配置實(shí)例:華為交換機(jī)vlan方案說(shuō)明及代碼
配置實(shí)例:華為交換機(jī)vlan方案說(shuō)明及代碼,華為交換機(jī)vlan配置問(wèn)題經(jīng)常遇到,如何合理配置就成了我們關(guān)注的問(wèn)題,本文從方案說(shuō)明:四臺(tái)PC的IP地址、掩碼列表:深入講解了華為交換機(jī)vlan的配置步驟。
數(shù)據(jù)庫(kù)工程師高級(jí)項(xiàng)目經(jīng)理界面設(shè)計(jì)經(jīng)理ChinaItLab2004-4-1保存本文推薦給好友收藏本頁(yè)歡迎進(jìn)入華為社區(qū)論壇,與200萬(wàn)技術(shù)人員互動(dòng)交流>>進(jìn)入使用4臺(tái)PC(pc多和少,原理是一樣的,所以這里我只用了4臺(tái)pc),華為路由器(R2621)、交換機(jī)(S3026e)各一臺(tái),組建一華為交換機(jī)vlan,實(shí)現(xiàn)虛擬網(wǎng)和物理網(wǎng)之間的連接。實(shí)現(xiàn)防火墻策略,和訪問(wèn)控制(ACL)。
方案說(shuō)明:四臺(tái)PC的IP地址、掩碼如下列表:
P1192.168.1.1255.255.255.0網(wǎng)關(guān)IP為192.168.1.5
P2192.168.1.2255.255.255.0網(wǎng)關(guān)IP為192.168.1.5
P3192.168.1.3255.255.255.0網(wǎng)關(guān)IP為192.168.1.6
P4192.168.1.4255.255.255.0網(wǎng)關(guān)IP為192.168.1.6
路由器上Ethernet0的IP為192.168.1.5
Ethernet1的IP為192.168.1.6
firewall設(shè)置默認(rèn)為deny
實(shí)施命令列表:
交換機(jī)上設(shè)置,劃分華為交換機(jī)vlan:
sys
//切換到系統(tǒng)視圖
[Quidway]vlanenable
[Quidway]vlan2
[Quidway-vlan2]porte0/1toe0/8
[Quidway-vlan2]quit
//默認(rèn)所有端口都屬于華為交換機(jī)vlan1,指定交換機(jī)的e0/1到e0/8八個(gè)端口屬于華為交換機(jī)vlan2
[Quidway]vlan3
[Quidway-vlan3]porte0/9toe0/16
[Quidway-vlan3]quit
//指定交換機(jī)的e0/9到e0/16八個(gè)端口屬于華為交換機(jī)vlan3
[Quidway]disvlanall
[Quidway]discu
路由器上華為交換機(jī)vlan設(shè)置,實(shí)現(xiàn)訪問(wèn)控制:
[Router]interfaceethernet0
[Router-Ethernet0]ipaddress192.168.1.5255.255.255.0
[Router-Ethernet0]quit
//指定ethernet0的ip
[Router]interfaceethernet1
[Router-Ethernet1]ipaddress192.168.1.6255.255.255.0
[Router-Ethernet1]quit
//開(kāi)啟firewall,并將默認(rèn)華為交換機(jī)vlan設(shè)置為deny
[Router]fireenable
[Router]firedefaultdeny
//允許192.168.1.1訪問(wèn)192.168.1.3
//firewall策略可根據(jù)需要再進(jìn)行華為交換機(jī)vlan添加
[Router]acl101
[Router-acl-101]rulepermitipsource192.168.1.1255.255.255.0destination192.168.1.3255.255.255.0
[Router-acl-101]quit
//啟用101規(guī)則
[Router-Ethernet0]firepa101
[Router-Ethernet0]quit
[Router-Ethernet1]firepa101
[Router-Ethernet1]quit
