华为s6502及多台s3026交换机配置实例介绍
华为s6502及多台s3026交换机配置实例介绍
运用的DHCP中继,TRUNK,VLAN,ACL,端口绑定等技术:
<Quidway S6502>dis cu
#
sysname Quidway S6502
#
local-server nas-ip 127.0.0.1 key huawei
#
domain default enable system
#
dhcp-server 1 ip 10.139.165.254
#
temperature-limit 0 10 80
#
poe power max-value 2400
#
radius scheme system
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable
#
stp TC-protection enable
#
acl number 3000
rule 0 deny ip
rule 1 permit ip destination 10.139.165.0 0.0.0.255
rule 2 permit tcp destination 10.139.165.2 0 destination-port eq www
rule 3 permit ip destination 10.139.165.1 0
rule 4 permit ip destination 10.139.165.8 0
rule 5 permit ip destination 10.139.165.3 0
rule 6 permit ip destination 10.139.165.4 0
rule 7 permit ip destination 10.139.165.5 0
rule 8 permit ip destination 10.139.165.253 0
acl number 3002
rule 0 deny ip
rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 deny ip source 192.168.1.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
rule 3 permit tcp source 192.168.1.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 4 permit ip source 192.168.1.0 0.0.0.255 destination 10.139.165.1 0
rule 5 permit ip source 192.168.1.4 0
rule 6 permit ip source 192.168.1.1 0
rule 7 permit ip source 192.168.1.2 0
rule 8 permit ip source 192.168.1.3 0
acl number 3003
rule 0 deny ip
rule 1 permit ip source 192.168.2.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 deny ip source 192.168.2.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
rule 3 permit tcp source 192.168.2.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 4 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.1 0
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.8 0
rule 6 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.3 0
rule 7 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.4 0
rule 8 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.5 0
rule 9 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.253 0
rule 10 permit ip source 192.168.2.1 0
rule 11 permit ip source 192.168.2.2 0
rule 12 permit ip source 192.168.2.3 0
rule 13 permit ip source 192.168.2.4 0
acl number 3004
rule 0 deny ip
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 permit tcp source 192.168.3.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 3 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.1 0
rule 4 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.8 0
rule 5 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.3 0
rule 6 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.4 0
rule 7 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.5 0
rule 8 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.253 0
rule 9 permit ip source 192.168.3.251 0
rule 10 permit ip source 192.168.3.252 0
rule 11 permit ip source 192.168.3.253 0
rule 12 permit ip source 10.139.165.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
acl number 3010
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 10
#
vlan 20
description XINGZHENG&DANGQUN
#
vlan 30
description YINGXIAO
#
vlan 40
description SHENGCHANG
#
interface Vlan-interface1
description NETWORK DEVICE MANAGE DOMAIN
ip address 10.139.165.29 255.255.255.240
#
interface Vlan-interface2
description jienen
ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface3
description kefu
ip address 192.168.2.254 255.255.255.0
#
interface Vlan-interface4
description gongdiansou
ip address 192.168.3.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface5
description caiwu and xunxingongqu
ip address 168.10.0.254 255.255.255.0
ip address 192.168.4.254 255.255.255.0 sub
#
interface Vlan-interface10
description SERVER DOMAIN
ip address 10.139.165.14 255.255.255.240
#
interface Vlan-interface20
description XIANGZHENG&DANGQUN
ip address 10.139.165.62 255.255.255.224
#
interface Vlan-interface30
description YINGXIAO
ip address 10.139.165.126 255.255.255.192
#
interface Vlan-interface40
description SHENGCHANG
ip address 10.139.165.254 255.255.255.128
#
interface Aux0/0/0
#
interface M-Ethernet0/0/0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3003 rule 0 system-index 23
