H3C S3600v2-28tp-si配置命令
A 配置命令
sys
一、建立VLAN
#
vlan1001
vlan1002
vlan1003
vlan1004
vlan 80
二、将相应的端口加到各个VLAN中
#
port ethernet 1/0/1 to ethernet 1/0/5 vlan1001
port ethernet 1/0/6 to ethernet 1/0/10 vlan1002
port ethernet 1/0/11to ethernet 1/0/15 vlan 1003
port ethernet 1/0/16to ethernet 1/0/20 vlan 1004
port ethernet 1/0/24 vlan 80
三、把port gthernet 1/0/25 加入到vlan80
四、把port gthernet 1/0/25端口类型改成trunk
五、给各个VLAN配置IP地址
#
interface vlan interface 1001
ip address 192.168.1.1 /29
#
interface vlan interface 1002
ip address 192.168.2.1 /29
#
interface vlan interface 1003
ip address 192.168.3.1 /29
#
interface vlan interface 1004
ip address 192.168.4.1 /27
#
interface vlan interface80
ip address 192.168.10.1 255.255.255.248
#
六、配置默认路由
ip router-static 0.0.0.0 0.0.0.0 192.168.10.2
#
七、给交换机配置帐户及级别
[h3c]telnet server enable
[h3c]local-user h3c
[h3c-luser-h3c]password cipher zzlan
[h3c-luser-h3c]service-type telnet
[h3c-luser-h3c]authorization-attribute level 3
[h3c-luser-h3c]quit
[h3c]user-interface vty 0 4
[h3c-ui-vty0-4]authentication-mode scheme
[h3c-ui-vty0-4]user privilege level 3
八、配置ACL策略
#
acl number 3000
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination
192.168.2.0 0.0.0.255
rule 1 permit ip source 192.168.1.0 0.0.0.255 destination
192.168.3.0 0.0.0.255
rule 2 permit ip source 192.168.1.0 0.0.0.255 destination
192.168.4.0 0.0.0.255
#
acl number 3001
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.1.0 0.0.0.255
rule 1 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.3.0 0.0.0.255
rule 2 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.4.0 0.0.0.255
#
acl number 3002
rule 0 permit ip source 192.168.3.0 0.0.0.255 destination
192.168.1.0 0.0.0.255
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination
192.168.2.0 0.0.0.255
rule 2 permit ip source 192.168.3.0 0.0.0.255 destination
192.168.4.0 0.0.0.255
#
acl number 3003
rule 0 permit ip source 192.168.4.0 0.0.0.255 destination
192.168.1.0 0.0.0.255
rule 1 permit ip source 192.168.4.0 0.0.0.255 destination
192.168.2.0 0.0.0.255
rule 2 permit ip source 192.168.4.0 0.0.0.255 destination
192.168.3.0 0.0.0.255
#
九、把ACL策略应用到4个VLAN中
interface Vlan-interface 1001
packet-filter 3000 inbound
#
interface Vlan-interface 1002
packet-filter 3001 inbound
#
interface Vlan-interface 1003
packet-filter 3002 inbound
#
interface Vlan-interface 1004
packet-filter 3003 inbound
#
十、保存 save
B配置
一、建立VLAN
#
vlan1001
vlan1002
vlan1003
vlan1004
vlan 80
二、将相应的端口加到各个VLAN中
#
port ethernet 1/0/1 to ethernet 1/0/5 vlan1001
port ethernet 1/0/6 to ethernet 1/0/10 vlan1002
port ethernet 1/0/11to ethernet 1/0/15 vlan 1003
port ethernet 1/0/16to ethernet 1/0/20 vlan 1004
三、把port gthernet 1/0/25 加入到vlan80
四、把port gthernet 1/0/25端口类型改成trunk
五、给各个VLAN配置IP地址
#
interface vlan interface 1001
ip address 192.168.5.1 /24
#
interface vlan interface 1002
ip address 192.168.6.1 /24
#
interface vlan interface 1003
ip address 192.168.7.1 /24
#
interface vlan interface 1004
ip address 192.168.8.1 /24
#
interface vlan interface80
ip address 192.168.10.3 255.255.255.248
#
六、配置默认路由
ip router-static 0.0.0.0 0.0.0.0 192.168.10.1
#
七、给交换机配置帐户及级别
[h3c]telnet server enable
[h3c]local-user h3c
[h3c-luser-h3c]password cipher zzlan
[h3c-luser-h3c]service-type telnet
[h3c-luser-h3c]authorization-attribute level 3
[h3c-luser-h3c]quit
[h3c]user-interface vty 0 4
[h3c-ui-vty0-4]authentication-mode scheme
[h3c-ui-vty0-4]user privilege level 3
#
十、save (保存)