• 首页
  • 车闻

    • 华为交换机配置vlan设定IP及路由做访问控制列表怎么做?

    首先有几个问题你没有说太明白,我只好做假设。
    1,你所给的5个IP地址,是配置在S93上作为5个VLAN的网关来使用的吗?你没说明,我只能假设是。
    2,还有你的VLAN是在S93上开始的吗?也就是说S93的接入口该是什么模式?你没说明,我只能假设开始于S93既交换机端口都是access模式。
    3,设置静态路由则我们需要吓一跳地址和出接口,你没有给出。我只能做个假设。
    好了配置开始。(接下来我写的是配置脚本,你可以直接复制使用,当然就没必要复制其中我用汉字进行说明的部分了)
    首先配置VLAN
    vlan 2
    vlan 3
    vlan 4
    vlan 5
    vlan 6 (一般使用VLAN不会用到VLAN1这是个莫用规则,因为VLAN1在所有设备上都存在,使用起来有诸多不便,还存在安全隐患)
    vlan7(按照你的意思我猜测你的VLAN在此终结,也就是说上联口要有IP地址,而在93上IP地址是只能配在VLAN中而不能配在接口下的,所以将上联口的互联地址配置在此VLAN中,将上联口加入此VLAN即可)
    interface vlanif 2
    ip address 192.168.10.6 255.255.254.0(你没有给出掩码,经过我的计算只有255.255.254.0这个掩码能满足你现在过给的网段地址)
    interface vlanif 3
    ip address 192.168.20.6 255.255.254.0
    interface vlanif 4
    ip address 192.168.30.6 255.255.254.0
    interface vlanif 5
    ip address 192.168.40.6 255.255.254.0
    interface vlanif 6
    ip address 192.168.50.6 255.255.254.0
    interface vlanif 7
    ip address ?
    interface gig 1/0/0
    port link-type access (没做过S93的估计会指出这不用改,呵呵。事实上93上端口的默认状态是trunk所以没做过的 请闭嘴)
    port default vlan 2
    interface gig 1/0/1
    port link-type access
    port default vlan 3
    interface gig 1/0/2
    port link-type access
    port default vlan 4
    interface gig 1/0/3
    port link-type access
    port default vlan 5
    interface gig 1/0/4
    port link-type access
    port default vlan 6
    interface gig 1/0/5
    port link-type access
    port default vlan 7
    ip route-static 10.126.80.20 0.0.0.0 gig 1/0/5 ?(因为你没指明上联口互联地址我只能写?号,这里要写上联口的对端地址。)
    ip route-static 10.126.80.20 0.0.0.0 gig 1/0/5 ?
    接下来是访问控制,在93中访问控制列表只是工具不能直接在端口下调用。

    acl 3001(要做基于目的地址和源地址的访控必须是高级访问控制列表,从3000开始
    rule 0 permit destinationg 192.168.10.6 0.0.2.255 source 10.126.80.20 0.0.0.0 (注意此处用的是反掩码)
    rule 1 permit destinationg 192.168.10.6 0.0.2.255 source 10.126.80.21 0.0.0.0
    rule 2 deny any
    traffic classifier tc1
    if-match acl 3001
    traffic behavior tb1
    permit
    traffic policy tp1
    classifier tc1 behavior tb1
    quit
    acl 3002
    rule 0 permit destinationg 192.168.20.6 0.0.2.255 source 10.126.80.20 0.0.0.0
    rule 1 permit destinationg 192.168.20.6 0.0.2.255 source 10.126.80.21 0.0.0.0
    rule 2 deny any
    traffic classifier tc2
    if-match acl 3002
    traffic behavior tb2
    permit
    traffic policy tp2
    classifier tc2 behavior tb2
    quit
    acl 3003
    rule 0 permit destinationg 192.168.30.6 0.0.2.255 source 10.126.80.20 0.0.0.0
    rule 1 permit destinationg 192.168.30.6 0.0.2.255 source 10.126.80.21 0.0.0.0