packet-filter inbound ip-group 3003 rule 1 system-index 24
packet-filter inbound ip-group 3003 rule 2 system-index 25
packet-filter inbound ip-group 3003 rule 3 system-index 26
packet-filter inbound ip-group 3003 rule 4 system-index 27
packet-filter inbound ip-group 3003 rule 5 system-index 28
packet-filter inbound ip-group 3003 rule 6 system-index 29
packet-filter inbound ip-group 3003 rule 7 system-index 30
packet-filter inbound ip-group 3003 rule 8 system-index 31
packet-filter inbound ip-group 3003 rule 9 system-index 32
packet-filter inbound ip-group 3003 rule 10 system-index 33
packet-filter inbound ip-group 3003 rule 11 system-index 34
packet-filter inbound ip-group 3003 rule 12 system-index 35
packet-filter inbound ip-group 3003 rule 13 system-index 36
#
interface GigabitEthernet0/0/4
port access vlan 5
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 55
packet-filter inbound ip-group 3000 rule 1 system-index 56
packet-filter inbound ip-group 3000 rule 2 system-index 57
packet-filter inbound ip-group 3000 rule 3 system-index 58
packet-filter inbound ip-group 3000 rule 4 system-index 59
packet-filter inbound ip-group 3000 rule 5 system-index 60
packet-filter inbound ip-group 3000 rule 6 system-index 61
packet-filter inbound ip-group 3000 rule 7 system-index 62
packet-filter inbound ip-group 3000 rule 8 system-index 63
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 64
packet-filter inbound ip-group 3000 rule 1 system-index 65
packet-filter inbound ip-group 3000 rule 2 system-index 66
packet-filter inbound ip-group 3000 rule 3 system-index 67
packet-filter inbound ip-group 3000 rule 4 system-index 68
packet-filter inbound ip-group 3000 rule 5 system-index 69
packet-filter inbound ip-group 3000 rule 6 system-index 70
packet-filter inbound ip-group 3000 rule 7 system-index 71
packet-filter inbound ip-group 3000 rule 8 system-index 72
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 73
packet-filter inbound ip-group 3000 rule 1 system-index 74
packet-filter inbound ip-group 3000 rule 2 system-index 75
packet-filter inbound ip-group 3000 rule 3 system-index 76
packet-filter inbound ip-group 3000 rule 4 system-index 77
packet-filter inbound ip-group 3000 rule 5 system-index 78
packet-filter inbound ip-group 3000 rule 6 system-index 79
packet-filter inbound ip-group 3000 rule 7 system-index 80
packet-filter inbound ip-group 3000 rule 8 system-index 81
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 82
packet-filter inbound ip-group 3000 rule 1 system-index 83
packet-filter inbound ip-group 3000 rule 2 system-index 84
packet-filter inbound ip-group 3000 rule 3 system-index 85
packet-filter inbound ip-group 3000 rule 4 system-index 86
packet-filter inbound ip-group 3000 rule 5 system-index 87
packet-filter inbound ip-group 3000 rule 6 system-index 88
packet-filter inbound ip-group 3000 rule 7 system-index 89
packet-filter inbound ip-group 3000 rule 8 system-index 90
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 91
packet-filter inbound ip-group 3000 rule 1 system-index 92
packet-filter inbound ip-group 3000 rule 2 system-index 93
packet-filter inbound ip-group 3000 rule 3 system-index 94
packet-filter inbound ip-group 3000 rule 4 system-index 95
packet-filter inbound ip-group 3000 rule 5 system-index 96
packet-filter inbound ip-group 3000 rule 6 system-index 97
packet-filter inbound ip-group 3000 rule 7 system-index 98
packet-filter inbound ip-group 3000 rule 8 system-index 99
#
interface GigabitEthernet0/0/12
port access vlan 2
qos
packet-filter inbound ip-group 3002 rule 0 system-index 1
packet-filter inbound ip-group 3002 rule 1 system-index 2
packet-filter inbound ip-group 3002 rule 2 system-index 3
packet-filter inbound ip-group 3002 rule 3 system-index 4
packet-filter inbound ip-group 3002 rule 4 system-index 5
packet-filter inbound ip-group 3002 rule 5 system-index 6
packet-filter inbound ip-group 3002 rule 6 system-index 7
packet-filter inbound ip-group 3002 rule 7 system-index 8
packet-filter inbound ip-group 3002 rule 8 system-index 9
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/0/14
