图解华为交换机3528配置
- 格式:doc
- 大小:170.50 KB
- 文档页数:5
目录第1章 MSTP配置..................................................................................................................1-11.1 MSTP简介.........................................................................................................................1-11.1.1 MSTP的协议报文....................................................................................................1-11.1.2 MSTP的基本概念....................................................................................................1-11.1.3 MSTP的基本原理....................................................................................................1-51.1.4 MSTP在交换机上的实现.........................................................................................1-61.2 配置根桥.............................................................................................................................1-71.2.1 配置准备..................................................................................................................1-81.2.2 配置MST域............................................................................................................1-81.2.3 指定当前交换机为根桥或备份根桥..........................................................................1-91.2.4 配置当前交换机的桥优先级...................................................................................1-111.2.5 配置端口对MSTP报文的识别/发送方式...............................................................1-121.2.6 配置MSTP的工作模式.........................................................................................1-131.2.7 配置BPDU报文带VLAN TAG发送特性..............................................................1-141.2.8 BPDU透明传输.....................................................................................................1-151.2.9 VLAN 忽略.............................................................................................................1-161.2.10 配置MD5密文.....................................................................................................1-171.2.11 配置MST域的最大跳数......................................................................................1-181.2.12 配置交换网络的网络直径.....................................................................................1-181.2.13 配置MSTP的时间参数.......................................................................................1-191.2.14 配置超时时间因子...............................................................................................1-211.2.15 配置端口的最大发送速率.....................................................................................1-211.2.16 配置端口为边缘端口............................................................................................1-221.2.17 配置端口是否与点对点链路相连..........................................................................1-241.2.18 开启MSTP特性..................................................................................................1-251.3 配置叶子节点...................................................................................................................1-261.3.1 配置准备................................................................................................................1-271.3.2 配置MST域..........................................................................................................1-271.3.3 配置MSTP的工作模式.........................................................................................1-271.3.4 配置超时时间因子..................................................................................................1-281.3.5 配置端口的最大发送速率.......................................................................................1-281.3.6 配置端口为边缘端口..............................................................................................1-281.3.7 配置端口的路径开销..............................................................................................1-281.3.8 配置端口的优先级..................................................................................................1-291.3.9 配置端口是否与点对点链路相连............................................................................1-301.3.10 开启MSTP特性..................................................................................................1-301.4 执行mCheck操作............................................................................................................1-301.4.1 配置准备................................................................................................................1-311.4.2 配置过程................................................................................................................1-311.4.3 配置举例................................................................................................................1-31 1.5 配置交换机的保护功能.....................................................................................................1-321.5.1 保护功能简介.........................................................................................................1-321.5.2 BPDU保护功能的配置..........................................................................................1-331.5.3 Root保护功能的配置.............................................................................................1-341.5.4 环路保护功能的配置..............................................................................................1-351.5.5 防止TC-BPDU报文攻击配置................................................................................1-35 1.6 配置摘要侦听特性............................................................................................................1-361.6.1 简介.......................................................................................................................1-361.6.2 摘要侦听特性的配置..............................................................................................1-37 1.7 快速迁移特性...................................................................................................................1-381.7.1 简介.......................................................................................................................1-381.7.2 快速迁移配置.........................................................................................................1-39 1.8 BPDU TUNNEL特性的配置.............................................................................................1-411.8.1 简介.......................................................................................................................1-411.8.2 BPDU TUNNEL的配置.........................................................................................1-41 1.9 MSTP显示和维护............................................................................................................1-42 1.10 MSTP典型配置案例......................................................................................................1-42 1.11 BPDU TUNNEL配置典型案例.......................................................................................1-45第1章 MSTP配置1.1 MSTP简介STP(Spanning Tree Protocol,生成树协议)不能使端口状态快速迁移,即使是在点对点链路或边缘端口,也必须等待2倍的Forward delay的时间延迟,端口才能迁移到转发状态。
华为QuidWay交换机配置命令手册1、开始13910093建立本地配置环境,将主机的串口通过配置电缆与以太网交换机的Console口连接。
在主机上运行终端仿真程序(如Windows的超级终端等),设置终端通信参数为:波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控,并选择终端类型为VT100。
以太网交换机上电,终端上显示以太网交换机自检信息,自检结束后提示用户键入回车,之后将出现命令行提示符(如<Quidway>)。
键入命令,配置以太网交换机或查看以太网交换机运行状态。
