S5120V2-LI已划分VLAN，有一台电脑PING不通其他VLAN的电脑

已划分若干个VLAN

VLAN10/20为办公室用

VLAN30是无线网络

VLAN40是摄像头

VLAN10/20与VLAN30/40是相互隔离。

但是其中有台办公用的电脑（IP: 10.2.1.234）也接入在VLAN30中

现在那台电脑想连办公室的打印机和专用电脑。

打印机IP为10.1.1.202

专用电脑IP为10.1.1.55

专用电脑可以连接VLAN40，就是连接不上VLAN30

另外说一下，我把所有端口的packet-filter都撤消后，VLAN10中其他电脑可以PING通VLAN30中的IP，但是专用电脑无法PING任何VLAN30

配置如下：

1. 1. 
      version 7.1.070, Release 6126P20
   2. #
   3. sysname SW1
   4. #
   5. clock timezone Lisbon add 00:00:00
   6. clock protocol none
   7. #
   8. telnet server enable
   9. telnet server acl 2000
   10. #
   11. irf mac-address persistent timer
   12. irf auto-update enable
   13. undo irf link-delay
   14. irf member 1 priority 1
   15. #
   16. dhcp enable
   17. #
   18. lldp global enable
   19. #
   20. password-recovery enable
   21. #
   22. vlan 1
   23. #
   24. vlan 10
   25. name office
   26. description office vlan 10
   27. #
   28. vlan 20
   29. name hospital
   30. #
   31. vlan 30
   32. name wifi
   33. #
   34. vlan 40
   35. name camera
   36. #
   37. traffic classifier camera operator and
   38. if-match acl 2003
   39. #
   40. traffic classifier office operator and
   41. if-match acl 2001
   42. #
   43. traffic classifier wifi operator and
   44. if-match acl 2002
   45. #
   46. traffic behavior camera
   47. car cir 51200 cbs 3200000 ebs 0 green pass red remark-dscp-pass default yellow pass
   48. #
   49. traffic behavior office
   50. car cir 51200 cbs 3200000 ebs 0 green pass red remark-dscp-pass default yellow pass
   51. #
   52. traffic behavior wifi
   53. car cir 5120 cbs 320000 ebs 0 green pass red remark-dscp-pass default yellow pass
   54. #
   55. qos policy camera
   56. classifier camera behavior camera
   57. #
   58. qos policy office
   59. classifier wifi behavior office
   60. #
   61. qos policy wifi
   62. classifier wifi behavior wifi
   63. #
   64. stp global enable
   65. #
   66. dhcp class hos
   67. if-match rule 1 hardware-address 00e0-4c10-0000 mask ffff-ffff-0000
   68. #
   69. dhcp server ip-pool ap
   70. gateway-list 10.2.1.1
   71. network 10.2.1.0 mask 255.255.255.0
   72. address range 10.2.1.2 10.2.1.200
   73. dns-list 202.101.224.68 202.101.226.68
   74. forbidden-ip 10.2.1.253
   75. static-bind ip-address 10.2.1.234 mask 255.255.255.0 hardware-address 00e0-4c28-e121
   76. #
   77. dhcp server ip-pool camera
   78. gateway-list 192.168.1.254
   79. network 192.168.1.0 mask 255.255.255.0
   80. network 192.168.2.0 mask 255.255.255.0 secondary
   81.   gateway-list 192.168.2.254
   82. #
   83. dhcp server ip-pool hospital
   84. gateway-list 192.168.0.1
   85. network 192.168.0.0 mask 255.255.255.0
   86. address range 192.168.0.10 192.168.0.200
   87. dns-list 202.101.224.68 202.101.226.68
   88. forbidden-ip 192.168.0.250
   89. #
   90. dhcp server ip-pool office
   91. gateway-list 10.1.1.1
   92. network 10.1.1.0 mask 255.255.255.0
   93. address range 10.1.1.2 10.1.1.200
   94. dns-list 202.101.224.68
   95. static-bind ip-address 10.1.1.55 mask 255.255.255.0 hardware-address 00e0-4c28-e131
   96. #
   97. interface NULL0
   98. #
   99. interface Vlan-interface1
   100. ip address 192.168.10.5 255.255.255.0
   101. #
   102. interface Vlan-interface10
   103. ip address 10.1.1.1 255.255.255.0
   104. dhcp server apply ip-pool office
   105. dhcp client-detect
   106. #
   107. interface Vlan-interface20
   108. ip address 192.168.0.1 255.255.255.0
   109. dhcp server apply ip-pool hospital
   110. dhcp client-detect
   111. #
   112. interface Vlan-interface30
   113. ip address 10.2.1.1 255.255.255.0
   114. dhcp server apply ip-pool ap
   115. dhcp client-detect
   116. #
   117. interface Vlan-interface40
   118. ip address 192.168.1.1 255.255.255.0
   119. ip address 192.168.2.1 255.255.255.0 sub
   120. dhcp server apply ip-pool camera
   121. #
   122. interface GigabitEthernet1/0/1
   123. #
   124. interface GigabitEthernet1/0/2
   125. #
   126. interface GigabitEthernet1/0/3
   127. #
   128. interface GigabitEthernet1/0/4
   129. #
   130. interface GigabitEthernet1/0/5
   131. port access vlan 10
   132. packet-filter 3005 inbound
   133. qos apply policy office inbound 
   134. #
   135. interface GigabitEthernet1/0/6
   136. port access vlan 10
   137. packet-filter 3005 inbound
   138. qos apply policy office inbound 
   139. #
   140. interface GigabitEthernet1/0/7
   141. port access vlan 10
   142. packet-filter 3005 inbound
   143. qos apply policy office inbound 
   144. #
   145. interface GigabitEthernet1/0/8
   146. port access vlan 10
   147. packet-filter 3005 inbound
   148. qos apply policy office inbound 
   149. #
   150. interface GigabitEthernet1/0/9
   151. port access vlan 20