    rule 2 deny any
    traffic classifier tc3
    if-match acl 3003
    traffic behavior tb3
    permit
    traffic policy tp3
    classifier tc3 behavior tb3
    quit
    acl 3002
    rule 0 permit destinationg 192.168.40.6 0.0.2.255 source 10.126.80.20 0.0.0.0
    rule 1 permit destinationg 192.168.40.6 0.0.2.255 source 10.126.80.21 0.0.0.0
    rule 2 deny source any
    traffic classifier tc4
    if-match acl 3004
    traffic behavior tb4
    permit
    traffic policy tp4
    classifier tc4 behavior tb4
    quit
    acl 3005
    rule 0 permit destinationg 192.168.50.6 0.0.2.255 source 10.126.80.20 0.0.0.0
    rule 1 permit destinationg 192.168.50.6 0.0.2.255 source 10.126.80.21 0.0.0.0
    rule 2 deny any
    traffic classifier tc5
    if-match acl 3005
    traffic behavior tb5
    permit
    traffic policy tp5
    classifier tc5 behavior tb5
    quit
    acl 3006
    rule 0 permit destinationg 10.126.80.20 0.0.0.0 source 192.168.10.6 0.0.2.255
    rule 1 permit destinationg 10.126.80.20 0.0.0.0 source 192.168.20.6 0.0.2.255
    rule 2 permit destinationg 10.126.80.20 0.0.0.0 source 192.168.30.6 0.0.2.255
    rule 3 permit destinationg 10.126.80.20 0.0.0.0 source 192.168.40.6 0.0.2.255
    rule 4 permit destinationg 10.126.80.20 0.0.0.0 source 192.168.50.6 0.0.2.255
    rule 5 permit destinationg 10.126.80.21 0.0.0.0 source 192.168.10.6 0.0.2.255
    rule 6 permit destinationg 10.126.80.21 0.0.0.0 source 192.168.20.6 0.0.2.255
    rule 7 permit destinationg 10.126.80.21 0.0.0.0 source 192.168.30.6 0.0.2.255
    rule 8 permit destinationg 10.126.80.21 0.0.0.0 source 192.168.40.6 0.0.2.255
    rule 9 permit destinationg 10.126.80.21 0.0.0.0 source 192.168.50.6 0.0.2.255
    rule 10 deny any
    traffic classifier tc6
    if-match acl 3006
    traffic behavior tb6
    permit
    traffic policy tp6
    classifier tc6 behavior tb6
    quit(注意访问控制列表应该是双向的不仅要控制回来还要控制出去注意绑定方向)
    interface gig 1/0/0
    traffic-policy tp1 outbound
    interface gig 1/0/1
    traffic-policy tp2 outbound
    interface gig 1/0/2
    traffic-policy tp3 outbound
    interface gig 1/0/3
    traffic-policy tp4 outbound
    interface gig 1/0/4
    traffic-policy tp5 outbound
    interface gig 1/0/5
    traffic-policy tp6 outbound
    (配置完成,如果还有什么问题,可以问我。)

  • 濡備綍缁浜ゆ崲鏈洪厤缃甀P鍦板潃,灏辩畝鍗曠殑璇翠竴涓嬪師鐞嗗氨琛
    绛旓細缁浜ゆ崲鏈洪厤缃IP锛屽鏋滄槸涓夊眰浜ゆ崲鏈猴紝姣忎釜VLAN鐨刅LAN绠$悊鍦板潃鍗虫槸浜ゆ崲鏈虹殑IP鍦板潃锛屽鏋滄槸浜屽眰浜ゆ崲鏈猴紝榛樿VLAN鐨処P鍦板潃鍗充负浜ゆ崲鏈虹殑IP鍦板潃銆備互鍗庝负浜屽眰浜ゆ崲鏈轰负渚嬶細1銆佸皢鐢佃剳鐢═ELNET鎴朇ONSOLE绾胯繛鎺ヤ氦鎹㈡満銆2銆佽緭鍏ヤ氦鎹㈡満鐨勭敤鎴峰悕銆佸瘑鐮佸苟鐧婚檰銆3銆佽繘鍏ヤ氦鎹㈡満鍚庯細system-view锛堣繘鍏ョ郴缁熻鍥撅級interface ...
  • 濡備綍鍦鍗庝负浜ゆ崲鏈涓閰嶇疆绔彛妯″紡鍜屽伐浣滅姸鎬?