需要帮助可以随时键入"?"2、命令视图(1)用户视图(查看交换机的简单运行状态和统计信息)<Quidway>:与交换机建立连接即进入(2)系统视图(配置系统参数)[Quidway]:在用户视图下键入system-view(3)以太网端口视图(配置以太网端口参数)[Quidway-Ethernet0/1]:在系统视图下键入interface ethernet 0/0/1(4)VLAN视图(配置VLAN参数)[Quidway-Vlan1]:在系统视图下键入vlan 1(5)VLAN接口视图(配置VLAN和VLAN汇聚对应的IP接口参数)[Quidway-Vlan-interface1]:在系统视图下键入interface vlan-interface 1(6)本地用户视图(配置本地用户参数)[Quidway-luser-user1]:在系统视图下键入local-useruser1(7)用户界面视图(配置用户界面参数)[Quidway-ui0]:在系统视图下键入user-interface3、其他命令设置系统时间和时区<Quidway>clock time Beijing?add 8<Quidway>clock datetime 12:00:00 2005/01/23设置交换机的名称[Quidway]sysname TRAIN-3026-1[TRAIN-3026-1]配置用户登录[Quidway]user-interface vty 0 4[Quidway-ui-vty0]authentication-mode scheme创建本地用户[Quidway]local-user huawei[Quidway-luser-huawei]password simple huawei[Quidway-luser-huawei] service-type telnet level 34、VLAN配置方法『配置环境参数』SwitchA端口E0/1属于VLAN2,E0/2属于VLAN3『组网需求』把交换机端口E0/1加入到VLAN2 ,E0/2加入到VLAN3数据配置步骤『VLAN配置流程』(1)缺省情况下所有端口都属于VLAN 1,并且端口是access端口,一个access端口只能属于一个vlan;(2)如果端口是access端口,则把端口加入到另外一个vlan的同时,系统自动把该端口从原来的vlan中删除掉;(3)除了VLAN1,如果VLAN XX不存在,在系统视图下键入VLAN XX,则创建VLAN XX并进入VLAN视图;如果VLAN XX已经存在,则进入VLAN视图。
目录第1章 802.1x配置.................................................................................................................1-11.1 802.1x简介........................................................................................................................1-11.1.1 802.1x标准简介......................................................................................................1-11.1.2 802.1x体系结构......................................................................................................1-11.1.3 802.1x的认证过程...................................................................................................1-21.1.4 802.1x在以太网交换机中的实现.............................................................................1-31.2 802.1x配置........................................................................................................................1-31.2.1 802.1x配置任务简介...............................................................................................1-31.2.2 开启802.1x特性.....................................................................................................1-41.2.3 设置端口接入控制的模式.........................................................................................1-41.2.4 设置端口接入控制方式............................................................................................1-51.2.5 检测通过代理登录交换机的用户..............................................................................1-61.2.6 设置端口接入用户数量的最大值..............................................................................1-61.2.7 设置允许DHCP触发认证........................................................................................1-71.2.8 设置802.1x用户的认证方法...................................................................................1-71.2.9 开启Guest VLAN功能............................................................................................1-81.2.10 设置802.1x重认证功能.........................................................................................1-81.2.11 设置对802.1x客户端的版本验证功能.................................................................1-101.2.12 设置认证请求帧的最大可重复发送次数...............................................................1-111.2.13 配置定时器参数...................................................................................................1-111.2.14 打开quiet-period定时器......................................................................................1-131.3 802.1x的显示和调试........................................................................................................1-131.4 802.1x典型配置举例........................................................................................................1-13第2章 Portal配置..................................................................................................................2-12.1 Portal简介..........................................................................................................................2-12.1.1 Portal概述...............................................................................................................2-12.1.2 Portal的系统组成....................................................................................................2-12.1.3 Portal认证的过程....................................................................................................2-22.1.4 Portal的认证方式....................................................................................................2-22.1.5 Portal免认证用户与免费IP.....................................................................................2-32.1.6 交换机与用户PC的ARP报文握手.........................................................................2-32.1.7 Portal限速功能........................................................................................................2-32.2 Portal配置任务简介...........................................................................................................2-42.2.1 Portal配置任务简介................................................................................................2-42.3 Portal基本配置..................................................................................................................2-42.3.1 配置准备..................................................................................................................2-42.3.2 Portal基本配置过程................................................................................................2-52.3.3 Portal直接认证方式配置举例..................................................................................2-62.3.4 Portal二次地址分配认证方式配置举例....................................................................2-82.3.5 三层Portal认证方式配置举例.................................................................................2-92.4 Portal免认证用户及免费IP配置.....................................................................................2-112.4.1 配置Portal免认证用户及免费IP...........................................................................2-112.4.2 免认证用户及免费IP配置举例..............................................................................2-112.5 Portal限速功能配置.........................................................................................................2-132.5.1 配置Portal限速功能..............................................................................................2-132.5.2 Portal限速功能配置举例.......................................................................................2-132.6 删除Portal用户...............................................................................................................2-142.6.1 配置删除Portal用户..............................................................................................2-142.6.2 删除Portal用户配置举例......................................................................................2-14第3章 AAA&RADIUS/HWTACACS协议配置........................................................................3-13.1 AAA&RADIUS/HWTACACS协议简介...............................................................................3-13.1.1 AAA概述.................................................................................................................3-13.1.2 RADIUS协议简介....................................................................................................3-13.1.3 HWTACACS协议简介............................................................................................3-43.2 AAA配置............................................................................................................................3-63.2.1 AAA配置简介..........................................................................................................3-63.2.2 创建ISP域..............................................................................................................3-63.2.3 配置ISP域的相关属性............................................................................................3-73.2.4 开启信使提醒功能....................................................................................................3-83.2.5 