通信人家园

标题: 华为s3328交换机配置实例 [查看完整版帖子] [打印本页]

时间: 2020-6-13 09:23

作者: ly185 标题: 华为s3328交换机配置实例

客户要求；vlan11（shichang），vlan12（shengchan）.，vlan13（xiaoshou）间不能互相通信但都可以访问vlan10（caiwu）。
通过vlan14的接口e0/0/24 接入路由器至Internet。
vlan 10 caiwu       192.168.10.254/24
      port e0/0/0 to 0/0/4
vlan 11 shichang    192.168.11.254/24
      port e0/0/5 to 0/0/12
vlan 12 shengchan    192.168.12.254/24
      port e0/0/13 to 0/0/16
vlan 13 xiaoshou    192.168.13.254/24
      port e0/0/17 to 0/0/20
vlan 14 link-wan    192.168.14.254/24
      port e0/0/24
路由器lan接口ip；192.168.14.253/24
外网       ip  xx.xx.xx.xx
         Gw  xx.xx.xx.xx
*****交换机配置****
dis cu
#
sysname Quidway
#
vlan batch 1 10 to 14
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
#
voice-vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Simens phone
voice-vlan mac-address 0003-6b00-0000 mask ffff-ff00-0000 description Cisco phone
voice-vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone
voice-vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips/NEC phone
voice-vlan mac-address 00d0-1e00-0000 mask ffff-ff00-0000 description Pingtel phone
voice-vlan mac-address 00e0-7500-0000 mask ffff-ff00-0000 description Polycom phone
voice-vlan mac-address 00e0-bb00-0000 mask ffff-ff00-0000 description 3com phone
#
vlan 10
description caiwu
vlan 11
description shichang
traffic-policy deny inbound
vlan 12
description shengchan
traffic-policy deny inbound
vlan 13
description xiaoshou
traffic-policy deny inbound
vlan 14
description link-wan
#
acl number 3000
rule 5 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
#
acl number 3001
rule 5 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 10 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
#
acl number 3002
rule 5 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.11.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0.255 destination 192.168.11.0 0.0.0.255
#
traffic classifier shengchan
if-match acl 3000
traffic classifier xiaoshou
if-match acl 3001
traffic classifier shichang
if-match acl 3002
#
traffic behavior deny
deny
#
traffic policy deny
classifier shengchan behavior deny
classifier xiaoshou behavior deny
classifier shichang behavior deny
#
interface Vlanif1
ip address dhcp-alloc
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
#
interface Vlanif12
ip address 192.168.12.254 255.255.255.0
#
interface Vlanif13
ip address 192.168.13.254 255.255.255.0
#
interface Vlanif14
ip address 192.168.14.254 255.255.255.0
#
interface Ethernet0/0/1
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/3
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/4
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/5
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/6
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/7
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/8
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/9
port default vlan 11
bpdu enable
ntdp enable
ndp enable42D#
interface Ethernet0/0/10
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/11
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/12
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/13
port default vlan 12
bpdu enable
ntdp enable
42D ndp enable
#
interface Ethernet0/0/14
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/15
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/16
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/17
port default vlan 13
bpdu enable
42D ntdp enable
ndp enable
#
interface Ethernet0/0/18
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/19
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/20
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/21
port default vlan 1
42D bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/22
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/23
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/24
port default vlan 14
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/1
  port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/4
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
  interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
qos map-table dscp-dscp
#
qos map-table dscp-dot1p
#
qos map-table dscp-dp
#
ip route-static 0.0.0.0 0.0.0.0 192.168.14.253
#
user-interface con 0
user-interface vty 0 4
#
return

通信人家园 (https://www.txrjy.com/)