园区网端口隔离实现拨号上网配置
作端口隔离,每个端口一个用户(一个端口一个vlan,二层交换机用pvlan技术),联通的交换机与小区通信端口为vlan390。
所有端口(或者vlan)都必须与vlan390通信,联通交换机上面接的华为MA5200认证服务器。
所有vlan必须能与vlan390通信且不可相互通信,即可直接拨号进入MA5200通过验证介入Internet。
sw0配置如下:
<SW0>dis cu
#
sysname SW0
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
sysname SW0
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 101
#
vlan 102
#
vlan 103
#
vlan 104
#
vlan 105
#
vlan 106
#
vlan 107
#
vlan 108
#
vlan 109
#
vlan 110
#
vlan 111
#
vlan 112
#
vlan 113
#
vlan 114
#
vlan 115
#
vlan 116
#
vlan 117
#
vlan 118
#
vlan 119
#
vlan 120
#
vlan 121
#
vlan 122
#
vlan 123
#
vlan 390
#
interface Vlan-interface1
ip address 192.168.100.100 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 101 390 untagged
port hybrid pvid vlan 101
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 102 390 untagged
port hybrid pvid vlan 102
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 103 390 untagged
port hybrid pvid vlan 103
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 104 390 untagged
port hybrid pvid vlan 104
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 105 390 untagged
port hybrid pvid vlan 105
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 106 390 untagged
port hybrid pvid vlan 106
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 107 390 untagged
port hybrid pvid vlan 107
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 108 390 untagged
port hybrid pvid vlan 108
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 109 390 untagged
port hybrid pvid vlan 109
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 110 390 untagged
port hybrid pvid vlan 110
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 111 390 untagged
port hybrid pvid vlan 111
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 112 390 untagged
port hybrid pvid vlan 112
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 113 390 untagged
port hybrid pvid vlan 113
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 114 390 untagged
port hybrid pvid vlan 114
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 115 390 untagged
port hybrid pvid vlan 115
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 116 390 untagged
port hybrid pvid vlan 116
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 117 390 untagged
port hybrid pvid vlan 117
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 118 390 untagged
port hybrid pvid vlan 118
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 119 390 untagged
port hybrid pvid vlan 119
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 120 390 untagged
port hybrid pvid vlan 120
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 121 390 untagged
port hybrid pvid vlan 121
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 122 390 untagged
port hybrid pvid vlan 122
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 123 390 untagged
port hybrid pvid vlan 123
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 101 to 123 390 untagged
port hybrid pvid vlan 390
#
interface Ethernet0/25
port link-type hybrid
port hybrid vlan 101 to 123 390 untagged
port hybrid pvid vlan 390
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
#
local-server nas-ip 127.0.0.1 key huawei
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 101
#
vlan 102
#
vlan 103
#
vlan 104
#
vlan 105
#
vlan 106
#
vlan 107
#
vlan 108
#
vlan 109
#
vlan 110
#
vlan 111
#
vlan 112
#
vlan 113
#
vlan 114
#
vlan 115
#
vlan 116
#
vlan 117
#
vlan 118
#
vlan 119
#
vlan 120
#
vlan 121
#
vlan 122
#
vlan 123
#
vlan 390
#
interface Vlan-interface1
ip address 192.168.100.100 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 101 390 untagged
port hybrid pvid vlan 101
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 102 390 untagged
port hybrid pvid vlan 102
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 103 390 untagged
port hybrid pvid vlan 103
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 104 390 untagged
port hybrid pvid vlan 104
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 105 390 untagged
port hybrid pvid vlan 105
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 106 390 untagged
port hybrid pvid vlan 106
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 107 390 untagged
port hybrid pvid vlan 107
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 108 390 untagged
port hybrid pvid vlan 108
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 109 390 untagged
port hybrid pvid vlan 109
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 110 390 untagged
port hybrid pvid vlan 110
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 111 390 untagged
port hybrid pvid vlan 111
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 112 390 untagged
port hybrid pvid vlan 112
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 113 390 untagged
port hybrid pvid vlan 113
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 114 390 untagged
port hybrid pvid vlan 114
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 115 390 untagged
port hybrid pvid vlan 115
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 116 390 untagged
port hybrid pvid vlan 116
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 117 390 untagged
port hybrid pvid vlan 117
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 118 390 untagged
port hybrid pvid vlan 118
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 119 390 untagged
port hybrid pvid vlan 119
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 120 390 untagged
port hybrid pvid vlan 120
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 121 390 untagged
port hybrid pvid vlan 121
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 122 390 untagged
port hybrid pvid vlan 122
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 123 390 untagged
port hybrid pvid vlan 123
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 101 to 123 390 untagged
port hybrid pvid vlan 390
#
interface Ethernet0/25
port link-type hybrid
port hybrid vlan 101 to 123 390 untagged