开启自助服务器定位功能.........................................................................................3-93.2.6 创建本地用户.........................................................................................................3-103.2.7 设置本地用户的属性..............................................................................................3-103.2.8 强制切断用户连接..................................................................................................3-113.2.9 配置动态VLAN下发..............................................................................................3-113.3 RADIUS协议配置............................................................................................................3-123.3.1 RADIUS协议配置简介..........................................................................................3-133.3.2 创建RADIUS方案.................................................................................................3-133.3.3 设置RADIUS服务器的IP地址和端口号..............................................................3-143.3.4 设置RADIUS报文的加密密钥..............................................................................3-153.3.5 设置RADIUS服务器响应超时定时器....................................................................3-153.3.6 设置RADIUS请求报文的最大传送次数................................................................3-163.3.7 打开RADIUS计费可选开关..................................................................................3-163.3.8 设置实时计费间隔..................................................................................................3-173.3.9 设置允许实时计费请求无响应的最大次数.............................................................3-183.3.10 启用停止计费报文缓存功能.................................................................................3-183.3.11 设置停止计费请求报文的最大发送次数...............................................................3-193.3.12 配置设备重启用户再认证功能.............................................................................3-193.3.13 设置支持何种类型的RADIUS服务器..................................................................3-203.3.14 设置RADIUS服务器的状态................................................................................3-213.3.15 设置主RADIUS服务器恢复激活状态的时间间隔...............................................3-223.3.16 设置发送给RADIUS服务器的用户名格式..........................................................3-223.3.17 设置发送给RADIUS服务器的数据流的单位.......................................................3-233.3.18 配置发送RADIUS报文的源地址.........................................................................3-243.3.19 配置本地RADIUS认证服务器............................................................................3-243.4 HWTACACS协议配置.....................................................................................................3-253.4.1 创建HWTACACS方案..........................................................................................3-253.4.2 配置HWTACACS认证服务器...............................................................................3-263.4.3 配置HWTACACS授权服务器...............................................................................3-273.4.4 配置HWTACACS计费服务器...............................................................................3-273.4.5 配置HWTACACS报文的共享密钥.......................................................................3-283.4.6 配置发送给TACACS服务器的数据相关属性........................................................3-293.4.7 配置TACACS服务器的定时器.............................................................................3-293.5 AAA&RADIUS/HWTACACS协议的显示和调试..............................................................3-303.6 AAA&RADIUS/HWTACACS协议典型配置举例..............................................................3-313.6.1 FTP/Telnet用户远端RADIUS服务器认证配置.....................................................3-313.6.2 FTP/Telnet用户本地RADIUS服务器认证配置.....................................................3-333.6.3 配置Telnet用户通过TACACS服务器进行认证和授权........................................3-333.6.4 配置动态VLAN下发..............................................................................................3-343.7 AAA&RADIUS/HWTACACS协议故障的诊断与排除.......................................................3-353.7.1 RADIUS常见配置错误举例...................................................................................3-353.7.2 HWTACACS常见配置错误举例............................................................................3-36第4章 EAD配置....................................................................................................................4-14.1 EAD简介............................................................................................................................4-14.2 EAD配置的典型组网应用..................................................................................................4-14.3 EAD配置............................................................................................................................4-24.4 EAD典型配置过程举例......................................................................................................4-3第5章 HABP特性配置...........................................................................................................5-15.1 HABP特性简介..................................................................................................................5-15.2 HABP特性配置..................................................................................................................5-15.2.1 配置HABP Server...................................................................................................5-15.2.2 配置HABP Client....................................................................................................5-25.3 HABP的显示和调试...........................................................................................................5-25.4 HABP典型配置举例...........................................................................................................5-3第6章 System-gurad防攻击配置...........................................................................................6-16.1 System-guard防攻击特性简介..........................................................................................6-16.1.1 攻击检测与防攻击方式............................................................................................6-16.2 配置System-guard防攻击特性.........................................................................................6-16.2.1 配置System-guard防攻击......................................................................................6-26.3 System-guard显示............................................................................................................6-26.4 System-guard典型配置举例..............................................................................................6-3第1章 802.1x配置1.1 802.1x简介1.1.1 802.1x标准简介IEEE 802.1x标准(以下简称802.1x)是基于端口的网络接入控制(Port BasedNetwork Access Control)协议。
华为交换机配置方法华为交换机是一种高性能网络交换设备,广泛应用于企业、政府机构、教育机构等各种网络环境中。
下面是华为交换机配置的详细方法:登录华为交换机使用终端软件,如SecureCRT或PuTTY,连接到华为交换机的管理口,并输入用户名和密码进行登录。
一般情况下,用户名为admin,密码为admin。
进入系统视图华为交换机采用层级结构的管理视图,系统视图是最高层级的视图。
在登录成功后,可以通过输入system-view命令进入系统视图。
配置基本网络参数在系统视图下,可以配置华为交换机的基本网络参数,包括IP地址、子网掩码、网关和DNS服务器等。
具体命令如下:配置IP地址:interface vlanif 1,ip address 192.168.1.1 24配置网关:ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 配置DNS服务器:ip dns server-address 8.8.8.8其中,vlanif 1是虚拟接口编号,192.168.1.1是华为交换机的IP地址,24是子网掩码的长度,0.0.0.0 0.0.0.0表示默认路由,192.168.1.254是网关的IP地址,8.8.8.8是DNS服务器的IP地址。
配置VLANVLAN是一种虚拟局域网技术,可以将不同的物理端口划分到不同的逻辑网络中。
华为交换机支持IEEE 802.1Q标准的VLAN。
具体命令如下:创建VLAN:vlan batch 10 20配置VLAN接口:interface vlanif 10,ip address 192.168.10.1 24配置端口所属VLAN:interface gigabitethernet 1/0/1,port link-type access,port default vlan 10其中,vlan batch 10 20是批量创建VLAN 10和VLAN 20,interface vlanif 10是VLAN 10的虚拟接口,192.168.10.1是VLAN 10的IP地址,gigabitethernet 1/0/1是物理端口的接口编号。
