问题描述:
新买回来的 LS-5130-28F-SI 还没安装,不知道什么下手。麻烦帮检查一下我的命令是否正确。命令是用txt文档写的,已经上传附件。谢谢。
组网及组网描述:
整个网络有192.168.1.0-192.168.14.0、192.168.254.0共15个网段,
192.168.1.0-192.168.14.0每个网段都有自己的DHCP服务器
端口1-端口14 划分VLAN 1-14 后面的全部是VLAN100
192.168.1.0-192.168.14.0 分别接在端口1-端口14
192.168.254.0接在后面的端口上
要求是192.168.1.0-192.168.14.0之间不能互访,所有网段与192.168.254.0都能互通。
- 2018-11-08提问
- 举报
-
(0)
附件上传几次了 都没看到 这里手打进来的,麻烦帮看看。谢谢
system-view
#
sysname H3C_LS-5130-28F-SI
#
telnet server enable
#
vlan batch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 100
#
dhcp enable
#
interface Vlanif100
description VLAN 0100 S316
ip address 192.168.254.254 255.255.255.0
dhcp select interface
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif1
description VLAN 0001 S004
ip address 192.168.1.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.1.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif2
description VLAN 0002 S113
ip address 192.168.2.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.2.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif3
description VLAN 0003 S212
ip address 192.168.3.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.3.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif4
description VLAN 0004 S214
ip address 192.168.4.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.4.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif5
description VLAN 0005 S218
ip address 192.168.5.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.5.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif6
description VLAN 0006 S312
ip address 192.168.6.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.6.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif7
description VLAN 0007 S316
ip address 192.168.7.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.7.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif8
description VLAN 0008 S318
ip address 192.168.8.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.8.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif9
description VLAN 0009 S512
ip address 192.168.9.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.9.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif10
description VLAN 0010 S516
ip address 192.168.10.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.10.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif11
description VLAN 0011 S518
ip address 192.168.11.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.11.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif12
description VLAN 0012 S215
ip address 192.168.12.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.12.254
dhcp server dns-list 202.96.134.133 202.96.128.68
#
interface Vlanif13
description VLAN 0013 S513
ip address 192.168.13.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.13.254
dhcp server dns-list 202.96.134.133 202.96.128.68
interface Vlanif14
description VLAN 0014 S_bak
ip address 192.168.14.253 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.13.254
dhcp server dns-list 202.96.134.133 202.96.128.68
quit
#
acl number 3001
rule permit ip
acl number 2001
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.1.0 0.0.0.255
acl number 2002
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.2.0 0.0.0.255
acl number 2003
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.3.0 0.0.0.255
acl number 2004
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.4.0 0.0.0.255
acl number 2005
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.5.0 0.0.0.255
acl number 2006
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.6.0 0.0.0.255
acl number 2007
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.7.0 0.0.0.255
acl number 2008
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.8.0 0.0.0.255
acl number 2009
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.9.0 0.0.0.255
acl number 2010
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.10.0 0.0.0.255
acl number 2011
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.11.0 0.0.0.255
acl number 2012
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.12.0 0.0.0.255
acl number 2013
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.13.0 0.0.0.255
acl number 2014
rule permit source 192.168.254.0 0.0.0.255
rule permit source 192.168.14.0 0.0.0.255
