Realisations/2006-2007/Projet/Entreprise2/Switch: config_X450E_2007-01-24.cfg

#
# Module devmgr configuration.
#
configure snmp sysName "X450e-24p"
configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000"
configure slot 1 module X450e-24p

#
# Module vlan configuration.
#
enable mirroring to port 1 tagged
configure vr VR-Default add ports 1-26
configure vlan Default tag 1
create vlan "vlan0"
create vlan "vlan10"
create vlan "vlan11"
create vlan "vlan20"
create vlan "vlan21"
disable port 2
disable port 6
disable port 7
disable port 8
disable port 9
disable port 10
disable port 11
disable port 12
disable port 14
disable port 18
disable port 19
disable port 20
disable port 22
disable port 23
disable port 24
disable port 25
configure ports 25 auto off speed 10000 duplex full
disable port 26
configure ports 26 auto off speed 10000 duplex full
configure vlan vlan0 add ports 21 untagged
configure vlan vlan10 add ports 3 untagged
configure vlan vlan11 add ports 4-5 untagged
configure vlan vlan20 add ports 15 untagged
configure vlan vlan21 add ports 16-17 untagged
configure vlan Mgmt ipaddress 192.168.0.254 255.255.255.0
configure vlan vlan0 ipaddress 10.34.252.9 255.255.255.252
enable ipforwarding vlan vlan0
configure vlan vlan10 ipaddress 10.40.0.2 255.255.255.252
enable ipforwarding vlan vlan10
configure vlan vlan20 ipaddress 10.40.0.6 255.255.255.252
enable ipforwarding vlan vlan20
configure qosscheduler strict-priority
configure mirroring add port 3
configure mirroring add port 15

#
# Module fdb configuration.
#
configure fdb agingtime 300
configure iparp vr VR-Control max_entries 4096
configure iparp vr VR-Control max_pending_entries 256
configure iparp vr VR-Control max_proxy_entries 256
configure iparp vr VR-Control timeout 20
enable iparp vr VR-Control checking
enable iparp vr VR-Control refresh
configure iparp vr VR-Default max_entries 4096
configure iparp vr VR-Default max_pending_entries 256
configure iparp vr VR-Default max_proxy_entries 256
configure iparp vr VR-Default timeout 20
enable iparp vr VR-Default checking
enable iparp vr VR-Default refresh
configure iparp vr VR-Mgmt max_entries 4096
configure iparp vr VR-Mgmt max_pending_entries 256
configure iparp vr VR-Mgmt max_proxy_entries 256
configure iparp vr VR-Mgmt timeout 20
enable iparp vr VR-Mgmt checking
enable iparp vr VR-Mgmt refresh

#
# Module rtmgr configuration.
#
disable iproute sharing
configure iproute priority blackhole 50
configure iproute priority static 1100
configure iproute priority icmp 1200
configure iproute priority ebgp 1700
configure iproute priority ibgp 1900
configure iproute priority ospf-intra 2200
configure iproute priority ospf-inter 2300
configure iproute priority rip 2400
configure iproute priority ospf-as-external 3100
configure iproute priority ospf-extern1 3200
configure iproute priority ospf-extern2 3300
configure iproute priority bootp 5000
configure iproute ipv6 priority blackhole 50
configure iproute ipv6 priority static 1100
configure iproute ipv6 priority icmp 1200
configure iproute ipv6 priority ospfv3-intra 2200
configure iproute ipv6 priority ospfv3-inter 2300
configure iproute ipv6 priority RIPng 2400
configure iproute ipv6 priority ospfv3-as-external 3100
configure iproute ipv6 priority ospfv3-extern1 3200
configure iproute ipv6 priority ospfv3-extern2 3300
configure irdp broadcast
configure irdp 450 600 1800 0
disable irdp "Mgmt"
disable irdp "vlan0"
disable irdp "vlan10"
disable irdp "vlan20"
disable icmp address-mask vlan "Mgmt"
enable icmp parameter-problem vlan "Mgmt"
enable icmp port-unreachables vlan "Mgmt"
enable icmp unreachables vlan "Mgmt"
enable icmp redirects vlan "Mgmt"
enable icmp time-exceeded vlan "Mgmt"
disable icmp timestamp vlan "Mgmt"
disable icmp address-mask vlan "vlan0"
enable icmp parameter-problem vlan "vlan0"
enable icmp port-unreachables vlan "vlan0"
enable icmp unreachables vlan "vlan0"
enable icmp redirects vlan "vlan0"
enable icmp time-exceeded vlan "vlan0"
disable icmp timestamp vlan "vlan0"
disable icmp address-mask vlan "vlan10"
enable icmp parameter-problem vlan "vlan10"
enable icmp port-unreachables vlan "vlan10"
enable icmp unreachables vlan "vlan10"
enable icmp redirects vlan "vlan10"
enable icmp time-exceeded vlan "vlan10"
disable icmp timestamp vlan "vlan10"
disable icmp address-mask vlan "vlan20"
enable icmp parameter-problem vlan "vlan20"
enable icmp port-unreachables vlan "vlan20"
enable icmp unreachables vlan "vlan20"
enable icmp redirects vlan "vlan20"
enable icmp time-exceeded vlan "vlan20"
disable icmp timestamp vlan "vlan20"
enable ip-option loose-source-route
enable ip-option strict-source-route
enable ip-option record-timestamp
enable ip-option router-alert
enable ip-option record-route
configure iproute add 10.34.252.8 255.255.255.252 10.34.252.9 1 vr VR-Default
configure iproute add 10.40.0.8 255.255.255.252 10.40.0.5 1 vr VR-Default
configure iproute add 10.40.0.12 255.255.255.252 10.40.0.1 1 vr VR-Default
disable ipforwarding broadcast vlan "Mgmt"
disable ipforwarding broadcast vlan "vlan0"
disable ipforwarding broadcast vlan "vlan10"
disable ipforwarding broadcast vlan "vlan20"
disable icmp useredirects