目录第1章 VLAN配置.............................................................................................................1-11.1 VLAN简介....................................................................................................................1-11.1.1 VLAN概述.........................................................................................................1-11.1.2 VLAN原理.........................................................................................................1-21.2 VLAN配置....................................................................................................................1-31.2.1 VLAN配置任务简介...........................................................................................1-31.2.2 创建VLAN.........................................................................................................1-31.2.3 批量创建VLAN..................................................................................................1-41.2.4 为VLAN指定以太网端口...................................................................................1-41.2.5 为VLAN或VLAN接口指定描述字符.................................................................1-51.2.6 为VLAN命名.....................................................................................................1-51.2.7 创建VLAN接口.................................................................................................1-51.2.8 为VLAN接口指定IP地址和掩码.......................................................................1-61.2.9 打开/关闭VLAN接口.........................................................................................1-61.3 基于协议的VLAN简介.................................................................................................1-71.3.1 基于协议的VLAN概述.......................................................................................1-71.3.2 以太网数据的封装格式.......................................................................................1-71.3.3 交换机对报文协议的判断过程.............................................................................1-91.3.4 各种协议支持的封装格式....................................................................................1-91.3.5 协议VLAN的实现方式......................................................................................1-101.4 基于协议的VLAN配置................................................................................................1-101.4.1 创建VLAN的协议类型......................................................................................1-101.4.2 创建端口与基于协议VLAN的关联....................................................................1-111.5 VLAN配置显示............................................................................................................1-121.6 VLAN典型配置举例....................................................................................................1-12第2章 GARP/GVRP配置.................................................................................................2-12.1 GARP配置...................................................................................................................2-12.1.1 GARP协议简介.................................................................................................2-12.1.2 配置GARP的定时器参数..................................................................................2-22.1.3 GARP显示和调试..............................................................................................2-32.2 GVRP配置...................................................................................................................2-32.2.1 GVRP协议简介.................................................................................................2-32.2.2 全局开启GVRP.................................................................................................2-42.2.3 端口开启GVRP.................................................................................................2-52.2.4 配置GVRP注册类型..........................................................................................2-52.2.5 GVRP显示和调试..............................................................................................2-62.2.6 GVRP典型配置举例..........................................................................................2-6第3章 Super VLAN..........................................................................................................3-13.1 Super VLAN简介.........................................................................................................3-13.2 Super VLAN配置.........................................................................................................3-13.2.1 Super VLAN配置任务简介.................................................................................3-13.2.2 配置VLAN类型为Super VLAN.........................................................................3-13.2.3 配置Sub VLAN..................................................................................................3-23.2.4 配置Super VLAN和Sub VLAN间的映射关系...................................................3-23.3 Super VLAN配置显示..................................................................................................3-33.4 Super VLAN典型配置举例...........................................................................................3-3第4章 VLAN-VPN............................................................................................................4-14.1 VLAN-VPN简介...........................................................................................................4-14.1.1 VLAN-VPN原理介绍..........................................................................................4-14.1.2 VLAN-VPN的实现方式......................................................................................4-14.1.3 VLAN-VPN报文的TPID值可调功能..................................................................4-24.2 VLAN-VPN配置...........................................................................................................4-24.2.1 配置端口的VLAN-VPN功能..............................................................................4-34.2.2 配置端口的VLAN-VPN报文TPID值可调功能...................................................4-34.3 VLAN-VPN典型配置举例.............................................................................................4-4第1章 VLAN配置1.1 VLAN简介1.1.1 VLAN概述传统的以太网是一个平面网络,网络中的所有主机通过HUB或交换机相连,处在同一个广播域中。
交换机配置(一)端口限速基本配置华为3Com 2000_EI、S2000-SI、S3000-SI、S3026E、S3526E、S3528、S3552、S3900、S3050、S5012、S5024、S5600系列:华为交换机端口限速2000_EI系列以上的交换机都可以限速!限速不同的交换机限速的方式不一样!2000_EI直接在端口视图下面输入LINE-RATE (4 )参数可选!端口限速配置1功能需求及组网说明端口限速配置『配置环境参数』1. PC1和PC2的IP地址分别为10.10.1.1/24、10.10.1.2/24『组网需求』1. 在SwitchA上配置端口限速,将PC1的下载速率限制在3Mbps,同时将PC1的上传速率限制在1Mbps2数据配置步骤『S2000EI系列交换机端口限速配置流程』使用以太网物理端口下面的line-rate命令,来对该端口的出、入报文进行流量限速。
【SwitchA相关配置】1. 进入端口E0/1的配置视图[SwitchA]interface Ethernet 0/12. 对端口E0/1的出方向报文进行流量限速,限制到3Mbps[SwitchA- Ethernet0/1]l ine-rate outbound 303. 对端口E0/1的入方向报文进行流量限速,限制到1Mbps[SwitchA- Ethernet0/1]line-rate inbound 16【补充说明】报文速率限制级别取值为1~127。
如果速率限制级别取值在1~28范围内,则速率限制的粒度为64Kbps,这种情况下,当设置的级别为N,则端口上限制的速率大小为N*64K;如果速率限制级别取值在29~127范围内,则速率限制的粒度为1Mbps,这种情况下,当设置的级别为N,则端口上限制的速率大小为(N-27)*1Mbps。
此系列交换机的具体型号包括:S2008-EI、S2016-EI和S2403H-EI。