#
quit
#
traffic classifier TC100
if-match acl 3001
#
traffic classifier TC1
if-match acl 2001
#
traffic classifier TC2
if-match acl 2002
#
traffic classifier TC3
if-match acl 2003
#
traffic classifier TC4
if-match acl 2004
#
traffic classifier TC5
if-match acl 2005
#
traffic classifier TC6
if-match acl 2006
#
traffic classifier TC7
if-match acl 2007
#
traffic classifier TC8
if-match acl 2008
#
traffic classifier TC9
if-match acl 2009
#
traffic classifier TC10
if-match acl 2010
#
traffic classifier TC11
if-match acl 2011
#
traffic classifier TC12
if-match acl 2012
#
traffic classifier TC13
if-match acl 2013
#
traffic classifier TC14
if-match acl 2014
#
traffic behavior TB100
permit
#
traffic behavior TB1
permit
#
traffic behavior TB2
permit
#
traffic behavior TB3
permit
#
traffic behavior TB4
permit
#
traffic behavior TB5
permit
#
traffic behavior TB6
permit
#
traffic behavior TB7
permit
#
traffic behavior TB8
permit
#
traffic behavior TB9
permit
#
traffic behavior TB10
permit
#
traffic behavior TB11
permit
#
traffic behavior TB12
permit
#
traffic behavior TB13
permit
#
traffic behavior TB14
permit
#
traffic policy TP100
classifier TC100 behavior TB100
#
traffic policy TP1
classifier TC1 behavior TB1
#
traffic policy TP2
classifier TC2 behavior TB2
#
traffic policy TP3
classifier TC3 behavior TB3
#
traffic policy TP4
classifier TC4 behavior TB4
#
traffic policy TP5
classifier TC5 behavior TB5
#
traffic policy TP6
classifier TC6 behavior TB6
#
traffic policy TP7
classifier TC7 behavior TB7
#
traffic policy TP8
classifier TC8 behavior TB8
#
traffic policy TP9
classifier TC9 behavior TB9
#
traffic policy TP10
classifier TC10 behavior TB10
#
traffic policy TP11
classifier TC11 behavior TB11
#
traffic policy TP12
classifier TC12 behavior TB12
#
traffic policy TP13
classifier TC13 behavior TB13
#
traffic policy TP14
classifier TC14 behavior TB14
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan1
port trunk allow-pass vlan 1
traffic-policy TP1 inbound
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 2
port trunk allow-pass vlan 2
traffic-policy TP2 inbound
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 3
port trunk allow-pass vlan 3
traffic-policy TP3 inbound
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 4
port trunk allow-pass vlan 4
traffic-policy TP4 inbound
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 5
port trunk allow-pass vlan 5
traffic-policy TP5 inbound
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk pvid vlan 6
port trunk allow-pass vlan 6
traffic-policy TP6 inbound
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk pvid vlan 7
port trunk allow-pass vlan 7
traffic-policy TP7 inbound
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk pvid vlan 8
port trunk allow-pass vlan 8
traffic-policy TP8 inbound
#
interface GigabitEthernet0/0/9
port link-type trunk
port trunk pvid vlan 9
port trunk allow-pass vlan 9
traffic-policy TP9 inbound
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
traffic-policy TP10 inbound
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 11
port trunk allow-pass vlan 11
traffic-policy TP11 inbound
#
interface GigabitEthernet0/0/12
port link-type trunk
port trunk pvid vlan 12
port trunk allow-pass vlan 12
traffic-policy TP12 inbound
#
interface GigabitEthernet0/0/13
port link-type trunk
port trunk pvid vlan 13
port trunk allow-pass vlan 13
traffic-policy TP13 inbound
#
interface GigabitEthernet0/0/14
port link-type trunk
port trunk pvid vlan 14
port trunk allow-pass vlan 14
traffic-policy TP14 inbound
#
quit
undo port-group v100
port-group v100
group-member GigabitEthernet0/0/15 to GigabitEthernet0/0/24
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
quit
#
ospf
area 0
network 192.168.254.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 192.168.7.0 0.0.0.255
network 192.168.8.0 0.0.0.255
network 192.168.9.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
network 192.168.14.0 0.0.0.255
#
quit
#
return
//save
//y
- 2018-11-08回答
- 评论(4)
- 举报
-
(0)
qos的方式比较麻烦,可以使用包过滤进行配置,附件是配置连接,可以修改包过滤的默认动作为deny,acl中匹配允许放通的规则,将包过滤下发到接口下。http://www.h3c.com/cn/d_201808/1098219_30005_0.htm#_Toc520795314
acl number 3001 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny 写成这样是否可以?
