Ferramentas do usuário

Ferramentas do site


configuracao_obrigatoria_hp

CONFIGURAÇÕES OBRIGATÓRIAS SWITCHS HP

clock datetime HH:MM:SS MM/DD/YYYY
dhcp enable (APENAS NO SWITCH CORE)
dhcp snooping enable
lldp global enable
vlan 2
name Gerencia
vlan 20
name Administrativo
vlan 30
name Academico
vlan 40
name WIFILIVRE
vlan 50
name CFTV
vlan 60
name VOIP
vlan 70
name Printers
APENAS NO SWITCH CORE
vlan 80
name Enlace WIFILIVRE
APENAS NO SWITCH CORE
vlan 130
name Enlace Fortinet
vlan 160
name Servers
stp bpdu-protection
stp global enable
interface Vlan-interface2
ip address 192.168.X.X 255.255.255.0 (IP DE GERÊNCIA DO SWITCH CORE)
APENAS NO SWITCH CORE
interface Vlan-interface20
ip address 10.6X.0.1 255.255.248.0 (IP DA NOVA REDE)
dhcp select relay
dhcp relay server-address X.X.X.X (IP DO SERVIDOR DHCP DA REDE)
APENAS NO SWITCH CORE
interface Vlan-interface50
ip address 192.168.50.1 255.255.255.0
dhcp select relay
dhcp relay server-address X.X.X.X (IP DO SERVIDOR DHCP DA REDE)
APENAS NO SWITCH CORE
interface Vlan-interface60
ip address 192.168.60.1 255.255.255.0
dhcp select relay
dhcp relay server-address X.X.X.X (IP DO SERVIDOR DHCP DA REDE)
APENAS NO SWITCH CORE
interface Vlan-interface70
ip address 192.168.70.1 255.255.255.0
dhcp select relay
dhcp relay server-address X.X.X.X (IP DO SERVIDOR DHCP DA REDE)
APENAS NO SWITCH CORE
interface Vlan-interface130
ip address 10.3X.0.4 255.255.255.248 (IP DO ENLACE FORTINET)
interface GigabitEthernet1/0/X
port access vlan 20
broadcast-suppression pps 3000
stp edged-port
port-security max-mac-count 3
APENAS NO SWITCH CORE - INTERFACE OBRIGATÓRIA PARA UTILIZAÇÃO DO FORTINET (WIFILIVRE)
interface GigabitEthernet1/0/X
port access vlan 80
stp edged-port
dhcp snooping trust
APENAS NO SWITCH CORE - INTERFACE OBRIGATÓRIA PARA UTILIZAÇÃO DO FORTINET
interface GigabitEthernet1/0/X
port access vlan 130
stp edged-port
APENAS NO SWITCH CORE - INTERFACE OBRIGATÓRIA PARA UTILIZAÇÃO DO FORTINET
interface GigabitEthernet1/0/X
port access vlan 160
stp edged-port
line aux 0
authentication-mode scheme
user-role network-admin
line vty 0 3
authentication-mode scheme
user-role network-admin
user-role network-operator
APENAS NO SWITCH CORE
ip route-static 0.0.0.0 0 10.3X.0.1 (IP DO FORTINET)
APENAS NOS SWITCHS DE ACESSO
ip route-static 0.0.0.0 0 192.168.X.X (IP DE GERÊNCIA SWITCH CORE)
APENAS NO SWITCH CORE
acl number 3000 name block_inter_redes
description ## BLOQUEAR TRAFEGO ENTRE AS REDES ##
rule deny ip source 10.6X.0.0 0.0.7.255 destination 172.X.X.0 0.0.7.255 (BLOQUEIO ADMIN-ACAD)
rule deny ip source 10.6X.0.0 0.0.7.255 destination 192.168.X.0 0.0.0.255 (BLOQUEIO ADMIN-GERENCIA)
rule deny ip source 10.6X.0.0 0.0.7.255 destination 192.168.50.0 0.0.0.255 (BLOQUEIO ADMIN-CFTV)
rule deny ip source 10.6X.0.0 0.0.7.255 destination 192.168.60.0 0.0.0.255 (BLOQUEIO ADMIN-VOIP)
