Configuration type d’un switch
! ======= CONFIGURATION NETTOYÉE ET COMMENTÉE =======
version 17.6
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service call-home
platform punt-keepalive disable-kernel-core
hostname SWITCH-CLEANED ! Nom anonymisé
! ======= VRF de management =======
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no logging console
! ======= Sécurité des accès (mots de passe supprimés) =======
enable secret 9
aaa new-model
aaa authentication login default local
aaa session-id common
boot system switch all flash:packages.conf
switch 1 provision c9200l-24p-4x
vtp mode transparent
ip name-server x.x.x.x
ip domain name exemple.local
login on-success log
authentication mac-move permit
! ======= Certificats (tronqués ici pour la lisibilité) =======
! crypto pki trustpoints...
! ======= Licence =======
license boot level network-essentials addon dna-essentials
diagnostic bootup level minimal
! ======= Spanning Tree en mode MST =======
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree mst configuration
name MST-EXEMPLE
revision 2
memory free low-watermark processor 10308
! ======= Utilisateur local =======
username admin privilege 15 secret 9
redundancy
mode sso
lldp timer 5
lldp run
! ======= VLANs ANONYMISÉS =======
vlan 1
name VLAN-DATA
vlan 2
name VLAN-VOIP
vlan 3
name VLAN-COPIEUR
vlan 4
name VLAN-WIFI
vlan 5
name VLAN-MANAGEMENT
! ======= INTERFACES PHYSIQUES =======
interface range GigabitEthernet1/0/1 - 1/0/20
switchport access vlan 1
switchport mode access
switchport voice vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
interface range GigabitEthernet1/0/21 - 1/0/22
description COPIEUR
switchport access vlan 3
switchport mode access
spanning-tree bpduguard enable
interface GigabitEthernet1/0/23
description WIFI
switchport trunk native vlan 4
switchport trunk allowed vlan 2-4
switchport mode trunk
interface GigabitEthernet1/0/24
description ONDULEUR
switchport access vlan 5
switchport mode access
spanning-tree bpduguard enable
! ======= INTERFACES UP-LINKS 10G =======
interface TenGigabitEthernet1/1/1
description LIAISON-UPLINK-1
switchport mode trunk
interface TenGigabitEthernet1/1/2
description LIAISON-UPLINK-2
switchport mode trunk
! Interfaces 1/1/3 et 1/1/4 non utilisées
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
! ======= INTERFACES VLAN =======
interface Vlan1
no ip address
shutdown
interface Vlan5
ip address x.x.x.x 255.255.255.0 ! IP anonymisée
! ======= ROUTAGE DE BASE =======
ip default-gateway x.x.x.254
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip sla responder
! ======= LOGS & SNMP =======
logging host x.x.x.x
snmp-server community RO
snmp mib flash cache
! ======= PLAN DE CONTRÔLE =======
control-plane
service-policy input system-cpp-policy
! ======= CONSOLE, AUX & VTY =======
line con 0
stopbits 1
line vty 0 4
transport input ssh
line vty 5 15
session-timeout 120
password 7
transport input ssh
! ======= NTP =======
ntp server x.x.x.x
! ======= CALL-HOME =======
call-home
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
end