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3004 rule 0 system-index 10
packet-filter inbound ip-group 3004 rule 1 system-index 11
packet-filter inbound ip-group 3004 rule 2 system-index 12
packet-filter inbound ip-group 3004 rule 3 system-index 13
packet-filter inbound ip-group 3004 rule 4 system-index 14
packet-filter inbound ip-group 3004 rule 5 system-index 15
packet-filter inbound ip-group 3004 rule 6 system-index 16
packet-filter inbound ip-group 3004 rule 7 system-index 17
packet-filter inbound ip-group 3004 rule 8 system-index 18
packet-filter inbound ip-group 3004 rule 9 system-index 19
packet-filter inbound ip-group 3004 rule 10 system-index 20
packet-filter inbound ip-group 3004 rule 11 system-index 21
packet-filter inbound ip-group 3004 rule 12 system-index 22
#
interface GigabitEthernet0/0/15
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 46
packet-filter inbound ip-group 3000 rule 1 system-index 47
packet-filter inbound ip-group 3000 rule 2 system-index 48
packet-filter inbound ip-group 3000 rule 3 system-index 49
packet-filter inbound ip-group 3000 rule 4 system-index 50
packet-filter inbound ip-group 3000 rule 5 system-index 51
packet-filter inbound ip-group 3000 rule 6 system-index 52
packet-filter inbound ip-group 3000 rule 7 system-index 53
packet-filter inbound ip-group 3000 rule 8 system-index 54
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3010 rule 0 system-index 37
packet-filter inbound ip-group 3010 rule 1 system-index 38
packet-filter inbound ip-group 3010 rule 2 system-index 39
packet-filter inbound ip-group 3010 rule 3 system-index 40
packet-filter inbound ip-group 3010 rule 4 system-index 41
packet-filter inbound ip-group 3010 rule 5 system-index 42
packet-filter inbound ip-group 3010 rule 6 system-index 43
packet-filter inbound ip-group 3010 rule 7 system-index 44
packet-filter inbound ip-group 3010 rule 8 system-index 45
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.139.165.30 preference 60
#
user-interface aux 0
set authentication password simple xxxxx
user-interface vty 0 4
user privilege level 3
set authentication password simple xxxxx
#
return
#
sysname Quidway S6502
#
local-server nas-ip 127.0.0.1 key huawei
#
domain default enable system
#
dhcp-server 1 ip 10.139.165.254
#
temperature-limit 0 10 80
#
poe power max-value 2400
#
radius scheme system
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable
#
stp TC-protection enable
#
acl number 3000
rule 0 deny ip
rule 1 permit ip destination 10.139.165.0 0.0.0.255
rule 2 permit tcp destination 10.139.165.2 0 destination-port eq www
rule 3 permit ip destination 10.139.165.1 0
rule 4 permit ip destination 10.139.165.8 0
rule 5 permit ip destination 10.139.165.3 0
rule 6 permit ip destination 10.139.165.4 0
rule 7 permit ip destination 10.139.165.5 0
rule 8 permit ip destination 10.139.165.253 0
acl number 3002
rule 0 deny ip
rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 deny ip source 192.168.1.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
rule 3 permit tcp source 192.168.1.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 4 permit ip source 192.168.1.0 0.0.0.255 destination 10.139.165.1 0
rule 5 permit ip source 192.168.1.4 0
rule 6 permit ip source 192.168.1.1 0
rule 7 permit ip source 192.168.1.2 0
rule 8 permit ip source 192.168.1.3 0
acl number 3003
rule 0 deny ip
rule 1 permit ip source 192.168.2.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 deny ip source 192.168.2.0 0.0.0.255 destination 10.139.165.0 0.0.0.255
rule 3 permit tcp source 192.168.2.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 4 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.1 0
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.8 0
rule 6 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.3 0
rule 7 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.4 0
rule 8 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.5 0
rule 9 permit ip source 192.168.2.0 0.0.0.255 destination 10.139.165.253 0
rule 10 permit ip source 192.168.2.1 0
rule 11 permit ip source 192.168.2.2 0