rule deny ip source 10.6X.0.0 0.0.7.255 destination 192.168.70.0 0.0.0.255 (BLOQUEIO ADMIN-PRINTERS)
rule deny ip source 172.X.X.0 0.0.7.255 destination 10.6X.0.0 0.0.7.255 (BLOQUEIO ACAD-ADMIN)
rule deny ip source 172.X.X.0 0.0.7.255 destination 192.168.X.0 0.0.0.255 (BLOQUEIO ACAD-GERENCIA)
rule deny ip source 172.X.X.0 0.0.7.255 destination 192.168.50.0 0.0.0.255 (BLOQUEIO ACAD-CFTV)
rule deny ip source 172.X.X.0 0.0.7.255 destination 192.168.60.0 0.0.0.255 (BLOQUEIO ACAD-VOIP)
rule deny ip source 172.X.X.0 0.0.7.255 destination 192.168.70.0 0.0.0.255 (BLOQUEIO ACAD-PRINTERS)
rule deny ip source 192.168.50.0 0.0.0.255 destination 10.6X.0.0 0.0.7.255 (BLOQUEIO CFTV-ADMIN)
rule deny ip source 192.168.50.0 0.0.0.255 destination 172.X.X.0 0.0.7.255 (BLOQUEIO CFTV-ACAD)
rule deny ip source 192.168.50.0 0.0.0.255 destination 192.168.X.0 0.0.0.255 (BLOQUEIO CFTV-GERENCIA)
rule deny ip source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 (BLOQUEIO CFTV-VOIP)
rule deny ip source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 (BLOQUEIO CFTV-PRINTERS)
rule deny ip source 192.168.60.0 0.0.0.255 destination 10.6X.0.0 0.0.7.255 (BLOQUEIO VOIP-ADMIN)
rule deny ip source 192.168.60.0 0.0.0.255 destination 172.X.X.0 0.0.7.255 (BLOQUEIO VOIP-ACAD)
rule deny ip source 192.168.60.0 0.0.0.255 destination 192.168.X.0 0.0.0.255 (BLOQUEIO VOIP-GERENCIA)
rule deny ip source 192.168.60.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 (BLOQUEIO VOIP-CFTV)
rule deny ip source 192.168.60.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 (BLOQUEIO VOIP-PRINTERS)
rule deny ip source 192.168.70.0 0.0.0.255 destination 10.6X.0.0 0.0.7.255 (BLOQUEIO PRINTERS-ADMIN)
rule deny ip source 192.168.70.0 0.0.0.255 destination 172.X.X.0 0.0.7.255 (BLOQUEIO PRINTERS-ACAD)
rule deny ip source 192.168.70.0 0.0.0.255 destination 192.168.X.0 0.0.0.255 (BLOQUEIO PRINTERS-GERENCIA)
rule deny ip source 192.168.70.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 (BLOQUEIO PRINTERS-CFTV)
rule deny ip source 192.168.70.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 (BLOQUEIO PRINTERS-VOIP)
ssh server enable
arp valid-check enable
arp ip-conflict log prompt
arp detection validate ip

PARA CONFIGURAÇÕES ADICIONAIS REFERENTES A VOICE VLAN E OUTRAS FEATURES, UTILIZAR OS LINKS ABAIXO:

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/atualizacao_firmware_hp

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/bridge_aggregation

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/configuracao_switch_hp

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/configuracao_switch_hp_voice_vlan

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/usuario_ssh

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/habilitar_porta_switch_ap

https://aplicacoes.ifs.edu.br/dokuwiki/doku.php/irf_modulo_traseiro

configuracao_obrigatoria_hp.txt · Última modificação: 08/11/2018 16:21:00 por Alex Oliveira Soares