#
# Module mcmgr configuration.
#
configure igmp snooping cache 32 64
configure igmp snooping timer 260 260 vr VR-Default
configure igmp snooping leave-timeout 1000 vr VR-Default
configure MLD snooping timer 260 260 vr VR-Default
configure MLD snooping leave-timeout 1000 vr VR-Default
disable igmp snooping forward-mcrouter-only vr VR-Default
disable MLD snooping forward-mcrouter-only vr VR-Default
configure igmp 125 10 1 2 vr VR-Default
configure MLD 125 10 1 2 vr VR-Default
enable igmp snooping with-proxy vr VR-Default
enable MLD snooping with-proxy vr VR-Default
configure igmp snooping flood-list none vr VR-Default
configure MLD snooping flood-list none vr VR-Default
disable mvr
configure mvr vlan Default mvr-address none
configure mvr vlan Default static group none
configure mvr vlan vlan0 mvr-address none
configure mvr vlan vlan0 static group none
configure mvr vlan vlan10 mvr-address none
configure mvr vlan vlan10 static group none
configure mvr vlan vlan11 mvr-address none
configure mvr vlan vlan11 static group none
configure mvr vlan vlan20 mvr-address none
configure mvr vlan vlan20 static group none
configure mvr vlan vlan21 mvr-address none
configure mvr vlan vlan21 static group none

#
# Module aaa configuration.
#
disable radius mgmt-access
configure radius mgmt-access timeout 3
disable radius-accounting mgmt-access
configure radius-accounting mgmt-access timeout 3
disable radius netlogin
configure radius netlogin timeout 3
disable radius-accounting netlogin
configure radius-accounting netlogin timeout 3
disable tacacs
configure tacacs timeout 3
disable tacacs-accounting
configure tacacs-accounting timeout 3
disable tacacs-authorization
configure account admin encrypted xJLi2a$As89cP1wHfZWnBK4Hc7ct0
configure account user encrypted sOSi2a$fEKW8rKI0Etk6Cj6QTz3O/

#
# Module acl configuration.
#
enable access-list refresh blackhole
enable access-list permit to-cpu

#
# Module cfgmgr configuration.
#
disable cli-config-logging
configure cli max-sessions 8
configure cli max-failed-logins 3
configure banner


configure idletimeout 20
enable idletimeout

#
# Module dosprotect configuration.
#
disable dos-protect
configure dos-protect interval 1
configure dos-protect trusted-ports ports
configure dos-protect type l3-protect alert-threshold 4000
configure dos-protect type l3-protect notify-threshold 3500

#
# Module eaps configuration.
#
configure eaps fast-convergence off
configure eaps config-warnings on
disable eaps

#
# Module edp configuration.
#
configure edp advertisement-interval 60 holddown-interval 180
enable edp ports 1
enable edp ports 2
enable edp ports 3
enable edp ports 4
enable edp ports 5
enable edp ports 6
enable edp ports 7
enable edp ports 8
enable edp ports 9
enable edp ports 10
enable edp ports 11
enable edp ports 12
enable edp ports 13
enable edp ports 14
enable edp ports 15
enable edp ports 16
enable edp ports 17
enable edp ports 18
enable edp ports 19
enable edp ports 20
enable edp ports 21
enable edp ports 22
enable edp ports 23
enable edp ports 24
enable edp ports 25
enable edp ports 26

