来一个文档 大家研究一下
System software version : 1.68(1a3) Build May 14 2007 Release
Building configuration...
Current configuration : 5743 bytes
!
version 1.0
!
hostname 7#
vlan 1
!
vlan 151
!
vlan 152
!
ip access-list extended 101
deny udp any any eq 135
deny udp any any eq netbios-ns
deny udp any any eq 445
deny udp any any eq 1433
deny udp any any eq 1434
deny udp any any eq 5554
deny udp any any eq 1068
deny tcp any any eq 135
deny tcp any any eq 137
deny tcp any any eq 445
deny tcp any any eq 5554
deny tcp any any eq 1433
deny tcp any any eq 1434
deny tcp any any eq 1068
deny udp any any eq 15000
deny udp any eq 15000 any
deny tcp any any eq 3077
permit ip any any
!
ip access-list extended zhouli
permit tcp any any eq www
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
permit tcp any any eq pop2
permit tcp any any eq telnet
permit tcp any eq telnet any
permit tcp any any eq 8008
permit tcp any any eq 8080
permit tcp any any eq 4000
permit tcp any any eq 8000
permit tcp any any eq 5000
permit tcp any any eq 5010
permit tcp any any eq 44449
permit tcp any any eq 1863
permit tcp any any eq 554
permit tcp any any eq 443
permit tcp any any eq 1755
permit udp any any eq 1755
permit udp any any eq 3001
permit udp any any eq 3002
permit udp any any eq 6000
permit udp any any eq 6001
permit udp any any eq 6002
permit udp any any eq 6003
permit udp any any eq 6004
permit udp any any eq domain
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any any eq 8000
permit udp any any eq 4000
permit udp any any eq 4004
permit udp any any eq 1863
permit udp any any eq snmp
permit udp any any eq snmptrap
permit udp any any eq tftp
permit icmp any any
deny ip any any
!
radius-server host
aaa authentication dot1x
aaa ac**ing server
aaa ac**ing
aaa ac**ing **
enable secret level 1 5
enable secret level 15 5
!
spanning-tree
interface fastEthernet 0/1
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/2
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/3
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/4
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/5
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/6
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/7
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/8
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/9
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/10
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface fastEthernet 0/11
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/12
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/13
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/14
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/15
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/16
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/17
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/18
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/19
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/20
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/21
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/22
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/23
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface fastEthernet 0/24
Anti-ARP-Spoofing ip 10.16.23.1
switchport access vlan 151
dot1x port-control auto
ip access-group 101 in
!
interface gigabitEthernet 1/1
switchport mode trunk
spanning-tree bpdufilter enabled
ip access-group 101 in
!
interface vlan 1
no shutdown
ip address ###########
!
dot1x client-probe enable
dot1x probe-timer alive 250
radius-server key 9999
ip default-gateway ######
snmp-server community ###########
end