port hybrid pvid vlan 390
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
sw1配置如下:
<SW1>dis cu
#
sysname SW1
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
sysname SW1
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 201
#
vlan 202
#
vlan 203
#
vlan 204
#
vlan 205
#
vlan 206
#
vlan 207
#
vlan 208
#
vlan 209
#
vlan 210
#
vlan 211
#
vlan 212
#
vlan 213
#
vlan 214
#
vlan 215
#
vlan 216
#
vlan 217
#
vlan 218
#
vlan 219
#
vlan 220
#
vlan 221
#
vlan 222
#
vlan 223
#
vlan 224
#
vlan 390
#
interface Vlan-interface1
ip address 192.168.200.200 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 201 390 untagged
port hybrid pvid vlan 201
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 202 390 untagged
port hybrid pvid vlan 202
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 203 390 untagged
port hybrid pvid vlan 203
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 204 390 untagged
port hybrid pvid vlan 204
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 205 390 untagged
port hybrid pvid vlan 205
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 206 390 untagged
port hybrid pvid vlan 206
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 207 390 untagged
port hybrid pvid vlan 207
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 208 390 untagged
port hybrid pvid vlan 208
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 209 390 untagged
port hybrid pvid vlan 209
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 210 390 untagged
port hybrid pvid vlan 210
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 211 390 untagged
port hybrid pvid vlan 211
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 212 390 untagged
port hybrid pvid vlan 212
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 213 390 untagged
port hybrid pvid vlan 213
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 214 390 untagged
port hybrid pvid vlan 214
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 215 390 untagged
port hybrid pvid vlan 215
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 216 390 untagged
port hybrid pvid vlan 216
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 217 390 untagged
port hybrid pvid vlan 217
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 218 390 untagged
port hybrid pvid vlan 218
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 219 390 untagged
port hybrid pvid vlan 219
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 220 390 untagged
port hybrid pvid vlan 220
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 221 390 untagged
port hybrid pvid vlan 221
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 222 390 untagged
port hybrid pvid vlan 222
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 223 390 untagged
port hybrid pvid vlan 223
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 224 390 untagged
port hybrid pvid vlan 224
#
interface Ethernet0/25
port link-type hybrid
port hybrid vlan 201 to 224 390 untagged
port hybrid pvid vlan 390
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return
#
local-server nas-ip 127.0.0.1 key huawei
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 201
#
vlan 202
#
vlan 203
#
vlan 204
#
vlan 205
#
vlan 206
#
vlan 207
#
vlan 208
#
vlan 209
#
vlan 210
#
vlan 211
#
vlan 212
#
vlan 213
#
vlan 214
#
vlan 215
#
vlan 216
#
vlan 217
#
vlan 218
#
vlan 219
#
vlan 220
#
vlan 221
#
vlan 222
#
vlan 223
#
vlan 224
#
vlan 390
#
interface Vlan-interface1
ip address 192.168.200.200 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 201 390 untagged
port hybrid pvid vlan 201
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 202 390 untagged
port hybrid pvid vlan 202
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 203 390 untagged
port hybrid pvid vlan 203
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 204 390 untagged
port hybrid pvid vlan 204
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 205 390 untagged
port hybrid pvid vlan 205
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 206 390 untagged
port hybrid pvid vlan 206
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 207 390 untagged
port hybrid pvid vlan 207
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 208 390 untagged
port hybrid pvid vlan 208
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 209 390 untagged
port hybrid pvid vlan 209
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 210 390 untagged
port hybrid pvid vlan 210
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 211 390 untagged
port hybrid pvid vlan 211
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 212 390 untagged
port hybrid pvid vlan 212
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 213 390 untagged
port hybrid pvid vlan 213
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 214 390 untagged
port hybrid pvid vlan 214
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 215 390 untagged
port hybrid pvid vlan 215
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 216 390 untagged
port hybrid pvid vlan 216
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 217 390 untagged
port hybrid pvid vlan 217
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 218 390 untagged
port hybrid pvid vlan 218
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 219 390 untagged
port hybrid pvid vlan 219
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 220 390 untagged
port hybrid pvid vlan 220
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 221 390 untagged
port hybrid pvid vlan 221
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 222 390 untagged
port hybrid pvid vlan 222
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 223 390 untagged
port hybrid pvid vlan 223
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 224 390 untagged
port hybrid pvid vlan 224
#
interface Ethernet0/25
port link-type hybrid
port hybrid vlan 201 to 224 390 untagged
port hybrid pvid vlan 390
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password simple 123456aA
#
return