还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
附件上传几次了 都没看到 这里手打进来的,麻烦帮看看。谢谢 system-view # sysname H3C_LS-5130-28F-SI # telnet server enable # vlan batch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 100 # dhcp enable # interface Vlanif100 description VLAN 0100 S316 ip address 192.168.254.254 255.255.255.0 dhcp select interface dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif1 description VLAN 0001 S004 ip address 192.168.1.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.1.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif2 description VLAN 0002 S113 ip address 192.168.2.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.2.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif3 description VLAN 0003 S212 ip address 192.168.3.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.3.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif4 description VLAN 0004 S214 ip address 192.168.4.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.4.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif5 description VLAN 0005 S218 ip address 192.168.5.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.5.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif6 description VLAN 0006 S312 ip address 192.168.6.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.6.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif7 description VLAN 0007 S316 ip address 192.168.7.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.7.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif8 description VLAN 0008 S318 ip address 192.168.8.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.8.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif9 description VLAN 0009 S512 ip address 192.168.9.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.9.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif10 description VLAN 0010 S516 ip address 192.168.10.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.10.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif11 description VLAN 0011 S518 ip address 192.168.11.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.11.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif12 description VLAN 0012 S215 ip address 192.168.12.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.12.254 dhcp server dns-list 202.96.134.133 202.96.128.68 # interface Vlanif13 description VLAN 0013 S513 ip address 192.168.13.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.13.254 dhcp server dns-list 202.96.134.133 202.96.128.68 interface Vlanif14 description VLAN 0014 S_bak ip address 192.168.14.253 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.13.254 dhcp server dns-list 202.96.134.133 202.96.128.68 quit # acl number 3001 rule permit ip acl number 2001 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.1.0 0.0.0.255 acl number 2002 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.2.0 0.0.0.255 acl number 2003 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.3.0 0.0.0.255 acl number 2004 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.4.0 0.0.0.255 acl number 2005 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.5.0 0.0.0.255 acl number 2006 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.6.0 0.0.0.255 acl number 2007 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.7.0 0.0.0.255 acl number 2008 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.8.0 0.0.0.255 acl number 2009 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.9.0 0.0.0.255 acl number 2010 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.10.0 0.0.0.255 acl number 2011 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.11.0 0.0.0.255 acl number 2012 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.12.0 0.0.0.255 acl number 2013 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.13.0 0.0.0.255 acl number 2014 rule permit source 192.168.254.0 0.0.0.255 rule permit source 192.168.14.0 0.0.0.255 # quit # traffic classifier TC100 if-match acl 3001 # traffic classifier TC1 if-match acl 2001 # traffic classifier TC2 if-match acl 2002 # traffic classifier TC3 if-match acl 2003 # traffic classifier TC4 if-match acl 2004 # traffic classifier TC5 if-match acl 2005 # traffic classifier TC6 if-match acl 