通信人家园

 找回密码
 注册

只需一步,快速开始

短信验证,便捷登录

搜索

军衔等级:

  新兵

注册:2016-7-25
跳转到指定楼层
1#
发表于 2020-6-13 09:23:45 |只看该作者 |倒序浏览
客户要求;vlan11(shichang),vlan12(shengchan).,vlan13(xiaoshou)间不能互相通信但都可以访问vlan10(caiwu)。
通过vlan14的接口e0/0/24 接入路由器至Internet。
vlan 10 caiwu         192.168.10.254/24
        port e0/0/0 to 0/0/4
vlan 11 shichang      192.168.11.254/24
        port e0/0/5 to 0/0/12
vlan 12 shengchan     192.168.12.254/24
        port e0/0/13 to 0/0/16
vlan 13 xiaoshou      192.168.13.254/24
        port e0/0/17 to 0/0/20
vlan 14 link-wan      192.168.14.254/24
        port e0/0/24
路由器lan接口ip;192.168.14.253/24
外网          ip  xx.xx.xx.xx
             Gw  xx.xx.xx.xx
*****交换机配置****
dis cu
#
sysname Quidway
#
vlan batch 1 10 to 14
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
#
voice-vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Simens phone
voice-vlan mac-address 0003-6b00-0000 mask ffff-ff00-0000 description Cisco phone
voice-vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone
voice-vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips/NEC phone
voice-vlan mac-address 00d0-1e00-0000 mask ffff-ff00-0000 description Pingtel phone
voice-vlan mac-address 00e0-7500-0000 mask ffff-ff00-0000 description Polycom phone
voice-vlan mac-address 00e0-bb00-0000 mask ffff-ff00-0000 description 3com phone
#
vlan 10
description caiwu
vlan 11
description shichang
traffic-policy deny inbound
vlan 12
description shengchan
traffic-policy deny inbound
vlan 13
description xiaoshou
traffic-policy deny inbound
vlan 14
description link-wan
#
acl number 3000
rule 5 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
#
acl number 3001
rule 5 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 10 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
#
acl number 3002
rule 5 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.11.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0.255 destination 192.168.11.0 0.0.0.255
#
traffic classifier shengchan
if-match acl 3000
traffic classifier xiaoshou
if-match acl 3001
traffic classifier shichang
if-match acl 3002
#
traffic behavior deny
deny
#
traffic policy deny
classifier shengchan behavior deny
classifier xiaoshou behavior deny
classifier shichang behavior deny
#
interface Vlanif1
ip address dhcp-alloc
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
#
interface Vlanif12
ip address 192.168.12.254 255.255.255.0
#
interface Vlanif13
ip address 192.168.13.254 255.255.255.0
#
interface Vlanif14
ip address 192.168.14.254 255.255.255.0
#
interface Ethernet0/0/1
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/3
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/4
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/5
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/6
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/7
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/8
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/9
port default vlan 11
bpdu enable
ntdp enable
ndp enable42D#
interface Ethernet0/0/10
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/11
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/12
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/13
port default vlan 12
bpdu enable
ntdp enable
42D ndp enable
#
interface Ethernet0/0/14
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/15
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/16
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/17
port default vlan 13
bpdu enable
42D ntdp enable
ndp enable
#
interface Ethernet0/0/18
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/19
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/20
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/21
port default vlan 1
42D bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/22
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/23
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/24
port default vlan 14
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/1
  port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/4
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
  interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
qos map-table dscp-dscp
#
qos map-table dscp-dot1p
#
qos map-table dscp-dp
#
ip route-static 0.0.0.0 0.0.0.0 192.168.14.253
#
user-interface con 0
user-interface vty 0 4
#
return



举报本楼

您需要登录后才可以回帖 登录 | 注册 |

手机版|C114 ( 沪ICP备12002291号-1 )|联系我们 |网站地图  

GMT+8, 2024-11-3 04:28 , Processed in 0.187542 second(s), 15 queries , Gzip On.

Copyright © 1999-2023 C114 All Rights Reserved

Discuz Licensed

回顶部