!
hostname SWX3220-16TMs(CoreSW)
!
enable password (パスワード：必須)
!
username (ユーザー名：必須) privilege on password (パスワード：必須)
!
qos enable
!
dns-client enable
dns-client name-server 172.16.0.253
dns-client name-server 172.16.0.254
port-channel load-balance src-dst-ip
lldp run
lldp auto-setting enable
!
access-list 1 description for VLAN1
access-list 1 10 deny any any 172.21.0.0 0.0.0.255
access-list 1 20 deny any any 172.22.0.0 0.0.3.255
access-list 1 30 deny any any 172.25.0.0 0.0.3.255
access-list 10 description for VLAN10
access-list 10 10 deny any any 172.16.0.0 0.0.0.255
access-list 10 20 deny any any 172.22.0.0 0.0.3.255
access-list 10 30 deny any any 172.23.0.0 0.0.0.255
access-list 10 40 deny any any 172.24.0.0 0.0.0.255
access-list 10 50 deny any any 172.25.0.0 0.0.3.255
access-list 20 description for VLAN20
access-list 20 10 deny any any 172.16.0.0 0.0.0.255
access-list 20 20 deny any any 172.21.0.0 0.0.0.255
access-list 20 30 deny any any 172.23.0.0 0.0.0.255
access-list 20 40 deny any any 172.24.0.0 0.0.0.255
access-list 20 50 deny any any 172.25.0.0 0.0.3.255
access-list 30 description for VLAN30
access-list 30 10 deny any any 172.21.0.0 0.0.0.255
access-list 30 20 deny any any 172.22.0.0 0.0.3.255
access-list 30 30 deny any any 172.24.0.0 0.0.0.255
access-list 30 40 deny any any 172.25.0.0 0.0.3.255
access-list 40 description for VLAN40
access-list 40 10 deny any any 172.21.0.0 0.0.0.255
access-list 40 20 deny any any 172.22.0.0 0.0.3.255
access-list 40 30 deny any any 172.23.0.0 0.0.0.255
access-list 40 40 deny any any 172.25.0.0 0.0.3.255
access-list 50 description for VLAN50
access-list 50 10 deny any any 172.16.0.0 0.0.0.255
access-list 50 20 deny any any 172.21.0.0 0.0.0.255
access-list 50 30 deny any any 172.22.0.0 0.0.3.255
access-list 50 40 deny any any 172.23.0.0 0.0.0.255
access-list 50 50 deny any any 172.24.0.0 0.0.0.255
access-list 100 description for VPN
access-list 100 1 permit any 172.21.0.0 0.0.0.255 192.168.1.0 0.0.0.255
!
dhcp-server enable
!
vlan database
 vlan 10 name School_Affairs
 vlan 20 name For_Learning
 vlan 30 name IP_Phone
 vlan 40 name IP_Camera
 vlan 50 name Disaster
!
route-map 1 permit 10
 description VPN_Router
 match access-list 100
 set ip next-hop 172.21.0.254
!
interface port1.1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,50
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.2
 switchport
 switchport mode access
 switchport access vlan 10
 static-channel-group 1
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.3
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 channel-group 10 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.4
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30
 channel-group 11 mode active
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.5
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 20 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.6
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 30 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.7
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 40 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.8
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 50 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.9
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 60 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.10
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.11
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.12
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.13
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 channel-group 12 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port1.14
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,50
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.2
 switchport
 switchport mode access
 switchport access vlan 10
 static-channel-group 1
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.3
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 channel-group 10 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.4
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30
 channel-group 11 mode active
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.5
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 20 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.6
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 30 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.7
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 40 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.8
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 50 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.9
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 channel-group 60 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.10
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.11
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.12
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.13
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 channel-group 12 mode active
 qos trust dscp
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface port2.14
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx 
  exit 
!
interface vlan1
 no switchport
 auto-ip enable
 ip address 172.16.0.1/24
 no shutdown
!
interface vlan10
 no switchport
 ip address 172.21.0.1/24
 arp-ageing-timeout request broadcast
 ip policy route-map 1
 no shutdown
 dhcp-server enable
!
interface vlan20
 no switchport
 ip address 172.22.0.1/22
 no shutdown
 dhcp-server enable
!
interface vlan30
 no switchport
 ip address 172.23.0.1/24
 no shutdown
!
interface vlan40
 no switchport
 ip address 172.24.0.1/24
 no shutdown
!
interface vlan50
 no switchport
 ip address 172.25.0.1/22
 no shutdown
 dhcp-server enable
!
interface po10
 description 1F_Staff-Office
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 qos trust dscp
 no shutdown
!
interface po11
 description 1F_Server-Room
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30
 no shutdown
!
interface po12
 description 1F_GYM
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,40,50
 qos trust dscp
 no shutdown
!
interface po20
 description 2F_Classroom
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 qos trust dscp
 no shutdown
!
interface po30
 description 3F_Classroom
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 qos trust dscp
 no shutdown
!
interface po40
 description 4F_Classroom
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 qos trust dscp
 no shutdown
!
interface po50
 description 5F_Classroom
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 qos trust dscp
 no shutdown
!
interface po60
 description 6F_Classroom
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20,30,50
 qos trust dscp
 no shutdown
!
interface sa1
 description VPN
 switchport
 switchport mode access
 switchport access vlan 10
 no shutdown
!
vlan access-map VAM-001
 match access-list 1
!
vlan access-map VAM-010
 match access-list 10
!
vlan access-map VAM-020
 match access-list 20
!
vlan access-map VAM-030
 match access-list 30
!
vlan access-map VAM-040
 match access-list 40
!
vlan access-map VAM-050
 match access-list 50
!
vlan filter VAM-001 1 in
!
vlan filter VAM-010 10 in
!
vlan filter VAM-020 20 in
!
vlan filter VAM-030 30 in
!
vlan filter VAM-040 40 in
!
vlan filter VAM-050 50 in
!
ip route 0.0.0.0/0 172.16.0.253
ip route 0.0.0.0/0 172.16.0.254
!
crypto pki generate ca (認証局名)
!
radius-server local interface vlan1
radius-server local enable
!
!
clock timezone JST
!
ntpdate server name ntp.nict.jp
ntpdate interval 24
!
snmp-server community (コミュニティー名) ro
snmp-server enable trap coldstart warmstart linkdown linkup authentication temperature fan l2ms errdisable rmon termmonitor bridge loopdetect vrrp
snmp-server host (SNMPマネージャーのIPアドレス) traps version 2c (コミュニティー名)
snmp-server access permit (SNMPマネージャーのIPアドレス) community (コミュニティー名)
!
http-server enable
http-proxy enable
!
telnet-server enable
!
telnet-client enable
!
firmware-update reload-method sequential
!
dhcp pool pool_vlan10
 network 172.21.0.0/24
 range 172.21.0.2 172.21.0.191
 default-router 172.21.0.1
 dns-server 172.21.0.240
 dns-server 172.21.0.241
!
dhcp pool pool_vlan20
 network 172.22.0.0/22
 range 172.22.0.2 172.22.3.191
 default-router 172.22.0.1
 dns-server 172.22.3.240
 dns-server 172.22.3.241
!
dhcp pool pool_vlan50
 network 172.25.0.0/22
 range 172.25.0.2 172.25.3.191
 default-router 172.25.0.1
 dns-server 172.25.3.240
 dns-server 172.25.3.241
!
line con 0
line vty 0 7
!
l2ms configuration
 l2ms role manager
!
snapshot enable
!
end