   152. packet-filter 3000 inbound
   153. qos apply policy office inbound 
   154. #
   155. interface GigabitEthernet1/0/10
   156. port access vlan 20
   157. packet-filter 3000 inbound
   158. qos apply policy office inbound 
   159. #
   160. interface GigabitEthernet1/0/11
   161. port access vlan 30
   162. qos apply policy wifi inbound 
   163. #
   164. interface GigabitEthernet1/0/12
   165. port access vlan 30
   166. qos apply policy wifi inbound 
   167. #
   168. interface GigabitEthernet1/0/13
   169. port access vlan 40
   170. qos apply policy camera inbound 
   171. #
   172. interface GigabitEthernet1/0/14
   173. port access vlan 40
   174. qos apply policy camera inbound 
   175. #
   176. interface GigabitEthernet1/0/15
   177. port access vlan 40
   178. qos apply policy camera inbound 
   179. #
   180. interface GigabitEthernet1/0/16
   181. port access vlan 40
   182. qos apply policy camera inbound 
   183. #
   184. interface GigabitEthernet1/0/17
   185. #
   186. interface GigabitEthernet1/0/18
   187. #
   188. interface GigabitEthernet1/0/19
   189. #
   190. interface GigabitEthernet1/0/20
   191. #
   192. scheduler logfile size 16
   193. #
   194. line class aux
   195. user-role network-admin
   196. #
   197. line class vty
   198. user-role network-operator
   199. #
   200. line aux 0
   201. user-role network-admin
   202. #
   203. line vty 0 63
   204. authentication-mode scheme
   205. user-role network-operator
   206. #
   207. ip route-static 0.0.0.0 0 192.168.10.1
   208. #
   209. acl basic 2000
   210. description telnet
   211. rule 0 permit source 10.1.1.55 0
   212. rule 10 deny
   213. #
   214. acl basic 2001
   215. description qos office
   216. rule 0 permit source 10.1.1.0 0.0.0.255
   217. rule 5 permit source 192.168.0.0 0.0.0.255
   218. #
   219. acl basic 2002
   220. description qos wifi
   221. rule 0 permit source 10.2.1.0 0.0.0.255
   222. #
   223. acl basic 2003
   224. description qos camera
   225. rule 0 permit source 192.168.1.0 0.0.0.255
   226. rule 5 permit source 192.168.2.0 0.0.0.255
   227. #
   228. acl advanced 3000
   229. description deny for hospital
   230. rule 5 deny ip destination 192.168.1.0 0.0.0.255
   231. rule 10 deny ip destination 192.168.2.0 0.0.0.255
   232. rule 15 deny ip destination 10.2.1.0 0.0.0.255
   233. #
   234. acl advanced 3005
   235. rule 0 permit ip source 10.1.1.55 0 destination 192.168.1.0 0.0.0.255
   236. rule 5 permit ip source 10.1.1.55 0 destination 192.168.2.0 0.0.0.255
   237. rule 10 permit ip source 10.1.1.55 0 destination 10.2.1.0 0.0.0.255
   238. rule 20 deny ip destination 192.168.1.0 0.0.0.255
   239. rule 25 deny ip destination 192.168.2.0 0.0.0.255
   240. rule 30 deny ip destination 10.2.1.0 0.0.0.255
   241. rule 35 permit ip source 10.1.1.202 0 destination 10.2.1.0 0.0.0.255
   242. rule 45 permit ip source 10.1.1.0 0.0.0.255 destination 10.2.1.234 0
   243. #
   244. radius scheme system
   245. user-name-format without-domain
   246. #
   247. domain system
   248. #
   249. domain default enable system
   250. #
   251. role name level-0
   252. description Predefined level-0 role
   253. #
   254. role name level-1
   255. description Predefined level-1 role
   256. #
   257. role name level-2
   258. description Predefined level-2 role
   259. #
   260. role name level-3
   261. description Predefined level-3 role
   262. #
   263. role name level-4
   264. description Predefined level-4 role
   265. #
   266. role name level-5
   267. description Predefined level-5 role
   268. #
   269. role name level-6
   270. description Predefined level-6 role
   271. #
   272. role name level-7
   273. description Predefined level-7 role
   274. #
   275. role name level-8
   276. description Predefined level-8 role
   277. #
   278. role name level-9
   279. description Predefined level-9 role
   280. #
   281. role name level-10
   282. description Predefined level-10 role
   283. #
   284. role name level-11
   285. description Predefined level-11 role
   286. #
   287. role name level-12
   288. description Predefined level-12 role
   289. #
   290. role name level-13
   291. description Predefined level-13 role
   292. #
   293. role name level-14
   294. description Predefined level-14 role
   295. #
   296. user-group system
   297. #
   298. local-user admin class manage
   299. password hash $h$6$gku821lnksWO7jJb$2l+aY8aMiFAZDgJrSvt7h2DOEMzMxGXMEmLXHhDIwhvaOJV8OY6YzjJOQZfIw4qqY+vNIisuZqDOgmX3g826XQ==
   300. service-type telnet http https
   301. authorization-attribute user-role network-admin
   302. #
   303. ip http enable
   304. ip https enable
   305. #
   306. return