情况描述:S3528P作为核心交换机,划分VLAN隔离广播PIX525作为防火墙及NA T转换在这个网里有一个WWW服务器是公网IP要求:LAN的用户隔离广播风暴,可以上INTERNET 并且可以用域名访问WWW服务器当然WWW服务器也可以让公网用户访问到,WWW服务器是用主机头+IP+端口号访问的拓扑:配置:1.S3528dis cu#sysname HUAWEI_S3528P#radius scheme systemserver-type huaweiprimary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domaindomain systemradius-scheme systemaccess-limit disablestate activeidle-cut disableself-service-url disablemessenger time disabledomain default enable system#local-server nas-ip 127.0.0.1 key huawei #temperature-limit 0 20 80#dhcp server ip-pool cheduinetwork 192.168.70.0 mask 255.255.255.0 gateway-list 192.168.70.1dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool fuliannetwork 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool govnetwork 192.168.50.0 mask 255.255.255.0 gateway-list 192.168.50.254dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool jiweinetwork 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool shiweinetwork 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool xinfangnetwork 192.168.40.0 mask 255.255.255.0 gateway-list 192.168.40.1dns-list 202.99.224.8 202.99.224.68#dhcp server ip-pool xxzxnetwork 192.168.60.0 mask 255.255.255.0gateway-list 192.168.60.1dns-list 202.99.224.8 202.99.224.68#acl number 2000rule 0 permit source 192.168.0.0 0.0.255.255#acl number 3000 match-order autorule 0 deny udp source-port eq tftp destination-port eq tftprule 1 deny tcp source-port eq 135 destination-port eq 135rule 2 deny udp source-port eq 135 destination-port eq 135rule 3 deny udp source-port eq netbios-ns destination-port eq netbios-ns rule 4 deny udp source-port eq netbios-dgm destination-port eq netbios-dgm rule 5 deny udp source-port eq netbios-ssn destination-port eq netbios-ssn rule 6 deny tcp source-port eq 139 destination-port eq 139rule 7 deny tcp source-port eq 445 destination-port eq 445rule 8 deny tcp source-port eq 593 destination-port eq 593rule 9 deny tcp source-port eq 4444 destination-port eq 5444rule 11 deny tcp destination-port eq 5554rule 12 deny tcp destination-port eq 9995rule 13 deny tcp destination-port eq 9996rule 14 deny tcp destination-port eq 3127rule 15 deny tcp destination-port eq 1025rule 16 deny tcp destination-port eq 137rule 17 deny tcp destination-port eq 138rule 18 deny tcp destination-port eq 5800rule 19 deny tcp destination-port eq 5900rule 20 deny tcp destination-port eq 8998#vlan 1#vlan 100description to-CNC#vlan 200description to-WAN#vlan 300description to-PIX_NAT#vlan 500description to-shiwei#vlan 600description to-GOV#vlan 700description to-jiwei#vlan 800description to-fulian#vlan 900description to-xinfang#vlan 1000description to-xxzx#vlan 1100description to-chedu#interface Vlan-interface100description to CNCip address 61.138.127.133 255.255.255.128 #interface Vlan-interface200description to WANip address 202.99.241.9 255.255.255.248 #interface Vlan-interface300description to pix_natip address 192.168.0.2 255.255.255.248#interface Vlan-interface500description to shiweiip address 192.168.10.1 255.255.255.0#interface Vlan-interface600description to shiweiip address 192.168.50.254 255.255.255.0 #interface Vlan-interface700description to jiweiip address 192.168.20.1 255.255.255.0#interface Vlan-interface800description to fulianip address 192.168.30.1 255.255.255.0#interface Vlan-interface900description to xinfangip address 192.168.40.1 255.255.255.0#interface Vlan-interface1000description to xxzxip address 192.168.60.1 255.255.255.0#interface Vlan-interface1100description to cheduiip address 192.168.70.1 255.255.255.0#interface Aux0/0#interface Ethernet0/1port access vlan 100packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/2port access vlan 200packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/3port access vlan 200packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/4port access vlan 200packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/5port access vlan 200packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/6port access vlan 200packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/7port access vlan 300packet-filter inbound ip-group 3000 rule 0 packet-filter inbound ip-group 3000 rule 1 packet-filter inbound ip-group 3000 rule 2 packet-filter inbound ip-group 3000 rule 3 packet-filter inbound ip-group 3000 rule 4 packet-filter inbound ip-group 3000 rule 5 packet-filter inbound ip-group 3000 rule 6 packet-filter inbound ip-group 3000 rule 7 packet-filter inbound ip-group 3000 rule 8 packet-filter inbound ip-group 3000 rule 9 packet-filter inbound ip-group 3000 rule 11 packet-filter inbound ip-group 3000 rule 12 packet-filter inbound ip-group 3000 rule 13 packet-filter inbound ip-group 3000 rule 14 packet-filter inbound ip-group 3000 rule 15 packet-filter inbound ip-group 3000 rule 16 packet-filter inbound ip-group 3000 rule 17 packet-filter inbound ip-group 3000 rule 18 packet-filter inbound ip-group 3000 rule 19 packet-filter inbound ip-group 3000 rule 20 #interface Ethernet0/8port access vlan 1100packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/9port access vlan 500packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/10port access vlan 600packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/11port access vlan 700packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/12port access vlan 800packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/13port access vlan 900packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/14port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/15port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/16port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/17port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/18port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/19port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/20port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/21port access vlan 1000packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/22packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/23packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14packet-filter inbound ip-group 3000 rule 15packet-filter inbound ip-group 3000 rule 16packet-filter inbound ip-group 3000 rule 17packet-filter inbound ip-group 3000 rule 18packet-filter inbound ip-group 3000 rule 19packet-filter inbound ip-group 3000 rule 20traffic-redirect inbound ip-group 2000 rule 0 next-hop 192.168.0.1 #interface Ethernet0/24packet-filter inbound ip-group 3000 rule 0packet-filter inbound ip-group 3000 rule 1packet-filter inbound ip-group 3000 rule 2packet-filter inbound ip-group 3000 rule 3packet-filter inbound ip-group 3000 rule 4packet-filter inbound ip-group 3000 rule 5packet-filter inbound ip-group 3000 rule 6packet-filter inbound ip-group 3000 rule 7packet-filter inbound ip-group 3000 rule 8packet-filter inbound ip-group 3000 rule 9packet-filter inbound ip-group 3000 rule 11packet-filter inbound ip-group 3000 rule 12packet-filter inbound ip-group 3000 rule 13packet-filter inbound ip-group 3000 rule 14。
