华为S3600SI交换机VLAN配置案例

要求:
1、划分6个vlan
2、每个vlan配置IP
3、除了vlan5以外,其他vlan下面的PC不能互访。但各vlaN下的PC均可以访问vlan5下的PC
 
以下是配置:
 sysname H3C
#
radius scheme system
#
domain system
#
acl number 2001
 rule 0 deny
 rule 1 permit source 192.168.40.0 0.0.0.255
 rule 2 permit source 192.168.20.0 0.0.0.255
acl number 2002
 rule 0 deny
 rule 1 permit source 192.168.40.0 0.0.0.255
 rule 2 permit source 192.168.25.0 0.0.0.255
acl number 2003
 rule 0 deny
 rule 1 permit source 192.168.40.0 0.0.0.255
 rule 2 permit source 192.168.35.0 0.0.0.255
acl number 2004
 rule 0 deny
 rule 1 permit source 192.168.40.0 0.0.0.255
 rule 2 permit source 192.168.45.0 0.0.0.255
acl number 2005
 rule 0 deny                             
 rule 1 permit source 192.168.40.0 0.0.0.255
 rule 2 permit source 192.168.15.0 0.0.0.255
#
vlan 1 to 6
#
interface Vlan-interface1
 ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface2
 ip address 192.168.25.254 255.255.255.0
#
interface Vlan-interface3
 ip address 192.168.35.254 255.255.255.0
#
interface Vlan-interface4
 ip address 192.168.45.254 255.255.255.0
#
interface Vlan-interface5
 ip address 192.168.40.254 255.255.255.0
#
interface Vlan-interface6
 ip address 192.168.15.254 255.255.255.0
#
interface Aux1/0/0                       
#
interface Ethernet1/0/1
 packet-filter outbound ip-group 2001 rule 0
 packet-filter outbound ip-group 2001 rule 1
 packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/2
 packet-filter outbound ip-group 2001 rule 0
 packet-filter outbound ip-group 2001 rule 1
 packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/3
 packet-filter outbound ip-group 2001 rule 0
 packet-filter outbound ip-group 2001 rule 1
 packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/4
 packet-filter outbound ip-group 2001 rule 0
 packet-filter outbound ip-group 2001 rule 1
 packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/5
 port access vlan 2
 packet-filter outbound ip-group 2002 rule 0
 packet-filter outbound ip-group 2002 rule 1
 packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/6
 port access vlan 2
 packet-filter outbound ip-group 2002 rule 0
 packet-filter outbound ip-group 2002 rule 1
 packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/7
 port access vlan 2
 packet-filter outbound ip-group 2002 rule 0
 packet-filter outbound ip-group 2002 rule 1
 packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/8
 port access vlan 2
 packet-filter outbound ip-group 2002 rule 0
 packet-filter outbound ip-group 2002 rule 1
 packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/9
 port access vlan 3
 packet-filter outbound ip-group 2003 rule 0
 packet-filter outbound ip-group 2003 rule 1
 packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/10
 port access vlan 3
 packet-filter outbound ip-group 2003 rule 0
 packet-filter outbound ip-group 2003 rule 1
 packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/11
 port access vlan 3
 packet-filter outbound ip-group 2003 rule 0
 packet-filter outbound ip-group 2003 rule 1
 packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/12
 port access vlan 3
 packet-filter outbound ip-group 2003 rule 0
 packet-filter outbound ip-group 2003 rule 1
 packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/13
 port access vlan 4
 packet-filter outbound ip-group 2004 rule 0
 packet-filter outbound ip-group 2004 rule 1
 packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/14
 port access vlan 4
 packet-filter outbound ip-group 2004 rule 0
 packet-filter outbound ip-group 2004 rule 1
 packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/15
 port access vlan 4
 packet-filter outbound ip-group 2004 rule 0
 packet-filter outbound ip-group 2004 rule 1
 packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/16
 port access vlan 4
 packet-filter outbound ip-group 2004 rule 0
 packet-filter outbound ip-group 2004 rule 1
 packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/17
 port access vlan 5
#                                        
interface Ethernet1/0/18
 port access vlan 5
#
interface Ethernet1/0/19
 port access vlan 5
#
interface Ethernet1/0/20
 port access vlan 5
#
interface Ethernet1/0/21
 port access vlan 5
#
interface Ethernet1/0/22
 port access vlan 5
#
interface Ethernet1/0/23
 port access vlan 5
#
interface Ethernet1/0/24
 port access vlan 5
#
interface GigabitEthernet1/1/1
 port access vlan 6
 packet-filter outbound ip-group 2005 rule 0
 packet-filter outbound ip-group 2005 rule 1
 packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/2
 port access vlan 6
 packet-filter outbound ip-group 2005 rule 0
 packet-filter outbound ip-group 2005 rule 1
 packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/3
 port access vlan 6
 packet-filter outbound ip-group 2005 rule 0
 packet-filter outbound ip-group 2005 rule 1
 packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/4
 port access vlan 6
 packet-filter outbound ip-group 2005 rule 0
 packet-filter outbound ip-group 2005 rule 1
 packet-filter outbound ip-group 2005 rule 2
#
 undo irf-fabric authentication-mode
#
interface NULL0                          
#
 voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
user-interface aux 0 7
user-interface vty 0 4

你可能感兴趣的:(华为,VLAN,休闲,交换机,S3600SI)