2006 # traffic classifier TC7 if-match acl 2007 # traffic classifier TC8 if-match acl 2008 # traffic classifier TC9 if-match acl 2009 # traffic classifier TC10 if-match acl 2010 # traffic classifier TC11 if-match acl 2011 # traffic classifier TC12 if-match acl 2012 # traffic classifier TC13 if-match acl 2013 # traffic classifier TC14 if-match acl 2014 # traffic behavior TB100 permit # traffic behavior TB1 permit # traffic behavior TB2 permit # traffic behavior TB3 permit # traffic behavior TB4 permit # traffic behavior TB5 permit # traffic behavior TB6 permit # traffic behavior TB7 permit # traffic behavior TB8 permit # traffic behavior TB9 permit # traffic behavior TB10 permit # traffic behavior TB11 permit # traffic behavior TB12 permit # traffic behavior TB13 permit # traffic behavior TB14 permit # traffic policy TP100 classifier TC100 behavior TB100 # traffic policy TP1 classifier TC1 behavior TB1 # traffic policy TP2 classifier TC2 behavior TB2 # traffic policy TP3 classifier TC3 behavior TB3 # traffic policy TP4 classifier TC4 behavior TB4 # traffic policy TP5 classifier TC5 behavior TB5 # traffic policy TP6 classifier TC6 behavior TB6 # traffic policy TP7 classifier TC7 behavior TB7 # traffic policy TP8 classifier TC8 behavior TB8 # traffic policy TP9 classifier TC9 behavior TB9 # traffic policy TP10 classifier TC10 behavior TB10 # traffic policy TP11 classifier TC11 behavior TB11 # traffic policy TP12 classifier TC12 behavior TB12 # traffic policy TP13 classifier TC13 behavior TB13 # traffic policy TP14 classifier TC14 behavior TB14 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan1 port trunk allow-pass vlan 1 traffic-policy TP1 inbound # interface GigabitEthernet0/0/2 port link-type trunk port trunk pvid vlan 2 port trunk allow-pass vlan 2 traffic-policy TP2 inbound # interface GigabitEthernet0/0/3 port link-type trunk port trunk pvid vlan 3 port trunk allow-pass vlan 3 traffic-policy TP3 inbound # interface GigabitEthernet0/0/4 port link-type trunk port trunk pvid vlan 4 port trunk allow-pass vlan 4 traffic-policy TP4 inbound # interface GigabitEthernet0/0/5 port link-type trunk port trunk pvid vlan 5 port trunk allow-pass vlan 5 traffic-policy TP5 inbound # interface GigabitEthernet0/0/6 port link-type trunk port trunk pvid vlan 6 port trunk allow-pass vlan 6 traffic-policy TP6 inbound # interface GigabitEthernet0/0/7 port link-type trunk port trunk pvid vlan 7 port trunk allow-pass vlan 7 traffic-policy TP7 inbound # interface GigabitEthernet0/0/8 port link-type trunk port trunk pvid vlan 8 port trunk allow-pass vlan 8 traffic-policy TP8 inbound # interface GigabitEthernet0/0/9 port link-type trunk port trunk pvid vlan 9 port trunk allow-pass vlan 9 traffic-policy TP9 inbound # interface GigabitEthernet0/0/10 port link-type trunk port trunk pvid vlan 10 port trunk allow-pass vlan 10 traffic-policy TP10 inbound # interface GigabitEthernet0/0/11 port link-type trunk port trunk pvid vlan 11 port trunk allow-pass vlan 11 traffic-policy TP11 inbound # interface GigabitEthernet0/0/12 port link-type trunk port trunk pvid vlan 12 port trunk allow-pass vlan 12 traffic-policy TP12 inbound # interface GigabitEthernet0/0/13 port link-type trunk port trunk pvid vlan 13 port trunk allow-pass vlan 13 traffic-policy TP13 inbound # interface GigabitEthernet0/0/14 port link-type trunk port trunk pvid vlan 14 port trunk allow-pass vlan 14 traffic-policy TP14 inbound # quit undo port-group v100 port-group v100 group-member GigabitEthernet0/0/15 to GigabitEthernet0/0/24 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 # quit # ospf area 0 network 192.168.254.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.5.0 0.0.0.255 network 192.168.6.0 0.0.0.255 network 192.168.7.0 0.0.0.255 network 192.168.8.0 0.0.0.255 network 192.168.9.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.11.0 0.0.0.255 network 192.168.12.0 0.0.0.255 network 192.168.13.0 0.0.0.255 network 192.168.14.0 0.0.0.255 # quit # return //save //y
acl number 3001 rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny 写成这样是否可以? 还是应该这样写呢 acl number 3001 ruledeny ip source 192.168.2.0 0.0.0.255 destination 192.168.254.0 0.0.0.255 traffic classifier TC1 if-match acl 3001 traffic behavior TB1 deny