华为quidway3328三层交换机vlan配置
客户要求;vlan11(shichang),vlan12(shengchan).,vlan13(xiaoshou)间不能互相通信但都可以访问vlan10(caiwu)。
通过vlan14的接口e0/0/24 接入路由器至Internet。
vlan 10 caiwu 192.168.10.254/24
port e0/0/0 to 0/0/4
|
Vlan10
|
|
Vlan13
|
|
Vlan11
|
|
Vlan12
|
|
Vlan14
|
|
router
|
|
internet
|
port e0/0/5 to 0/0/12
vlan 12 shengchan 192.168.12.254/24
port e0/0/13 to 0/0/16
vlan 13 xiaoshou 192.168.13.254/24
port e0/0/17 to 0/0/20
vlan 14 link-wan 192.168.14.254/24
port e0/0/24
路由器lan接口ip;192.168.14.253/24
外网 ip xx.xx.xx.xx
Gw xx.xx.xx.xx
acl 3000 vlan11 ---->vlan12
vlan13 ---->vlan12
acl 3001 vlan11 ---->vlan13
vlan12 ---->vlan13
acl 3002 vlan12 ---->vlan11
vlan13 ---->vlan11
*****交换机配置****
*****交换机配置****
dis cu
#
sysname Quidway
#
vlan batch 1 10 to 14
#
cluster enable
ntdp enable
ntdp hop 16
ndp enable
#
voice-vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Simens phone
voice-vlan mac-address 0003-6b00-0000 mask ffff-ff00-0000 description Cisco phone
voice-vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone
voice-vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips/NEC phone
voice-vlan mac-address 00d0-1e00-0000 mask ffff-ff00-0000 description Pingtel phone
voice-vlan mac-address 00e0-7500-0000 mask ffff-ff00-0000 description Polycom phone
voice-vlan mac-address 00e0-bb00-0000 mask ffff-ff00-0000 description 3com phone
#
vlan 10
description caiwu
vlan 11
description shichang
traffic-policy shichang inbound
vlan 12
description shengchan
traffic-policy shengchan inbound
vlan 13
description xiaoshou
traffic-policy xiaoshou inbound
vlan 14
description link-wan
#
acl number 3000
rule 5 permit ip source 192.168.11.0 0.0.0 .255 destination 192.168.12.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0 .255 destination 192.168.12.0 0.0.0.255
#
acl number 3001
rule 5 permit ip source 192.168.11.0 0.0.0 .255 destination 192.168.13.0 0.0.0.255
rule 10 permit ip source 192.168.12.0 0.0.0 .255 destination 192.168.13.0 0.0.0.255
#
acl number 3002
rule 5 permit ip source 192.168.12.0 0.0.0 .255 destination 192.168.11.0 0.0.0.255
rule 10 permit ip source 192.168.13.0 0.0.0 .255 destination 192.168.11.0 0.0.0.255
#
traffic classifier shengchan
if-match acl 3000
traffic classifier xiaoshou
if-match acl 3001
traffic classifier shichang
if-match acl 3002
#
traffic behavior deny
deny
#
traffic policy shengchan
classifier shichang behavior deny
classifier xiaoshou behavior deny
classifier shengchan behavior deny
traffic policy xiaoshou
classifier shichang behavior deny
classifier shengchan behavior deny
classifier xiaoshou behavior deny
traffic policy shichang
classifier shengchan behavior deny
classifier xiaoshou behavior deny
classifier shichang behavior deny
#
interface Vlanif1
ip address dhcp-alloc
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
#
interface Vlanif12
ip address 192.168.12.254 255.255.255.0
#
interface Vlanif13
ip address 192.168.13.254 255.255.255.0
#
interface Vlanif14
ip address 192.168.14.254 255.255.255.0
#
interface Ethernet0/0/1
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/2
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/3
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/4
port default vlan 10
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/5
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/6
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/7
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/8
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/9
port default vlan 11
bpdu enable
ntdp enable
ndp enable42D#
interface Ethernet0/0/10
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/11
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/12
port default vlan 11
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/13
port default vlan 12
bpdu enable
ntdp enable
42D ndp enable
#
interface Ethernet0/0/14
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/15
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/16
port default vlan 12
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/17
port default vlan 13
bpdu enable
42D ntdp enable
ndp enable
#
interface Ethernet0/0/18
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/19
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/20
port default vlan 13
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/21
port default vlan 1
42D bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/22
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/23
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface Ethernet0/0/24
port default vlan 14
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/1
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/2
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/3
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface GigabitEthernet0/0/4
port default vlan 1
bpdu enable
ntdp enable
ndp enable
#
interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
qos map-table dscp-dscp
#
qos map-table dscp-dot1p
#
qos map-table dscp-dp
#
ip route-static 0.0.0 .0 0.0.0.0 192.168.14.253
#
user-interface con 0
user-interface vty 0 4
#
return
<Quidway>