rule 12 permit ip source 192.168.2.3 0
rule 13 permit ip source 192.168.2.4 0
acl number 3004
rule 0 deny ip
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 10.138.0.0 0.1.255.255
rule 2 permit tcp source 192.168.3.0 0.0.0.255 destination 10.139.165.2 0 destination-port eq www
rule 3 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.1 0
rule 4 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.8 0
rule 5 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.3 0
rule 6 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.4 0
rule 7 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.5 0
rule 8 permit ip source 192.168.3.0 0.0.0.255 destination 10.139.165.253 0
rule 9 permit ip source 192.168.3.251 0
rule 10 permit ip source 192.168.3.252 0
rule 11 permit ip source 192.168.3.253 0
rule 12 permit ip source 10.139.165.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
acl number 3010
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 10
#
vlan 20
description XINGZHENG&DANGQUN
#
vlan 30
description YINGXIAO
#
vlan 40
description SHENGCHANG
#
interface Vlan-interface1
description NETWORK DEVICE MANAGE DOMAIN
ip address 10.139.165.29 255.255.255.240
#
interface Vlan-interface2
description jienen
ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface3
description kefu
ip address 192.168.2.254 255.255.255.0
#
interface Vlan-interface4
description gongdiansou
ip address 192.168.3.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface5
description caiwu and xunxingongqu
ip address 168.10.0.254 255.255.255.0
ip address 192.168.4.254 255.255.255.0 sub
#
interface Vlan-interface10
description SERVER DOMAIN
ip address 10.139.165.14 255.255.255.240
#
interface Vlan-interface20
description XIANGZHENG&DANGQUN
ip address 10.139.165.62 255.255.255.224
#
interface Vlan-interface30
description YINGXIAO
ip address 10.139.165.126 255.255.255.192
#
interface Vlan-interface40
description SHENGCHANG
ip address 10.139.165.254 255.255.255.128
#
interface Aux0/0/0
#
interface M-Ethernet0/0/0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3003 rule 0 system-index 23
packet-filter inbound ip-group 3003 rule 1 system-index 24
packet-filter inbound ip-group 3003 rule 2 system-index 25
packet-filter inbound ip-group 3003 rule 3 system-index 26
packet-filter inbound ip-group 3003 rule 4 system-index 27
packet-filter inbound ip-group 3003 rule 5 system-index 28
packet-filter inbound ip-group 3003 rule 6 system-index 29
packet-filter inbound ip-group 3003 rule 7 system-index 30
packet-filter inbound ip-group 3003 rule 8 system-index 31
packet-filter inbound ip-group 3003 rule 9 system-index 32
packet-filter inbound ip-group 3003 rule 10 system-index 33
packet-filter inbound ip-group 3003 rule 11 system-index 34
packet-filter inbound ip-group 3003 rule 12 system-index 35
packet-filter inbound ip-group 3003 rule 13 system-index 36
#
interface GigabitEthernet0/0/4
port access vlan 5
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 55
packet-filter inbound ip-group 3000 rule 1 system-index 56
packet-filter inbound ip-group 3000 rule 2 system-index 57
packet-filter inbound ip-group 3000 rule 3 system-index 58
packet-filter inbound ip-group 3000 rule 4 system-index 59
packet-filter inbound ip-group 3000 rule 5 system-index 60
packet-filter inbound ip-group 3000 rule 6 system-index 61
packet-filter inbound ip-group 3000 rule 7 system-index 62
packet-filter inbound ip-group 3000 rule 8 system-index 63
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 64
packet-filter inbound ip-group 3000 rule 1 system-index 65
packet-filter inbound ip-group 3000 rule 2 system-index 66
packet-filter inbound ip-group 3000 rule 3 system-index 67
packet-filter inbound ip-group 3000 rule 4 system-index 68
packet-filter inbound ip-group 3000 rule 5 system-index 69
packet-filter inbound ip-group 3000 rule 6 system-index 70
packet-filter inbound ip-group 3000 rule 7 system-index 71
packet-filter inbound ip-group 3000 rule 8 system-index 72
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 73
packet-filter inbound ip-group 3000 rule 1 system-index 74
