#
system-view
#
sysname <TesisKodu-OkulAdı-SWNo>
#
vlan batch 10 to 11 20 30 40 50 60
#
#
interface Vlanif10
description YONETIM
ip address 10.x.x.x /x
#
ip route-static 0.0.0.0 0.0.0.0 10.x.x.x
#
snmp-agent
snmp-agent community write cipher SnMp_15_MEbF@tih_53
snmp-agent community read cipher sNmP_15_F@t1#MEb_53
snmp-agent sys-info version all
snmp-agent trap enable
#
stp bpdu-protection
#
igmp-snooping enable
#
error-down auto-recovery cause bpdu-protection interval 50
#
anti-attack fragment car cir 15000
anti-attack tcp-syn car cir 15000
anti-attack icmp-flood car cir 15000
#
lldp enable
#
dhcp enable
#                                         
dhcp snooping enable
user-bind static ip-address 192.168.0.2
user-bind static ip-address 192.168.0.3
user-bind static ip-address 192.168.0.4
user-bind static ip-address 192.168.0.5
user-bind static ip-address 192.168.0.6
user-bind static ip-address 192.168.0.7
user-bind static ip-address 192.168.0.8
user-bind static ip-address 192.168.0.9   
user-bind static ip-address 192.168.0.10
user-bind static ip-address 192.168.0.11
user-bind static ip-address 192.168.0.12
user-bind static ip-address 192.168.0.13
user-bind static ip-address 192.168.0.14
user-bind static ip-address 192.168.0.15
user-bind static ip-address 192.168.0.16
user-bind static ip-address 192.168.0.17
user-bind static ip-address 192.168.0.18
user-bind static ip-address 192.168.0.19
user-bind static ip-address 192.168.0.20
user-bind static ip-address 10.x.x.x
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin                
local-user fatih password irreversible-cipher 1071F@T1h
local-user fatih privilege level 15
local-user fatih ftp-directory flash:
local-user fatih service-type telnet terminal ftp ssh http
  undo local-user admin
quit
#
undo ntp-service server disable
clock timezone IST add 03:00:00
#
ntp-service sync-interval 180
ntp-service source-interface Vlanif10
ntp-service unicast-server 10.200.100.249 preference
ntp-service unicast-server 10.200.100.250
#
time-range POE 00:00 to 06:00 daily
time-range POE 21:00 to 23:59 daily
#
 
#
interface range GigabitEthernet0/0/1 to GigabitEthernet 0/0/10
description ***  AP ***
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11 30 50 60
loopback-detect enable
stp root-protection
stp edged-port enable
storm-control broadcast min-rate percent 100 max-rate percent 100
poe power-off time-range POE
quit
#
#
interface range GigabitEthernet0/0/11 to GigabitEthernet 0/0/18
description ***  AP RESERVED ***
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 11 30 50 60
loopback-detect enable
stp root-protection
stp edged-port enable
storm-control broadcast min-rate percent 100 max-rate percent 100
poe power-off time-range POE
quit
#
#
interface range GigabitEthernet0/0/19 to GigabitEthernet 0/0/39
description *** IDARI ***
port link-type access
port default vlan 20
loopback-detect enable
stp root-protection
stp edged-port enable
port-security enable
port-security protect-action protect
port-security max-mac-num 1
port-security aging-time 10
storm-control broadcast min-rate percent 100 max-rate percent 100
undo poe enable
quit
#
#
interface range GigabitEthernet0/0/40 to GigabitEthernet 0/0/48
description *** IDARI ***
port link-type access
port default vlan 20
loopback-detect enable
stp root-protection
stp edged-port enable
port-security enable
port-security protect-action protect
port-security max-mac-num 1
port-security aging-time 10
storm-control broadcast min-rate percent 100 max-rate percent 100
undo poe enable
quit
#
interface range GigabitEthernet0/0/49 to GigabitEthernet 0/0/51
description *** DOWNLINK ***
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo poe enable
quit
#
#
interface GigabitEthernet0/0/52
description *** UPLINK ***
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo poe enable
quit
#
#
vlan 10
description YONETIM
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
vlan 11
description ETKILESIMLI-TAHTA
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
vlan 20
description IDARE
igmp-snooping enable
dhcp snooping enable                     
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
ip source check user-bind enable
vlan 30
description OGRETMEN-TABLET
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
vlan 40
description BT-SINIFI
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
vlan 50                                   
description OGRENCI-TABLET
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
vlan 60
description AKTIVASYON
igmp-snooping enable
dhcp snooping enable
dhcp snooping enable no-user-binding
y
dhcp snooping trusted interface GigabitEthernet0/0/49
dhcp snooping trusted interface GigabitEthernet0/0/50
dhcp snooping trusted interface GigabitEthernet0/0/51
dhcp snooping trusted interface GigabitEthernet0/0/52
arp anti-attack check user-bind enable
#
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound telnet
user-interface vty 16 20
authentication-mode aaa
user privilege level 15
protocol inbound telnet
telnet server enable
#
return
save
y
#