目录第1章 IP地址配置.................................................................................................................1-11.1 IP地址简介........................................................................................................................1-11.1.1 IP地址的分类和表示...............................................................................................1-11.1.2 子网和掩码..............................................................................................................1-21.2 IP地址配置........................................................................................................................1-31.2.1 IP地址配置任务简介...............................................................................................1-41.2.2 配置VLAN接口的IP地址.......................................................................................1-41.2.3 配置主机名和对应的IP地址....................................................................................1-41.3 IP地址配置显示.................................................................................................................1-51.4 IP地址典型配置举例..........................................................................................................1-51.5 IP地址配置排错.................................................................................................................1-6第2章 ARP配置....................................................................................................................2-12.1 ARP简介............................................................................................................................2-12.1.1 ARP地址解析的必要性...........................................................................................2-12.1.2 ARP报文结构..........................................................................................................2-12.1.3 ARP表.....................................................................................................................2-22.1.4 ARP地址解析的实现过程........................................................................................2-32.2 ARP基础配置....................................................................................................................2-42.2.1 ARP基础配置任务简介...........................................................................................2-42.2.2 手工添加静态ARP表项..........................................................................................2-42.2.3 配置动态ARP表项的老化时间...............................................................................2-52.2.4 配置ARP表项的检查功能.......................................................................................2-52.2.5 配置ARP转发模式..................................................................................................2-62.2.6 配置每秒上送CPU的ARP请求报文的最大个数....................................................2-62.3 端口ARP报文限速配置.....................................................................................................2-72.3.1 端口ARP报文限速功能简介...................................................................................2-72.3.2 端口ARP报文限速配置..........................................................................................2-72.3.3 端口ARP报文限速典型配置举例............................................................................2-82.4 ARP源抑制配置.................................................................................................................2-92.4.1 ARP源抑制功能简介...............................................................................................2-92.4.2 配置ARP源抑制功能............................................................................................2-102.4.3 配置ARP源抑制增强功能.....................................................................................2-102.4.4 ARP源抑制功能典型配置举例..............................................................................2-112.4.5 ARP源抑制增强功能典型配置举例.......................................................................2-112.5 免费ARP配置.................................................................................................................2-122.5.1 免费ARP简介.......................................................................................................2-122.5.2 配置免费ARP........................................................................................................2-132.6 ARP的显示和维护...........................................................................................................2-13第3章 ARP代理....................................................................................................................3-13.1 ARP代理简介....................................................................................................................3-13.1.1 ARP代理.................................................................................................................3-13.1.2 ARP代理增强..........................................................................................................3-13.2 配置ARP代理...................................................................................................................3-23.2.1 配置ARP代理功能..................................................................................................3-23.2.2 配置ARP代理增强功能..........................................................................................3-33.3 ARP代理显示....................................................................................................................3-3第4章 DHCP概述..................................................................................................................4-14.1 DHCP简介.........................................................................................................................4-14.2 DHCP的IP地址分配.........................................................................................................4-14.2.1 IP地址分配策略.......................................................................................................4-14.2.2 IP地址动态获取过程...............................................................................................4-24.2.3 IP地址的租约更新...................................................................................................4-24.3 DHCP报文格式..................................................................................................................4-34.4 设备对DHCP报文的处理模式...........................................................................................4-44.5 协议规范.............................................................................................................................4-4第5章 DHCP服务器配置.......................................................................................................5-15.1 DHCP服务器简介..............................................................................................................5-15.1.1 DHCP服务器的应用环境........................................................................................5-15.1.2 DHCP地址池...........................................................................................................5-15.1.3 DHCP服务器分配IP地址的优先次序.....................................................................5-25.2 配置基于全局地址池的DHCP服务器................................................................................5-25.2.1 基于全局地址池的DHCP服务器配置任务简介.......................................................5-25.2.2 使能DHCP服务......................................................................................................5-35.2.3 配置接口工作在DHCP服务器全局地址池模式.......................................................5-35.2.4 配置DHCP全局地址池...........................................................................................5-45.2.5 配置DHCP客户端的域名........................................................................................5-65.2.6 配置DHCP服务器支持DNS服务...........................................................................5-65.2.7 配置DHCP服务器支持NetBIOS服务....................................................................5-75.2.8 配置DHCP客户端的网关地址................................................................................5-85.2.9 配置DHCP服务器支持DHCP客户端的自动配置功能...........................................5-85.2.10 配置DHCP自定义选项.......................................................................................5-105.3 配置基于接口地址池的DHCP服务器..............................................................................5-115.3.1 基于接口地址池的DHCP服务器配置任务简介.....................................................5-115.3.2 使能DHCP服务....................................................................................................5-125.3.3 配置接口工作在DHCP服务器接口地址池模式.....................................................5-125.3.4 配置DHCP接口地址池的静态绑定地址................................................................5-135.3.5 