packet-filter inbound ip-group 3000 rule 2 system-index 75
packet-filter inbound ip-group 3000 rule 3 system-index 76
packet-filter inbound ip-group 3000 rule 4 system-index 77
packet-filter inbound ip-group 3000 rule 5 system-index 78
packet-filter inbound ip-group 3000 rule 6 system-index 79
packet-filter inbound ip-group 3000 rule 7 system-index 80
packet-filter inbound ip-group 3000 rule 8 system-index 81
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 82
packet-filter inbound ip-group 3000 rule 1 system-index 83
packet-filter inbound ip-group 3000 rule 2 system-index 84
packet-filter inbound ip-group 3000 rule 3 system-index 85
packet-filter inbound ip-group 3000 rule 4 system-index 86
packet-filter inbound ip-group 3000 rule 5 system-index 87
packet-filter inbound ip-group 3000 rule 6 system-index 88
packet-filter inbound ip-group 3000 rule 7 system-index 89
packet-filter inbound ip-group 3000 rule 8 system-index 90
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 91
packet-filter inbound ip-group 3000 rule 1 system-index 92
packet-filter inbound ip-group 3000 rule 2 system-index 93
packet-filter inbound ip-group 3000 rule 3 system-index 94
packet-filter inbound ip-group 3000 rule 4 system-index 95
packet-filter inbound ip-group 3000 rule 5 system-index 96
packet-filter inbound ip-group 3000 rule 6 system-index 97
packet-filter inbound ip-group 3000 rule 7 system-index 98
packet-filter inbound ip-group 3000 rule 8 system-index 99
#
interface GigabitEthernet0/0/12
port access vlan 2
qos
packet-filter inbound ip-group 3002 rule 0 system-index 1
packet-filter inbound ip-group 3002 rule 1 system-index 2
packet-filter inbound ip-group 3002 rule 2 system-index 3
packet-filter inbound ip-group 3002 rule 3 system-index 4
packet-filter inbound ip-group 3002 rule 4 system-index 5
packet-filter inbound ip-group 3002 rule 5 system-index 6
packet-filter inbound ip-group 3002 rule 6 system-index 7
packet-filter inbound ip-group 3002 rule 7 system-index 8
packet-filter inbound ip-group 3002 rule 8 system-index 9
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet0/0/14
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3004 rule 0 system-index 10
packet-filter inbound ip-group 3004 rule 1 system-index 11
packet-filter inbound ip-group 3004 rule 2 system-index 12
packet-filter inbound ip-group 3004 rule 3 system-index 13
packet-filter inbound ip-group 3004 rule 4 system-index 14
packet-filter inbound ip-group 3004 rule 5 system-index 15
packet-filter inbound ip-group 3004 rule 6 system-index 16
packet-filter inbound ip-group 3004 rule 7 system-index 17
packet-filter inbound ip-group 3004 rule 8 system-index 18
packet-filter inbound ip-group 3004 rule 9 system-index 19
packet-filter inbound ip-group 3004 rule 10 system-index 20
packet-filter inbound ip-group 3004 rule 11 system-index 21
packet-filter inbound ip-group 3004 rule 12 system-index 22
#
interface GigabitEthernet0/0/15
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 0 system-index 46
packet-filter inbound ip-group 3000 rule 1 system-index 47
packet-filter inbound ip-group 3000 rule 2 system-index 48
packet-filter inbound ip-group 3000 rule 3 system-index 49
packet-filter inbound ip-group 3000 rule 4 system-index 50
packet-filter inbound ip-group 3000 rule 5 system-index 51
packet-filter inbound ip-group 3000 rule 6 system-index 52
packet-filter inbound ip-group 3000 rule 7 system-index 53
packet-filter inbound ip-group 3000 rule 8 system-index 54
#
interface GigabitEthernet0/0/16
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3010 rule 0 system-index 37
packet-filter inbound ip-group 3010 rule 1 system-index 38
packet-filter inbound ip-group 3010 rule 2 system-index 39
packet-filter inbound ip-group 3010 rule 3 system-index 40
packet-filter inbound ip-group 3010 rule 4 system-index 41
packet-filter inbound ip-group 3010 rule 5 system-index 42
packet-filter inbound ip-group 3010 rule 6 system-index 43
packet-filter inbound ip-group 3010 rule 7 system-index 44
packet-filter inbound ip-group 3010 rule 8 system-index 45
