#修改设备名
sysn office_sw1
#启用LLDP
lldp global enable
#启用NTP 同步时间
clock timezone Singapore add 08:00:00
clock protocol ntp
sntp enable
sntp unicast-server time.google.com
#配置DNS
dns server 8.8.8.8
#配置SSH
ssh server enable
local-user admin class manage
password simple 123456
auth user-role network-admin
service-type ssh
user-int vty 0 4
auth scheme
protocol inbound ssh
#配置Console口密码
line aux 0
authentication-mode password
set authentication password simple 123456
#配置SNMP
snmp-agent
snmp-agent community read test-snmp
snmp-agent sys-info location office
snmp-agent sys-info version all
#MSTP配置bpdu保护和边缘端口
stp global enable
stp bpdu-protection
stp mode mstp
int range g1/0/1 to g1/0/24
stp edged-port
#(可选)配置接口广播风暴抑制30%
int range g1/0/1 to g1/0/24
broadcast-suppression 30
#配置与核心/汇聚互联的聚合接口
int bridge-aggregation 1
int range g1/0/27 to g1/0/28
desc to_core
port link-aggregation group 1
int bridge-aggregation 1
desc to_core
link-aggregation mode dynamic
port link-type trunk
port trunk permit vlan 10 20 30
undo port trunk permit vlan 1
#配置DHCP Snooping信任接口
dhcp snooping enable
int bridge-aggregation 1
dhcp snooping trust
#配置接入层Vlan及描述
vlan 10 20 30
vlan 10
desc mgmt
vlan 20
desc office
vlan 30
desc cctv
#配置设备管理VLAN的IP和默认路由
int vlan 10
ip addr 10.10.10.201 24
ip route-static 0.0.0.0 0 10.10.10.1
#配置管理网段连接AP的接口
int range g1/0/1 to g1/0/8
desc AP
port link-type trunk
port trunk permit vlan 10 20 30
port trunk pvid vlan 10
undo port trunk permit vlan 1
#配置办公网段接口加入VLAN 20
int range g1/0/9 to g1/0/16
desc office
port link-type access
port access vlan 30
#配置连接CCTV网段接口加入VLAN 30
int range g1/0/17 to g1/0/24
desc CCTV
port link-type access
port access vlan 30