#
# Module elrp configuration.
#
disable elrp-client

#
# Module ems configuration.
#
disable log debug-mode
create log filter DefaultFilter
configure log filter DefaultFilter add event All
enable log target memory-buffer
configure log target memory-buffer filter DefaultFilter severity Debug-Data
configure log target memory-buffer match Any
configure log target memory-buffer format timestamp hundredths date mm-dd-yyyy event-name condition severity
configure log target memory-buffer number-of-messages 1000
enable log target nvram
configure log target nvram filter DefaultFilter severity Warning
configure log target nvram match Any
configure log target nvram format timestamp hundredths date mm-dd-yyyy event-name condition severity
disable log target console
configure log target console filter DefaultFilter severity Info
configure log target console match Any
configure log target console format timestamp hundredths date mm-dd-yyyy event-name condition severity

#
# Module epm configuration.
#
configure sys-recovery-level All
enable watchdog
configure firmware install-on-demand
enable cpu-monitoring interval 20 threshold 60

#
# Module esrp configuration.
#
configure esrp mode extended

#
# Module etmon configuration.
#
configure sflow sample-rate 8192
configure sflow max-cpu-sample-limit 2000
configure sflow poll-interval 20
disable sflow
disable rmon

#
# Module hal configuration.
#
configure iproute sharing max-gateways 4

#
# Module lldp configuration.
#
configure lldp transmit-interval 30
configure lldp transmit-hold 4
configure lldp reinitialize-delay 2
configure lldp transmit-delay 2
configure lldp snmp-notification-interval 5
configure lldp med fast-start repeat-count 3

#
# Module netLogin configuration.
#
configure netlogin dot1x timers server-timeout 30 quiet-period 60 reauth-period 3600 supp-resp-timeout 30
configure netlogin dot1x eapol-transmit-version v1
enable netlogin logout-privilege
enable netlogin session-refresh 3
configure netlogin base-url "network-access.com"
configure netlogin redirect-page "http://www.extremenetworks.com"
configure netlogin banner ""

#
# Module netTools configuration.
#
configure sntp-client update-interval 64
disable sntp-client

#
# Module ospf configuration.
#
configure ospf routerid automatic
configure ospf spf-hold-time 3
configure ospf metric-table 10M 10 100M 5 1G 4 10G 2
configure ospf lsa-batch-interval 30
configure ospf import-policy none
configure ospf ase-limit 0
disable ospf originate-default
disable ospf use-ip-router-alert
disable ospf
configure ospf restart none
configure ospf restart grace-period 120
disable ospf export direct
disable ospf export static
disable ospf export rip
disable ospf export e-bgp
disable ospf export i-bgp
configure ospf area 0.0.0.0 external-filter none
configure ospf area 0.0.0.0 interarea-filter none
configure ospf area 0.0.0.0 normal
configure ospf vlan vlan0 area 0.0.0.0
configure ospf vlan vlan0 cost automatic
configure ospf vlan vlan0 priority 0
configure ospf vlan vlan0 authentication none
configure ospf vlan vlan0 timer 5 1 10 40
configure ospf vlan vlan0 restart-helper none
enable ospf vlan vlan0 restart-helper-lsa-check
configure ospf vlan vlan10 area 0.0.0.0
configure ospf vlan vlan10 cost automatic
configure ospf vlan vlan10 priority 0
configure ospf vlan vlan10 authentication none
configure ospf vlan vlan10 timer 5 1 10 40
configure ospf vlan vlan10 restart-helper none
enable ospf vlan vlan10 restart-helper-lsa-check
configure ospf vlan vlan20 area 0.0.0.0
configure ospf vlan vlan20 cost automatic
configure ospf vlan vlan20 priority 0
configure ospf vlan vlan20 authentication none
configure ospf vlan vlan20 timer 5 1 10 40
configure ospf vlan vlan20 restart-helper none
enable ospf vlan vlan20 restart-helper-lsa-check

#
# Module pim configuration.
#
disable pim
configure pim crp timer 60
configure pim register-suppress-interval 60 register-probe-interval 5
configure pim register-checksum-to include-data