配置DHCP接口地址池IP地址租用有效期限.......................................................5-145.3.6 配置DHCP客户端的域名......................................................................................5-145.3.7 配置DHCP服务器支持DNS服务.........................................................................5-155.3.8 配置DHCP服务器支持NetBIOS服务..................................................................5-155.3.9 配置DHCP服务器支持DHCP客户端的自动配置功能.........................................5-175.3.10 配置DHCP自定义选项.......................................................................................5-185.4 配置DHCP地址池中不参与自动分配的IP地址..............................................................5-195.5 配置IP地址重复分配检测功能........................................................................................5-205.6 配置伪DHCP服务器检测功能.........................................................................................5-205.7 DHCP服务器配置显示和维护..........................................................................................5-215.8 DHCP服务器典型配置举例.............................................................................................5-225.9 DHCP服务器常见配置错误举例......................................................................................5-24第6章 DHCP中继配置...........................................................................................................6-16.1 DHCP中继简介..................................................................................................................6-16.1.1 DHCP中继的应用环境............................................................................................6-16.1.2 DHCP中继的基本原理............................................................................................6-16.2 DHCP中继配置..................................................................................................................6-26.2.1 DHCP中继配置任务简介........................................................................................6-26.2.2 使能DHCP服务......................................................................................................6-26.2.3 配置接口工作在DHCP中继模式.............................................................................6-36.2.4 配置DHCP中继转发的DHCP服务器地址.............................................................6-36.2.5 配置DHCP中继轮询功能........................................................................................6-46.2.6 通过DHCP中继释放客户端的IP地址....................................................................6-46.2.7 配置VLAN接口上的DHCP安全特性.....................................................................6-56.2.8 配置DHCP中继的动态安全表项是否有效..............................................................6-56.2.9 配置是否允许自由连接的机器通过DHCP安全检查................................................6-66.2.10 配置DHCP中继的静态安全地址表项...................................................................6-66.2.11 DHCP中继安全表项定时刷新...............................................................................6-76.2.12 配置伪DHCP服务器检测功能..............................................................................6-76.3 DHCP中继配置显示和维护...............................................................................................6-86.4 DHCP中继典型配置举例...................................................................................................6-86.5 DHCP中继常见配置错误举例............................................................................................6-9第7章 DHCP-Snooping配置.................................................................................................7-17.1 DHCP-Snooping简介........................................................................................................7-17.1.1 DHCP-Snooping工作原理......................................................................................7-17.1.2 DHCP-Snooping安全特性......................................................................................7-17.1.3 DHCP-Snooping支持option 82..............................................................................7-27.2 DHCP-Snooping配置........................................................................................................7-57.2.1 配置DHCP-Snooping功能......................................................................................7-57.2.2 配置基于DHCP-Snooping的ARP源检查功能.......................................................7-57.2.3 配置DHCP-Snooping支持option 82功能..............................................................7-57.3 DHCP-Snooping配置显示与调试....................................................................................7-107.4 DHCP-Snooping典型配置举例........................................................................................7-10第8章 DHCP客户端配置.......................................................................................................8-18.1 DHCP客户端简介..............................................................................................................8-18.2 DHCP客户端配置..............................................................................................................8-18.3 DHCP客户端支持otpion 60..............................................................................................8-28.4 DHCP客户端显示和调试...................................................................................................8-2第9章 BOOTP客户端配置.....................................................................................................9-19.1 BOOTP客户端简介............................................................................................................9-19.2 BOOTP客户端配置............................................................................................................9-19.3 BOOTP客户端显示和调试.................................................................................................9-1第10章访问管理配置..........................................................................................................10-110.1 访问管理简介.................................................................................................................10-110.2 访问管理配置.................................................................................................................10-210.2.1 配置访问管理功能...............................................................................................10-210.2.2 配置基于端口的访问管理IP地址池.....................................................................10-210.2.3 配置VLAN内端口间的二层隔离.........................................................................10-310.2.4 配置访问管理告警功能........................................................................................10-310.3 访问管理配置显示..........................................................................................................10-410.4 访问管理配置举例..........................................................................................................10-4第11章 IP性能配置.............................................................................................................11-111.1 IP性能配置....................................................................................................................11-111.1.1 IP性能配置简介...................................................................................................11-111.1.2 FIB简介...............................................................................................................11-111.1.3 配置TCP属性.....................................................................................................11-111.2 IP性能显示和维护..........................................................................................................11-211.3 IP性能配置排错.............................................................................................................11-2第1章 IP地址配置1.1 IP地址简介1.1.1 IP地址的分类和表示IP地址是分配给连接在网络上的设备的一个长度为32bit的地址。