    绛旓細鍒囨崲鍒颁氦鎹㈡満閰嶇疆妯″紡锛鍗庝负浜ゆ崲鏈洪厤缃鍛戒护锛氫氦鎹㈡満鍛戒护 鍦≦uidway浜ゆ崲鏈轰笂锛屾煡鐪嬪綋鍓嶉厤缃拰鎺ュ彛淇℃伅锛歔Quidway]discur[Quidway]displaycurrent-configuration[Quidway]displayinterfaces 閰嶇疆VLAN銆IP鍦板潃鍜岃矾鐢憋細[Quidway]interfaceethernet0/1[Quidway]interfacevlanx[Quidway-vlanx]ipaddress10.65.1.1255.255....
  • 鍗庝负浜ゆ崲鏈簐lan閰嶇疆
    绛旓細- `port link-type access`- `port default vlan 10`灏嗗涓鍙e姞鍏ュ埌VLAN涓細4. 鍦ㄧ郴缁熻鍥句笅鍒涘缓VLAN 10锛屽苟灏咷igabitEthernet 1/0/0鍒1/0/29鐨勭鍙e姞鍏ュ埌VLAN 10涓細- `port GigabitEthernet 1/0/0 to 1/0/29`浜ゆ崲鏈淇濆瓨璁剧疆鍜岄噸缃懡浠わ細5. 淇濆瓨閰嶇疆锛- `save`6. 閲嶇疆淇濆瓨鐨勯厤缃細-...
  • vlan鐨刬p鍦板潃闂,鍗庝负鐨浜ゆ崲鏈鎬庝箞鏍风粰vlan閰嶇疆涓奿p鍦板潃?鐒跺悗鍙堟庝箞鏌 ...
    绛旓細2灞備氦鎹㈡満鐨勮瘽鏄氦鎹㈡満鏈満鐨処P锛屼笉鑳戒綔涓虹綉鍏冲嚭鍙c3灞備氦鎹㈡満鍙互浣滀负鐢佃剳鐨勭綉鍏炽傚鏋滅數鑴戠殑IP鍜屼氦鎹㈡満鐨処P鍦ㄤ竴涓綉娈典笂锛屼笖灞炰簬鍚屼竴涓猇LAN锛屽氨鑳絇ING閫氥傝繘鍏浜ゆ崲鏈洪厤缃锛岃緭鍏 su sys dis cur 灏辫兘鐪嬪埌浜ゆ崲鏈洪厤缃紝鍏朵腑interface vlan-interface 杩欓」灏辨槸鍏充簬vlan鐨刬p鍦板潃鐨勩傚鏋滆寤虹珛涓涓獀lan...
  • 鍗庝负涓夊眰浜ゆ崲鏈涔嬮棿閰嶇疆VLAN闂磋矾鐢
    绛旓細鍦鍗庝负涓夊眰浜ゆ崲鏈涓婅繘琛VLAN闂磋矾鐢辩殑閰嶇疆锛屼富瑕佸氨鏄垱寤篤LAN锛岀鍙e垝鍒嗭紝涓夊眰VLAN鎺ュ彛鍦板潃閰嶇疆锛岄潤鎬佽矾鐢辨垨鏄疪IP鍗忚閰嶇疆銆傞潤鎬佽矾鐢遍厤缃繃绋嬶細PCA:ip address:10.1.1.2/24 gw:10.1.1.1/24(VLAN2璺敱鎺ュ彛IP鍦板潃)PCB:ip address:10.1.2.2/24 gw:10.1.2.1/24(VLAN3璺敱鎺ュ彛IP鍦板潃)PCC:ip ...