#
# Module poe configuration.
#
enable inline-power
configure inline-power usage-threshold 70
configure inline-power disconnect-precedence deny-port
disable inline-power legacy slot 1
enable inline-power ports 1
configure inline-power operator-limit 15400 ports 1
configure inline-power label "" ports 1
configure inline-power priority low ports 1
enable inline-power ports 2
configure inline-power operator-limit 15400 ports 2
configure inline-power label "" ports 2
configure inline-power priority low ports 2
enable inline-power ports 3
configure inline-power operator-limit 15400 ports 3
configure inline-power label "" ports 3
configure inline-power priority low ports 3
enable inline-power ports 4
configure inline-power operator-limit 15400 ports 4
configure inline-power label "" ports 4
configure inline-power priority low ports 4
enable inline-power ports 5
configure inline-power operator-limit 15400 ports 5
configure inline-power label "" ports 5
configure inline-power priority low ports 5
enable inline-power ports 6
configure inline-power operator-limit 15400 ports 6
configure inline-power label "" ports 6
configure inline-power priority low ports 6
enable inline-power ports 7
configure inline-power operator-limit 15400 ports 7
configure inline-power label "" ports 7
configure inline-power priority low ports 7
enable inline-power ports 8
configure inline-power operator-limit 15400 ports 8
configure inline-power label "" ports 8
configure inline-power priority low ports 8
enable inline-power ports 9
configure inline-power operator-limit 15400 ports 9
configure inline-power label "" ports 9
configure inline-power priority low ports 9
enable inline-power ports 10
configure inline-power operator-limit 15400 ports 10
configure inline-power label "" ports 10
configure inline-power priority low ports 10
enable inline-power ports 11
configure inline-power operator-limit 15400 ports 11
configure inline-power label "" ports 11
configure inline-power priority low ports 11
enable inline-power ports 12
configure inline-power operator-limit 15400 ports 12
configure inline-power label "" ports 12
configure inline-power priority low ports 12
enable inline-power ports 13
configure inline-power operator-limit 15400 ports 13
configure inline-power label "" ports 13
configure inline-power priority low ports 13
enable inline-power ports 14
configure inline-power operator-limit 15400 ports 14
configure inline-power label "" ports 14
configure inline-power priority low ports 14
enable inline-power ports 15
configure inline-power operator-limit 15400 ports 15
configure inline-power label "" ports 15
configure inline-power priority low ports 15
enable inline-power ports 16
configure inline-power operator-limit 15400 ports 16
configure inline-power label "" ports 16
configure inline-power priority low ports 16
enable inline-power ports 17
configure inline-power operator-limit 15400 ports 17
configure inline-power label "" ports 17
configure inline-power priority low ports 17
enable inline-power ports 18
configure inline-power operator-limit 15400 ports 18
configure inline-power label "" ports 18
configure inline-power priority low ports 18
enable inline-power ports 19
configure inline-power operator-limit 15400 ports 19
configure inline-power label "" ports 19
configure inline-power priority low ports 19
enable inline-power ports 20
configure inline-power operator-limit 15400 ports 20
configure inline-power label "" ports 20
configure inline-power priority low ports 20
enable inline-power ports 21
configure inline-power operator-limit 15400 ports 21
configure inline-power label "" ports 21
configure inline-power priority low ports 21
enable inline-power ports 22
configure inline-power operator-limit 15400 ports 22
configure inline-power label "" ports 22
configure inline-power priority low ports 22
enable inline-power ports 23
configure inline-power operator-limit 15400 ports 23
configure inline-power label "" ports 23
configure inline-power priority low ports 23
enable inline-power ports 24
configure inline-power operator-limit 15400 ports 24
configure inline-power label "" ports 24
configure inline-power priority low ports 24

#
# Module rip configuration.
#
configure rip garbagetime 120
configure rip import-policy none
configure rip routetimeout 180
configure rip updatetime 60
disable rip originate-default
disable rip use-ip-router-alert
disable rip aggregation
enable rip poisonreverse
enable rip splithorizon
enable rip triggerupdates
enable rip
disable rip export direct
disable rip export static
disable rip export ospf-intra
disable rip export ospf-inter
disable rip export ospf-extern1
disable rip export ospf-extern2
disable rip export e-bgp
disable rip export i-bgp
configure rip add vlan vlan10
configure rip vlan vlan10 route-policy out none
configure rip vlan vlan10 route-policy in none
configure rip vlan vlan10 trusted-gateway none
configure rip vlan vlan10 rxmode any
configure rip vlan vlan10 txmode v2only
configure rip vlan vlan10 cost 1
configure rip add vlan vlan20
configure rip vlan vlan20 route-policy out none
configure rip vlan vlan20 route-policy in none
configure rip vlan vlan20 trusted-gateway none
configure rip vlan vlan20 rxmode any
configure rip vlan vlan20 txmode v2only
configure rip vlan vlan20 cost 1

