SCRIPT DE CONFIGURACION DEL SW

HUAWEI S5300

sysname ciu-nod-S5328-cliente
#
ipv6
#
vlan batch 1022
#
stp bpdu-protection
stp enable
#
domain csac admin
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
#
lldp enable
#
dhcp enable
#
undo http server enable
#
undo icmp rate-limit enable
#
hwtacacs-server template csac
hwtacacs-server authentication 10.159.125.5
hwtacacs-server authentication 10.65.52.130 secondary
hwtacacs-server authorization 10.159.125.5
hwtacacs-server authorization 10.65.52.130 secondary
hwtacacs-server accounting 10.159.125.5
hwtacacs-server accounting 10.65.52.130 secondary
hwtacacs-server shared-key cipher _J8Y9V9#'!);1Q,T<Ta59Q!!
undo hwtacacs-server user-name domain-included
#
acl number 2999
description GESTION
rule 0 permit source 10.156.0.1 0.0.255.0
rule 1 permit source 10.153.0.0 0.0.255.255
rule 2 permit source 200.30.79.0 0.0.0.255
rule 3 permit source 10.165.0.0 0.0.255.255
rule 4 permit source 10.166.0.0 0.0.255.255
rule 5 permit source 10.167.0.0 0.0.0.255
rule 6 permit source 10.159.125.0 0.0.0.255
rule 7 permit source 10.194.0.1 0.0.255.0
rule 8 permit source 10.27.2.0 0.0.0.255
 rule 9 permit source 10.139.139.0 0.0.0.255
rule 10 permit source 10.159.126.0 0.0.0.255
rule 11 permit source 10.158.124.0 0.0.0.255
rule 12 permit source 10.65.52.130 0.0.0.255

#
acl number 3000
description limitante de trafico inbound
rule 0 permit ip
#
vlan 1022
description GESTION
vlan XXX
description "DESCRIPCION_NOMBRE DE EQUIPO AAM"

#
aaa
authentication-scheme default
authentication-scheme csac
authentication-mode hwtacacs local
authorization-scheme default
authorization-scheme csac
authorization-mode hwtacacs local
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme csac
accounting-mode hwtacacs
accounting start-fail online
recording-scheme csac
recording-mode hwtacacs csac
cmd recording-scheme csac
domain default
domain default_admin
domain defaul
domain csac
authentication-scheme csac
accounting-scheme csac
authorization-scheme csac
hwtacacs-server csac
local-user admin password simple admin
local-user admin service-type http
local-user contingencia password cipher 6B*50DQE9*&/,K;SNF+MLQ!!
local-user contingencia privilege level 3
local-user contingencia ftp-directory flash:
local-user contingencia service-type telnet terminal ssh
#
ntp-service unicast-server XX.XX.XX.1 <-"IP GW ASIGNADA A NE40"
#
interface Vlanif1022
description GESTION
ip address XX.XX.XX.XX 255.255.255.0 <-"IP GX ASIGNADA A SW"
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
description "TIPO SERV_ID_NOMBRE DEL CLIENTE_SEDE_(PEDIDO
FENIX)_NODO_AAMXX"
port link-type access
port default vlan XXX
loopback-detect recovery-time 60
loopback-detect enable
stp bpdu-filter enable
stp edged-port enable
traffic-limit inbound acl 3000 rule 0 cir "ANCHO DE BANDA en Kbps
undo ntdp enable
undo ndp enable
qos lr outbound cir ANCHO DE BANDA en Kbps
storm-control broadcast min-rate 500 max-rate 800
storm-control unicast min-rate 500 max-rate 800
storm-control action block
#
interface GigabitEthernet0/0/2
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/3
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/4
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/5
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/6
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/7
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/8
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/9
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/10
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/11
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/12
shutdown
 loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/13
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/14
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/15
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/16
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/17
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/18
shutdown
loopback-detect enable
stp disable
ntdp enable
 ndp enable
bpdu enable
#
interface GigabitEthernet0/0/19
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/20
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/21
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/22
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/23
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/24
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/1/1
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/1/2
shutdown
loopback-detect enable
stp disable
ntdp enable
ndp enable
bpdu enable
#
interface GigabitEthernet0/1/3
description NODO__AAMXX_CIUDAD-NODO-H2318-NOMBRE SW GigabitEthernet0/0/2 <-
"SW VECINO"
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp loop-protection
undo ntdp enable
ndp enable
bpdu enable
transceiver diagnosis threshold rx-power low-alarm -15.00 high-alarm -3.00
transceiver diagnosis threshold tx-power low-alarm -11.00 high-alarm -1.00
jumboframe enable 9000
storm-control broadcast min-rate 500 max-rate 800
storm-control multicast min-rate 500 max-rate 800
storm-control unicast min-rate 500 max-rate 800
storm-control action block
#
interface GigabitEthernet0/1/4
description NODO__AAMXX_CIUDAD-NODO-H2318-NOMBRE SW GigabitEthernet0/0/2 <-
"SW VECINO"
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp loop-protection
undo ntdp enable
ndp enable
bpdu enable
transceiver diagnosis threshold rx-power low-alarm -15.00 high-alarm -3.00
transceiver diagnosis threshold tx-power low-alarm -11.00 high-alarm -1.00
jumboframe enable 9000
storm-control broadcast min-rate 500 max-rate 800
storm-control multicast min-rate 500 max-rate 800
storm-control unicast min-rate 500 max-rate 800
storm-control action block
#
interface NULL0
#
cpu-defend policy icmp
car packet-type icmp cir 20000 cbs 3760000
#
ip route-static 0.0.0.0 0.0.0.0 XX.XX.XX.1 <- "IP GW GX EN NE40"
#
snmp-agent
snmp-agent local-engineid 000007DB7F0000010000416F
snmp-agent community write Un3_telc0
snmp-agent community write C0stum3r_Un3
snmp-agent sys-info location EIA_RUANA
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.159.125.167 params securityname
C0stum3r_Un3
snmp-agent target-host trap address udp-domain 10.159.126.13 params securityname
C0stum3r_Un3
snmp-agent target-host trap address udp-domain 10.159.126.14 params securityname
C0stum3r_Un3
snmp-agent target-host trap address udp-domain 10.159.126.16 params securityname
C0stum3r_Un3
snmp-agent target-host trap address udp-domain 10.159.125.124 params securityname Un3_telc0
v2c
snmp-agent target-host trap address udp-domain 10.159.125.125 params securityname Un3_telc0
v2c
snmp-agent trap enable basetrap
snmp-agent trap source Vlanif1022
snmp-agent trap enable
#
header login information "********
V5.00 5300
Todo acceso a este dispositivo es prohibido a menos que exista una razOn previamente demostrada,
autorizada, asignada y controlada en funciOn de los requerimientos del negocio y/o del cliente.
%"
#
cpu-defend-policy icmp global
#
user-interface con 0
authentication-mode aaa
idle-timeout 0 0
user-interface vty 0 4
acl 2999 inbound
authentication-mode aaa
#
return