  • 鍗庝负浜ゆ崲鏈洪厤缃
    绛旓細灏卞彲鍜屽叾浠杙c閫氫俊 ip add 192.168.101.1 255.255.255.0 int vlan 3 ip add 192.168.114.1 255.255.255.0 int vlan 4 ip add 192.168.122.1 255.255.255.0 杩欐牱灏卞彲浠ヤ簡銆傚彧淇濊瘉鍐呯綉3涓獀lan鍙互閫氫俊銆傚鏋滈渶瑕佷笂澶栫綉锛岄渶瑕佸仛璺敱銆傛墍鏈夌殑閰嶇疆浜ゆ崲鏈鑷甫鐨勬枃妗e厜鐩橀兘鏈夈
  • 鍗庝负浜ゆ崲鏈哄浣曡缃甐LAN鐨処P
    绛旓細vlan鏄笉鑳璁剧疆IP鐨勪綘鎵璁剧疆鐨勫彧鏄浜ゆ崲鏈鐨処P鍦板潃銆傝繕鏈変竴鑸儏鍐典笅浜ゆ崲鏈哄彧鑳芥湁涓涓狪P閭d富鏄痸lan1鐨勩傝繖鏄粯璁ょ殑锛佽繕鏈塁isco鐨剉lan璁剧疆濡備笅锛歴witch>enable(杩涘叆鐗规潈妯″紡锛塻witch#config terminal(杩涘叆鍏ㄥ眬閰嶇疆妯″紡锛塻witch(config)#vlan 2 (寤簐lan2)switch(config-vlan)#name taihaole(缁檝lan璧峰悕锛夎繕鏈...
  • 鍗庝负浜ゆ崲鏈2700濡備綍閰嶇疆绠$悊ip 鍜屽垝鍒嗕袱涓vlan
    绛旓細vlan 2 vlan 3 int vlan 2 ip add 192.168.2.1 255.255.255.0 int vlan 3 ip add 192.168.6.1 255.255.255.0 SVI鎺ュ彛璁剧疆瀹屾瘯銆傝繖鏍穠lan2鍜3涔嬮棿宸茬粡鍙互浜掗氫簡锛屾帴涓嬫潵灏辨槸鎶婃帴鍙e垝鍏ュ浜鐨刅LAN锛屽鎺浜ゆ崲鏈鐨勫彲浠ヤ娇鐢╰runk锛岀洿鎺ヨ繛鐢佃剳鐨勫彲浠ュ垝涓篴ccess銆俰nt f0/0 port link-type ...
  • 鍗庝负VLAN鍜IP鎺ュ彛閰嶇疆瀹為獙
    绛旓細1銆佽鑷鍑嗗濂鍗庝负浜ゆ崲鏈鍜岀數鑴戝苟涓旇浣犵殑鐢佃剳鍜屼氦鎹㈡満杩炴帴涓 2銆佷娇鐢╯ystem-view鍛戒护锛岃繘鍏]妯″紡 3銆佸垱寤轰竴涓vlan [Quidway]vlan 2 4銆佹坊鍔犵鍙 [Quidway-vlan2]portEthernet 0/0/13 to 0/0/15 5銆佺劧鍚庝娇鐢╠isplay current鏌ョ湅绔彛鏄惁灞炰簬杩欎釜vlan 6銆佸綋鐒舵垜浠篃鍙互鐢╠isplay vlan鏉ユ煡鐪媣lan...
  • 鍗庝负浜ゆ崲鏈s5700VLAN璁剧疆
    绛旓細鏄剧ず绯荤粺杩愯閰嶇疆淇℃伅 [Quidway] display saved-configuration 鏄剧ず淇濆瓨鐨勯厤缃俊鎭 [Quidway] display interfaces brief 鏄剧ず鎺ュ彛閰嶇疆淇℃伅 [Quidway]display ip routing-table 鏄剧ず璺敱琛 [Quidway]display systname 鍛戒护鐢ㄦ潵鏄剧ず璺敱鍣ㄧ殑鍚嶇О 浠ヤ笂灏辨槸鍗庝负S5700浜ゆ崲鏈洪厤缃甐LAN鐨勬柟娉曪紝璋㈣阿闃呰锛屽笇鏈涜兘甯埌澶у锛...
    • 扩展阅读:交换机划分vlan配置ip ... 华为设备vlan配置 ... 华为vlan配置详细步骤 ... port default vlan 105 ... 华为史上最强屏幕来袭 ... 华为推出85英寸智慧屏 ... 交换机配置教程图 ... 华为星闪笔支持水墨晕染 ... 华为删除vlan配置命令 ...

    本站交流只代表网友个人观点,与本站立场无关
    欢迎反馈与建议,请联系电邮
    2024© 车视网