#
# Module ripng configuration.
#
disable ripng
configure ripng garbagetime 120
configure ripng updatetime 30
configure ripng routetimeout 180

#
# Module snmpMaster configuration.
#
configure snmpv3 engine-id 03:00:04:96:27:c8:3a
configure snmpv3 add user admin authentication md5 hex 93:0a:71:2b:6a:a8:0b:0f:eb:20:e8:a0:d8:29:9d:5d privacy hex 93:0a:71:2b:6a:a8:0b:0f:eb:20:e8:a0:d8:29:9d:5d
configure snmpv3 add user initial
configure snmpv3 add user initialmd5 authentication md5 hex 4f:3b:90:c0:25:86:be:60:c6:97:14:83:5c:2d:44:c5
configure snmpv3 add user initialsha authentication sha hex b4:ab:24:92:9d:d8:31:ba:b1:e2:6e:f3:46:17:02:55:8b:fe:d1:98
configure snmpv3 add user initialmd5Priv authentication md5 hex 33:0b:ff:c2:51:07:ee:32:9f:ca:2e:b2:55:82:64:cd privacy hex 33:0b:ff:c2:51:07:ee:32:9f:ca:2e:b2:55:82:64:cd
configure snmpv3 add user initialshaPriv authentication sha hex 80:61:f8:6d:d8:0f:1b:f7:2d:b6:cf:a0:95:4c:f8:75:f3:ee:c8:f1 privacy hex 80:61:f8:6d:d8:0f:1b:f7:2d:b6:cf:a0:95:4c:f8:75:f3:ee:c8:f1
 configure snmpv3 add group v1v2c_ro user v1v2c_ro sec-model snmpv1
configure snmpv3 add group v1v2c_rw user v1v2c_rw sec-model snmpv1
configure snmpv3 add group v1v2c_ro user v1v2c_ro sec-model snmpv2c
configure snmpv3 add group v1v2c_rw user v1v2c_rw sec-model snmpv2c
configure snmpv3 add group admin user admin sec-model usm
configure snmpv3 add group initial user initial sec-model usm
configure snmpv3 add group initial user initialmd5 sec-model usm
configure snmpv3 add group initial user initialsha sec-model usm
configure snmpv3 add group initial user initialmd5Priv sec-model usm
configure snmpv3 add group initial user initialshaPriv sec-model usm
configure snmpv3 add access admin sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultNotifyView
configure snmpv3 add access initial sec-model usm sec-level noauth read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access initial sec-model usm sec-level authnopriv read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_ro sec-model snmpv1 sec-level noauth read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_ro sec-model snmpv2c sec-level noauth read-view defaultUserView notify-view defaultNotifyView
 configure snmpv3 add access v1v2c_rw sec-model snmpv1 sec-level noauth read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2c_rw sec-model snmpv2c sec-level noauth read-view defaultUserView write-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add access v1v2cNotifyGroup sec-model snmpv1 sec-level noauth notify-view defaultNotifyView
configure snmpv3 add access v1v2cNotifyGroup sec-model snmpv2c sec-level noauth notify-view defaultNotifyView
configure snmpv3 add mib-view defaultUserView subtree 1 type included
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.18 type excluded
 configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view defaultUserView subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view defaultAdminView subtree 1 type included
configure snmpv3 add mib-view defaultNotifyView subtree 1 type included
configure snmpv3 add community private name private user v1v2c_rw
configure snmpv3 add community public name public user v1v2c_ro
configure snmpv3 add notify defaultNotify tag defaultNotify
enable snmp access
enable snmp traps

#
# Module stp configuration.
#
configure mstp region 00049627c83a
configure mstp revision 3
configure mstp format 0
create stpd s0
configure stpd s0 tag 0
configure stpd s0 mode dot1d
configure stpd s0 forwarddelay 15
configure stpd s0 hellotime 2
configure stpd s0 maxage 20
configure stpd s0 priority 32768
disable stpd s0 rapid-root-failover
configure stpd s0 default-encapsulation dot1d
enable stpd s0 auto-bind vlan Default
disable stpd s0

#
# Module telnetd configuration.
#
configure telnet vr all

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#

#
# Module vrrp configuration.
#