华为
# dhcp server group
group1 dhcp-server 192.168.0.1 0
ip pool vlan2011
gateway-list 192.168.61.254
network 192.168.61.0 mask 255.255.255.0
excluded-ip-address 192.168.61.253
dns-list 114.114.114.114 8.8.8.8
# ip pool vlan2022
gateway-list 192.168.62.254
network 192.168.62.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
acl number 3000
rule 5 permit ip source 192.168.24.0 0.0.0.255
rule 10 permit ip source 192.168.29.0 0.0.0.255
rule 15 permit ip source 192.168.30.0 0.0.0.255
rule 20 permit ip source 192.168.31.0 0.0.0.255
rule 25 permit ip source 192.168.32.0 0.0.0.255
rule 30 permit ip source 192.168.33.0 0.0.0.255
rule 35 permit ip source 192.168.36.0 0.0.0.255
rule 40 permit ip source 192.168.37.0 0.0.0.255
rule 45 permit ip source 192.168.38.0 0.0.0.255
acl number 3001
rule 5 permit ip destination 192.168.0.0 0.0.0.255
rule 6 permit ip destination 192.168.24.0 0.0.0.255
rule 9 permit ip source 192.168.60.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
rule 10 permit ip source 192.168.90.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
rule 11 permit ip source 192.168.46.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 12 permit ip source 192.168.70.0 0.0.0.255 destination 192.168.46.0 0.0.0.255
rule 13 permit ip destination 192.168.46.0 0.0.0.255
rule 14 permit ip destination 192.168.51.0 0.0.0.255
rule 15 permit ip destination 192.168.53.0 0.0.0.255
rule 16 permit ip source 192.168.51.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 17 permit ip source 192.168.53.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 18 permit ip destination 192.168.21.0 0.0.0.255
rule 100 deny ip destination 192.168.0.0 0.0.255.255
acl number 3002
rule 4 permit ip destination 192.168.0.41 0
rule 5 permit ip destination 192.168.0.13 0
rule 10 permit ip destination 192.168.0.24 0
rule 15 permit ip destination 192.168.0.1 0
rule 30 permit ip destination 192.168.0.10 0
rule 35 permit ip destination 192.168.0.205 0
rule 40 permit ip destination 192.168.0.200 0
rule 45 permit ip destination 192.168.0.201 0
rule 50 permit ip destination 192.168.0.202 0
rule 55 permit ip destination 192.168.0.203 0
rule 60 permit ip destination 192.168.0.204 0
rule 65 permit ip destination 192.168.0.210 0
rule 70 permit ip destination 192.168.0.211 0
rule 75 permit ip destination 192.168.0.212 0
rule 80 permit ip destination 192.168.0.213 0
rule 85 permit ip destination 192.168.0.214 0
rule 90 permit ip destination 192.168.0.207 0
rule 95 permit ip destination 192.168.0.208 0
rule 96 permit ip destination 192.168.0.209 0
rule 97 permit ip destination 192.168.0.18 0
rule 98 permit ip destination 192.168.0.215 0
rule 99 permit ip destination 192.168.0.216 0
rule 100 permit ip destination 192.168.24.0 0.0.0.255
rule 105 permit ip destination 192.168.29.0 0.0.0.255
rule 110 permit ip destination 192.168.30.0 0.0.0.255
rule 115 permit ip destination 192.168.31.0 0.0.0.255
rule 120 permit ip destination 192.168.32.0 0.0.0.255
rule 125 permit ip destination 192.168.33.0 0.0.0.255
rule 130 permit ip destination 192.168.36.0 0.0.0.255
rule 135 permit ip destination 192.168.37.0 0.0.0.255
rule 140 permit ip destination 192.168.38.0 0.0.0.255
rule 145 deny ip destination 192.168.0.0 0.0.255.255
acl number 3003
rule 5 deny ip source 192.168.62.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
rule 6 deny ip source 192.168.62.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
rule 10 permit ip
# traffic classifier c1 operator and precedence 5
if-match acl 3000
traffic classifier vlan2 operator or precedence 10
if-match acl 3001
traffic classifier vlan28 operator or precedence 15
if-match acl 3002
# traffic behavior b1
permit redirect ip-nexthop 192.168.0.205
traffic behavior vlan2
permit
statistic enable
traffic behavior vlan28
permit statistic enable
# traffic policy p1 match-order auto
classifier c1 behavior b1
traffic policy vlan2 match-order auto
classifier vlan2 behavior vlan2
traffic policy vlan28 match-order auto
classifier vlan28 behavior vlan28
# drop-profile default
# vlan 2
traffic-policy vlan2 inbound
vlan 3 traffic-policy vlan2 inbound
vlan 4 traffic-policy vlan2 inbound
interface Vlanif2
description manage
dhcp select relay
dhcp relay server-select group1
# interface Vlanif3
description TEST
ip address 172.16.0.2 255.255.255.0
dhcp select relay
dhcp relay server-select group1
# interface Vlanif4
description CW
ip address 192.168.1.254 255.255.255.0
dhcp select relay
dhcp relay server-select group1
# interface Vlanif2006
description GYYW-JiChuang&KongzhiDuan
ip address 192.168.80.254 255.255.254.0
# interface Vlanif2011
ip address 192.168.61.254 255.255.255.0
dhcp select global
interface Vlanif2012
ip address 192.168.62.254 255.255.255.0
dhcp select global
华三
# dhcp server ip-pool 2011
gateway-list 192.168.61.254
network 192.168.61.0 mask 255.255.255.0
ns-list 114.114.114.114 8.8.8.8
forbidden-ip 192.168.61.253
# dhcp server ip-pool 2022
gateway-list 192.168.62.254
network 192.168.62.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8
traffic classifier c1 operator and
if-match acl 3000 #
traffic classifier vlan2 operator or
if-match acl 3001
# traffic classifier vlan28 operator or
if-match acl 3002
# traffic behavior b1
redirect next-hop 192.168.0.205
# traffic behavior vlan2
# traffic behavior vlan28
# qos policy p1
classifier c1 behavior b1
# qos policy v2
classifier vlan2 behavior vlan2
# qos policy vlan28
classifier vlan28 behavior vlan28
qos vlan-policy v2 vlan 2 inbound
qos vlan-policy v2 vlan 4 inbound
qos vlan-policy v2 vlan 5 inbound
interface Vlan-interface2
description manage
dhcp select relay dhcp relay server-address 192.168.0.1
# interface Vlan-interface3
description TEST
ip address 172.16.0.2 255.255.255.0
dhcp select relay dhcp relay server-address 192.168.0.1
# interface Vlan-interface4
description CW
ip address 192.168.1.254 255.255.255.0
dhcp select relay dhcp relay server-address 192.168.0.1
interface Vlan-interface2011
ip address 192.168.61.254 255.255.255.0
dhcp relay pool 2011
# interface Vlan-interface2012
ip address 192.168.62.254 255.255.255.0
dhcp relay pool 2012
华为改成华三那些策略不知道对不对 ,还有个指定grop 组的华三只能指定地址,华为还有个指定全局的不知道我华三写的对不对
(0)
看着没啥问题,可以上模拟器再敲一遍
(0)
我今天按着真机实施的
拿不准,帮忙看下
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
拿不准,帮忙看下