华为S3600SI交换机VLAN配置案例
sysname H3C #radius scheme system
#
domain system
#
acl number 2001
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.20.0 0.0.0.255
acl number 2002
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.25.0 0.0.0.255
acl number 2003
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.35.0 0.0.0.255
acl number 2004
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.45.0 0.0.0.255
acl number 2005
rule 0 deny
rule 1 permit source 192.168.40.0 0.0.0.255
rule 2 permit source 192.168.15.0 0.0.0.255
#
vlan 1 to 6
#
interface Vlan-interface1
ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface2
ip address 192.168.25.254 255.255.255.0
#
interface Vlan-interface3
ip address 192.168.35.254 255.255.255.0
#
interface Vlan-interface4
ip address 192.168.45.254 255.255.255.0
#
interface Vlan-interface5
ip address 192.168.40.254 255.255.255.0
#
interface Vlan-interface6
ip address 192.168.15.254 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/2
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/3
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/4
packet-filter outbound ip-group 2001 rule 0
packet-filter outbound ip-group 2001 rule 1
packet-filter outbound ip-group 2001 rule 2
#
interface Ethernet1/0/5
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/6
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/7
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/8
port access vlan 2
packet-filter outbound ip-group 2002 rule 0
packet-filter outbound ip-group 2002 rule 1
packet-filter outbound ip-group 2002 rule 2
#
interface Ethernet1/0/9
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/10
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/11
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/12
port access vlan 3
packet-filter outbound ip-group 2003 rule 0
packet-filter outbound ip-group 2003 rule 1
packet-filter outbound ip-group 2003 rule 2
#
interface Ethernet1/0/13
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/14
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/15
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/16
port access vlan 4
packet-filter outbound ip-group 2004 rule 0
packet-filter outbound ip-group 2004 rule 1
packet-filter outbound ip-group 2004 rule 2
#
interface Ethernet1/0/17
port access vlan 5
#
interface Ethernet1/0/18
port access vlan 5
#
interface Ethernet1/0/19
port access vlan 5
#
interface Ethernet1/0/20
port access vlan 5
#
interface Ethernet1/0/21
port access vlan 5
#
interface Ethernet1/0/22
port access vlan 5
#
interface Ethernet1/0/23
port access vlan 5
#
interface Ethernet1/0/24
port access vlan 5
#
interface GigabitEthernet1/1/1
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/2
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/3
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
interface GigabitEthernet1/1/4
port access vlan 6
packet-filter outbound ip-group 2005 rule 0
packet-filter outbound ip-group 2005 rule 1
packet-filter outbound ip-group 2005 rule 2
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
user-interface aux 0 7
user-interface vty 0 4
页:
[1]