华为S3600SI交换机VLAN配置案例
2010-01-04 08:51
459 查看
要求:
1、划分6个vlan
2、每个vlan配置IP
3、除了vlan5以外,其他vlan下面的PC不能互访。但各vlaN下的PC均可以访问vlan5下的PC
以下是配置:
sysname H3C
#
radius scheme system
#
domain system
#
acl number 2001
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.20.0 0.0.0.255
acl number 2002
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.25.0 0.0.0.255
acl number 2003
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.35.0 0.0.0.255
acl number 2004
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.45.0 0.0.0.255
acl number 2005
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.15.0 0.0.0.255
#
vlan 1 to 6
#
interface Vlan-interface1
ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface2
ip address 192.168.25.254 255.255.255.0
#
interface Vlan-interface3
ip address 192.168.35.254 255.255.255.0
#
interface Vlan-interface4
ip address 192.168.45.254 255.255.255.0
#
interface Vlan-interface5
ip address 192.168.40.254 255.255.255.0
#
interface Vlan-interface6
ip address 192.168.15.254 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/2
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/3
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/4
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/5
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/6
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/7
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/8
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/9
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/10
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/11
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/12
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/13
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/14
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/15
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/16
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/17
port access vlan 5
#
interface Ethernet1/0/18
port access vlan 5
#
interface Ethernet1/0/19
port access vlan 5
#
interface Ethernet1/0/20
port access vlan 5
#
interface Ethernet1/0/21
port access vlan 5
#
interface Ethernet1/0/22
port access vlan 5
#
interface Ethernet1/0/23
port access vlan 5
#
interface Ethernet1/0/24
port access vlan 5
#
interface GigabitEthernet1/1/1
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/2
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/3
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/4
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
user-interface aux 0 7
user-interface vty 0 4
1、划分6个vlan
2、每个vlan配置IP
3、除了vlan5以外,其他vlan下面的PC不能互访。但各vlaN下的PC均可以访问vlan5下的PC
以下是配置:
sysname H3C
#
radius scheme system
#
domain system
#
acl number 2001
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.20.0 0.0.0.255
acl number 2002
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.25.0 0.0.0.255
acl number 2003
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.35.0 0.0.0.255
acl number 2004
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.45.0 0.0.0.255
acl number 2005
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.15.0 0.0.0.255
#
vlan 1 to 6
#
interface Vlan-interface1
ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface2
ip address 192.168.25.254 255.255.255.0
#
interface Vlan-interface3
ip address 192.168.35.254 255.255.255.0
#
interface Vlan-interface4
ip address 192.168.45.254 255.255.255.0
#
interface Vlan-interface5
ip address 192.168.40.254 255.255.255.0
#
interface Vlan-interface6
ip address 192.168.15.254 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/2
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/3
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/4
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/5
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/6
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/7
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/8
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/9
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/10
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/11
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/12
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/13
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/14
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/15
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/16
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/17
port access vlan 5
#
interface Ethernet1/0/18
port access vlan 5
#
interface Ethernet1/0/19
port access vlan 5
#
interface Ethernet1/0/20
port access vlan 5
#
interface Ethernet1/0/21
port access vlan 5
#
interface Ethernet1/0/22
port access vlan 5
#
interface Ethernet1/0/23
port access vlan 5
#
interface Ethernet1/0/24
port access vlan 5
#
interface GigabitEthernet1/1/1
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/2
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/3
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/4
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
user-interface aux 0 7
user-interface vty 0 4
相关文章推荐
- 华为1821路由器qos car+nat+dhcp+vlan配置心得
- 锐捷交换机实验案例:vlan间互访的配置与验证
- 华为三层交换机在vlan下配置DHCP服务
- 华为路由重发布配置案例
- 华为 Hybrid-vlan配置,将接口批量加入vlan,配置详解
- 华为 基于策略划分VLAN的配置方法及示例
- 华为S5700配置2--VLAN
- 华为Secpath典型配置案例
- hybrid华为配置不同交换机,相同vlan 之间互通
- 华为USG配置案例_允许trust区域ping通trust区域中的接口
- 【基础】一个实验搞定华为Hybrid-vlan的原理和配置
- 接入层交换机 华为s5700 基本配置指南 sysname SH_QC_5700_office_core1 \\命名设备名 SH_QC_5700_office_core1 # vlan
- 【华为】MUX VLAN配置详解
- 华为 WLAN802.1x动态下发vlan配置(AC篇)
- 华为S5700怎么划分VLAN? S5700交换机配置VLAN的方法
- 华为S5300交换机配置基于VLAN的本地端口镜像
- 一个华为100F防火墙的配置案例
- 思科华为三层交换机VLAN间路由配置:
- 华为1821路由器qos car+nat+dhcp+vlan配置心得