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.139.165.30 preference 60
#
user-interface aux 0
set authentication password simple xxxxx
user-interface vty 0 4
user privilege level 3
set authentication password simple xxxxx
#
return
以下为s3026配置,多台设置基本相同,只例一台:
<3026-9>dis cu
#
sysname 3026-9
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
temperature-limit 0 42 65
#
am enable
am user-bind ip-addr 10.139.165.129 interface Ethernet0/17
am user-bind ip-addr 10.139.165.130 interface Ethernet0/18
am user-bind ip-addr 10.139.165.131 interface Ethernet0/19
am user-bind ip-addr 10.139.165.132 interface Ethernet0/20
am user-bind ip-addr 10.139.165.33 interface Ethernet0/1
#
vlan 1
#
vlan 20
description XINGZHENG&DANGQUN
#
vlan 30
description YINGXIAO
#
vlan 40
description SHENGCHANG
#
interface Vlan-interface1
ip address 10.139.165.28 255.255.255.240
#
interface Aux0/0
#
interface Ethernet0/1
port access vlan 20
#
interface Ethernet0/2
port access vlan 20
#
interface Ethernet0/3
port access vlan 20
#
interface Ethernet0/4
port access vlan 20
#
interface Ethernet0/5
port access vlan 20
#
interface Ethernet0/6
port access vlan 20
#
interface Ethernet0/7
port access vlan 20
#
interface Ethernet0/8
port access vlan 20
#
interface Ethernet0/9
port access vlan 30
#
interface Ethernet0/10
port access vlan 30
#
interface Ethernet0/11
port access vlan 30
#
interface Ethernet0/12
port access vlan 30
#
interface Ethernet0/13
port access vlan 30
#
interface Ethernet0/14
port access vlan 30
#
interface Ethernet0/15
port access vlan 30
#
interface Ethernet0/16
port access vlan 30
#
interface Ethernet0/17
port access vlan 40
#
interface Ethernet0/18
port access vlan 40
#
interface Ethernet0/19
port access vlan 40
#
interface Ethernet0/20
port access vlan 40
#
interface Ethernet0/21
port access vlan 40
#
interface Ethernet0/22
port access vlan 40
#
interface Ethernet0/23
port access vlan 40
#
interface Ethernet0/24
port access vlan 40
#
interface GigabitEthernet1/1
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
user-interface aux 0
set authentication password simple xxxxx
user-interface vty 0 4
user privilege level 3
set authentication password simple xxxxx
#
return
#
local-server nas-ip 127.0.0.1 key huawei
#
temperature-limit 0 42 65
#
am enable
am user-bind ip-addr 10.139.165.129 interface Ethernet0/17
am user-bind ip-addr 10.139.165.130 interface Ethernet0/18
am user-bind ip-addr 10.139.165.131 interface Ethernet0/19
am user-bind ip-addr 10.139.165.132 interface Ethernet0/20
am user-bind ip-addr 10.139.165.33 interface Ethernet0/1
#
vlan 1
#
vlan 20
description XINGZHENG&DANGQUN
#
vlan 30
description YINGXIAO
#
vlan 40
description SHENGCHANG
#
interface Vlan-interface1
ip address 10.139.165.28 255.255.255.240
#
interface Aux0/0
#
interface Ethernet0/1
port access vlan 20
#
interface Ethernet0/2
port access vlan 20
#
interface Ethernet0/3
port access vlan 20
#
interface Ethernet0/4
port access vlan 20
#
interface Ethernet0/5
port access vlan 20
#
interface Ethernet0/6
port access vlan 20
#
interface Ethernet0/7
port access vlan 20
#
interface Ethernet0/8
port access vlan 20
#
interface Ethernet0/9
port access vlan 30
#
interface Ethernet0/10
port access vlan 30
#
interface Ethernet0/11
port access vlan 30
#
interface Ethernet0/12
port access vlan 30
#
interface Ethernet0/13
port access vlan 30
#
interface Ethernet0/14
port access vlan 30
#
interface Ethernet0/15
port access vlan 30
#
interface Ethernet0/16
port access vlan 30
#
interface Ethernet0/17
port access vlan 40
#
interface Ethernet0/18
port access vlan 40
#
interface Ethernet0/19
port access vlan 40
#
interface Ethernet0/20
port access vlan 40
#
interface Ethernet0/21
port access vlan 40
#
interface Ethernet0/22
port access vlan 40
#
interface Ethernet0/23
port access vlan 40
#
interface Ethernet0/24
port access vlan 40
#
interface GigabitEthernet1/1
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
user-interface aux 0
set authentication password simple xxxxx
user-interface vty 0 4
user privilege level 3
set authentication password simple xxxxx
#
return