 1433 rule 18 deny tcp destination-port eq 1434 rule 19 deny udp destination-port eq 1434 rule 20 deny tcp destination-port eq 2500 rule 21 deny tcp destination-port eq 4444 rule 22 deny udp destination-port eq 4444 rule 23 deny tcp destination-port eq 9996 rule 24 deny tcp destination-port eq 5554 rule 25 deny udp destination-port eq 5554 rule 26 deny tcp destination-port eq 6346 rule 27 deny tcp destination-port eq 6667 rule 28 deny tcp destination-port eq 5800 rule 29 deny tcp destination-port eq 5900 rule 30 deny udp destination-port eq 9996 rule 31 deny udp destination-port eq 1025 rule 32 deny tcp destination-port eq 9995 rule 33 deny udp destination-port eq 9995 rule 34 deny tcp destination-port eq 1068 rule 35 deny udp destination-port eq 1068 rule 36 deny tcp destination-port eq 1023 rule 37 deny udp destination-port eq 1023 rule 38 permit ip # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$9cKJXOYZmykIUMZG$3A84rt6RipLXJeBaQZXK+CSCY9tu/tEdCq/Ss68in+St+7O4+ua1+Ry2ck1TVpM2/wBGkF2wJGkETMFa3HT0CQ== service-type telnet http https ssh terminal authorization-attribute acl 2999 authorization-attribute user-role level-15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ip http enable ip https enable # return