常用的命令!进入系统SYS退出系统QUI查看配置DIS CU保存配置SAVE重启服务器REBOOT ,,操作如下点击开始菜单——程序——附件——通讯—超级终端——出现对话框如下点取消点是然后进入在名称这里取个名字,必须是英文点确定,出现对话框点取消再点是,,出现在连接时使用这边,用COM3,,或是。
点确定就可以进入超级终端,,进入终端后,一般先输入密码,没有密码,最好了,打SYS进入系统,在系统里面给交换机取个名字如;sysname WODEJIAOHUANJI.然后点Enter进入下一步,,设置VLAN、vlan batch 18 22对VLAN进行描述vlan 18 description cmnet {VLAN18说明,中国移动互联网} vlan 22 description boss{VLAN22描述为,连内网} ‘准备华为交换机,数据配置线,用配置线把交换机连接到电脑,用超级终端打开,,,进入系统。
给交换机起名{必须是英文} sysname 名字、设置VLAN、vlan batch 18 22对VLAN进行描述vlan 18 description cmnet {VLAN18说明,中国移动互联网} vlan 22 description boss {VLAN22描述为,连内网} 。
设置管理IP地址interface Vlanif22{接口vlanif22} 、ip address 10.182.13.14 255.255.255.100{IP地址10.182.13.14.255.255.255.100}、下一步我们设置交换机的端口、进入端口一、interface Ethernet0/0/1{以太网端口一}对端口一进行描述即port link-type trunk[端口链路类型,干线]就是总线的意思,内外网信号从这个端口进入交换机、、port trunk allow-pass vlan 18 21 to 22{意思是允许VLAN18VLAN22通过}第一个端口就设置好了、、、对第二个端口进行设置、、、interface Ethernet0/0/2、、、description to boss{描述端口连到内网}、、port link type access{端口链路类型,访问、、意思是端口属于独立网口,只允许一个VLAN通过只能通过内网或外网}、、、port default vlan 22{端口允许端口VLAN22通过,,意思是端口默认的是内网}。
图解华为交换机3528配置华为3528交换机作为我们单位接入层的交换机,开通专网业务时都要对其进行相应的配置,下面我结合一次具体的网络开通工程介绍一下华为3528交换机的配置方法。
一、通过配置口连接交换机如图1 所示,建立本地配置环境,只需将笔记本电脑的串口通过配置电缆与以太网交换机的Console口连接。
图1 通过配置口连接交换机在笔记本电脑上运行超级终端程序,选择与交换机相连的串口,配置终端通信参数为:波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控,如图2 图3 图4所示,再输入登录密码即可登录到交换机上面。
图2图3图4 二、VLAN和TRUNK配置步骤(一)工作目标需要说明一下,今天我们要做的工作是划分VLAN,设置TRUNK口,目标是把交换机上3、4、5、6口属于VLAN570,9口属于VLAN571,10口属于VLAN572,然后把7口属于TRUNK 口。
(TRUNK口的意思是端口可以允许多个VLAN 通过,可以接收和发送多个VLAN 的报文,一般用于设备之间连接;)好了,既然目标明确了,现在就开始工作。
(二)VLAN的简介顺便对VLAN(Virtual Local Area Network,虚拟局域网)技术做一下介绍,它的出现主要为了解决交换机在进行局域网互连时无法限制广播的问题。
这种技术可以把一个LAN划分成多个逻辑的LAN——VLAN,每个VLAN是一个广播域,VLAN内的主机间通信就和在一个LAN内一样,而VLAN间则不能直接互通,这样,广播报文被限制在一个VLAN内,如图5所示。
图5VLAN 的划分不受物理位置的限制:不在同一物理位置范围的主机可以属于同一个VLAN;一个VLAN包含的用户可以连接在同一个交换机上,也可以跨越交换机,甚至可以跨越路由器。
VLAN的优点如下:限制广播域。
广播域被限制在一个VLAN内,节省了带宽,提高了网络处理能力。
增强局域网的安全性。
S3500系列安全智能三层交换机是华为3Com公司为充分满足Quidway® S3500系列安全智能三层交换机包含型号为:S3528G、S3528P 、S3552G、S3552P、S3552F、S3552F-HI。
S3528G/S3528P/S3552G/S3552P交换机的主板提供24/48个10Base-T/100Base-TX自协商以太网端口(RJ-45连接器)及4个GBIC(Gigabit Interface Converter)/SFP(Small Form-Factor Pluggable)模块接口,及1个Console口。
支持220V交流供电或者-48V直流供电,GBIC/SFP 模块接口有单模、多模、电口等不一致传输距离模块可供选择。
S3552F/S3552F-HI交换机的主板提供6个模块插槽,可选配8端口百兆单、多模模块与10Base-T/100Base-TX模块,整机共提供48个百兆单、多模光接口、10Base-T/100Base-TX自协商以太网端口(RJ-45连接器)及4个GBIC模块接口,1个Console口。
支持220V交流供电或者-48V直流供电,GBIC模块接口有单模、多模、电口等不一致传输距离模块可供选择。
◆大容量全线速的多层交换Quidway® S3500系列安全智能三层交换机32Gbps的总线带宽为交换机所有的端口提供三层线速交换能力,系统能够提供4个GE,有效解决了在单台设备上多个千兆链路上行,同时接入千兆服务器的需求,极大的节约了用户对设备投资。
设备最大提供512个子网路由接口,硬件支持层线速交换,能够识别、处理四到七层的应用业务流,所有端口都具有单独的数据包过滤、区分不一致应用流,并根据不一致的流进行不一致的管理与操纵。
◆完备的安全操纵策略Quidway® S3500系列安全智能三层交换机基于最长匹配的路由策略,系统使用逐包转发方式,保证了所有报文均获得相同的转发性能,对“红码病毒”与“冲击波病毒”的攻击具有天生的防御能力,有效保证了设备安全。
#保存配置Switch#write //管理模式下或者Switch_config#write //全局模式下#tftp上传Switch _config#tftp-server //tftp功能使能Switch #copy tftp flashSource file name[]?main.binRemote-server ipaddress[]?192.168.255.8 //同网段才可以上传Destination file name[main.bin]?switch.bin#更改AAA认证登录的用户名和密码switch_config#aaa authentication login default localswitch_config#usernamedahua password dahua#更改当前设备IPmonitor#ip address 171.2.2.247 255.255.0.0switch_config#interfacevlan 1switch_config_v1#ip address 171.2.2.247 255.255.0.0switch_config_v1#quit#更改telnet参数//telnet默认打开Switch _config#ip telnet source-interface vlan1 //telnet 连接均使用vlan1 接口Switch _config#ip telnet listen-port 3001 3005 //除23外,3001到3005的所有端口上接收telnet连接Switch _config#ip telnet script s1 ‘login:’switch ‘Password:’ test//配置s1的登录脚本#VTY配置switch_config# line vty2 3 //进入VTY的2至3号线路配置态switch_config_line#attach-port 3005 //将3005侦听端口绑定到line vty 2 3switch#clear line vty2 //清除指定的线路#SSH配置switch_config# ip access-list standard ssh-acl //配置名为ssh-acl的访问控制列表switch_config_std#permit 192.168.0.7switch_config#aaa authentication login ssh-auth local //设置认证方式switch_config#ipsshdauth-method ssh-auth //设置认证方法列表switch_config#ipsshd access-class ssh-acl //为ssh server配置访问控制列表switch_config#ipsshd enable#设置登录密码认证switch_config#aaa authentication login default localswitch_config#usernamedahua password dahua#显示异常中断信息switch#show break#显示日志switch# show logging#显示当前配置Switch#show running-config可适当过滤Switch#show running-config | include interface //显示当前配置中与端口有关的信息Switch#show running-config | include ip //显示当前配置中与ip有关的信息#显示当前配置文件Switch#show configuration#显示动态MAC地址表Switch_config#show mac address-table#显示动态ARP表Switch_config#show arp#VLAN操作创建/删除vlanSwitch_config#vlan wordSwitch_config#novlan word配置交换机端口Switchportpvidvlanid配置交换机端口的vlan idSwitchport mode 配置交换机的端口模式,博达交换机以太口默认的模式是accessSwitchport trunk vlan-allowed 端口允许通过vlan的范围Switichport trunk vlan-untagged 端口untag的范围创建/删除vlan接口Interface vlanvlan-idNo interface vlanvlan-idSwitch>enableSwitch#configSwitch_config#vlan 2Switch_config_vlan2#quitSwitch_config#interfacefastEthernet 0/2//Switch_config_f0/2#switchport mode access//Switch_config_f0/2#switchport pvid 2Switch_config_f0/2#switchport mode trunkSwitch_config_f0/2#switchport pvid 2Switch_config_f0/2#Switchport trunk vlan-allowed 3 - 5 //输入的list 以‘,’和‘-’作分隔Switch_config_f0/2#switchport trunk vlan-untagged 3#SNMP操作Switch>enableSwitch#configSwitch_config#snmp-server view mib2 mib-2 includedSwitch_config#snmp-server view mib2 mib-2.atexcluded。
图解华为交换机3528配置
华为3528交换机作为我们单位接入层的交换机,开通专网业务时都要对其进行相应的配置,下面我结合一次具体的网络开通工程介绍一下华为3528交换机的配置方法。
一、通过配置口连接交换机
如图1 所示,建立本地配置环境,只需将笔记本电脑的串口通过配置电缆与以太网交换机的Console口连接。
图1 通过配置口连接交换机
在笔记本电脑上运行超级终端程序,选择与交换机相连的串口,配置终端通信参数为:波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控,如图2 图3 图4所示,再输入登录密码即可登录到交换机上面。
图2
图3
图4 二、VLAN和TRUNK配置步骤
(一)工作目标
需要说明一下,今天我们要做的工作是划分VLAN,设置TRUNK口,目标是把交换机上3、4、5、6口属于VLAN570,9口属于VLAN571,10口属于VLAN572,然后把7口属于TRUNK 口。
(TRUNK口的意思是端口可以允许多个VLAN 通过,可以接收和发送多个VLAN 的报文,一般用于设备之间连接;)好了,既然目标明确了,现在就开始工作。
(二)VLAN的简介
顺便对VLAN(Virtual Local Area Network,虚拟局域网)技术做一下介绍,它的出现主要为了解决交换机在进行局域网互连时无法限制广播的问题。
这种技术可以把一个LAN划分成多个逻辑的LAN——VLAN,每个VLAN是一个广播域,VLAN内的主机间通信就和在一个LAN内一样,而VLAN间则不能直接互通,这样,广播报文被限制在一个VLAN内,如图5所示。
图5
VLAN 的划分不受物理位置的限制:不在同一物理位置范围的主机可以属于同一个VLAN;一个VLAN包含的用户可以连接在同一个交换机上,也可以跨越交换机,甚至可以跨越路由器。
VLAN的优点如下:
限制广播域。
广播域被限制在一个VLAN内,节省了带宽,提高了网络处理能力。
增强局域网的安全性。
不同VLAN 内的报文在传输时是相互隔离的,即一个VLAN内的用户不能和其它VLAN内的用户直接通信,如果不同VLAN要进行通信,则需要通过路由器或三层交换机等三层设备, 灵活构建虚拟工作组。
用VLAN可以划分不同的用户到不同的工作组,同一工作组的用户也不必局限于某一固定的物理范围,网络构建和维护更方便灵活。
(三)具体的VLAN配置操作步骤
1、创建VLAN 570、VLAN 571到VLAN 572
1. system-view
2. [Sysname] vlan 570
3. [Sysname-vlan570] quit
4. [Sysname] vlan 571
5. [Sysname-vlan571] quit
6. [Sysname] vlan 572
7. Please wait... Done.
进入Ethernet1/0/3以太网端口视图
1.[Sysname] interface Ethernet 1/0/3
2.[Sysname-Ethernet1/0/3]port acc vlan570
这样端口3就属于了vlan570
1.同样输入命令[Sysname] interface Ethernet 1/0/4
2.[Sysname-Ethernet1/0/4]port acc vlan570
3.[Sysname] interface Ethernet 1/0/5
4.[Sysname-Ethernet1/0/5]port acc vlan570
5.[Sysname] interface Ethernet 1/0/6
6.[Sysname-Ethernet1/0/6]port acc vlan570
这样完成了3、4、5、6VLAN570的划分。
输入命令dis cu 查看当前配置3、4、5、6是否属于vlan570。
2、对9、10进行配置
1.[Sysname] interface Ethernet 1/0/9
2.[Sysname-Ethernet1/0/9]port acc vlan571
3.[Sysname] interface Ethernet 1/0/10
4.[Sysname-Ethernet1/0/10]port acc vlan572
3、最后将7口配置成TRUNK
1.[Sysname] interface Ethernet 1/0/7
2.[Sysname-Ethernet1/0/7] port link-type trunk
3.[Sysname-Ethernet1/0/1] port trunk permit vlan 570 to 572
点击回车,输入命令dis cu 查看当前配置可以看到9口已经属于vlan571 ,10口属于vlan572 ,7口已经属于trunk口允许vlan570到vlan572通过,最后一步输入qu退出,然后最后一步最重要的要存盘,输入save 会出现y/n输入"y
"等待保存。
至此工作完成,这样就可以完成通讯要求。
三、总结
自己的心得是第一明确任务目标,知道自己这次工作要干什么,第二呢!要熟记交换机的命令,如果交换机的命令一时想不起,或者不同型号的交换机命令符也是不同的,可以进入交换机配置后输入命令“?”可以看到命令提示,可以参照进行配置,最后就是要熟练掌握交换机的配置,就要多练,多看一些这方面的书籍。
只有这样才能是自己在工作中能得心应手的处理好问题。