怎么让某几台电脑不能上网 只能上局域网
原来的配置 原来做了 VPN 对播 和分部互通了 web界面怎么没有mac地址过滤
# version 5.20, Release 2514P04 # sysname sanxie # l2tp enable # ike sa keepalive-timer interval 20 ike sa keepalive-timer timeout 20 # firewall enable # domain default enable system # dns resolve dns proxy enable dns server 61.147.37.1 dns server 61.177.7.1 # telnet server enable # ip ttl-expires enable ip unreachables enable # dar p2p signature-file flash:/p2p_default.mtd # ndp enable # ntdp enable # qos carl 1 destination-ip-address subnet 192.168.11.0 24 per-address qos carl 2 destination-ip-address subnet 192.168.10.0 24 per-address # cluster enable # port-security enable # ip http port 8081 # mirroring-group 1 local # password-recovery enable # acl number 3000 rule 0 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 5 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 10 deny ip source 192.168.12.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 15 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 20 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 25 deny ip source 192.168.12.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 45 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 50 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 55 deny ip source 192.168.12.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 60 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 65 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 70 deny ip source 192.168.12.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 999 permit ip acl number 3102 rule 0 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 15 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 20 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 25 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 30 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 35 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 40 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 45 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 50 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule 55 permit ip source 192.168.12.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 acl number 3333 rule 5 deny ip source 192.168.13.0 0.0.0.255 destination 192.168.0.0 0.0.255.255 rule 10 permit ip # vlan 1 # vlan 10 to 15 # domain system authentication ppp local access-limit disable state active idle-cut disable self-service-url disable ip pool 2 192.168.90.20 192.168.90.50 # ike proposal 10 authentication-algorithm md5 sa duration 5000 # ike dpd 1 # ike peer peer proposal 10 pre-shared-key cipher $c$3$d5XN64pRCq5ggucnZgPHP1G2I/1rPlv4 remote-address ***.*** dynamic nat traversal # ipsec transform-set tran1 encapsulation-mode tunnel transform esp esp authentication-algorithm sha1 esp encryption-algorithm des # ipsec policy use1 10 isakmp connection-name use1.10 security acl 3102 ike-peer peer transform-set tran1 sa duration traffic-based 1843200 sa duration time-based 3600 # dhcp server ip-pool abc # dhcp server ip-pool vlan10 extended network ip range 192.168.10.20 192.168.10.200 network mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 61.177.7.1 61.147.37.1 # dhcp server ip-pool vlan11 extended network ip range 192.168.11.20 192.168.11.200 network mask 255.255.255.0 gateway-list 192.168.11.1 dns-list 61.177.7.1 61.147.37.1 # dhcp server ip-pool vlan12 extended network ip range 192.168.12.20 192.168.12.200 network mask 255.255.255.0 gateway-list 192.168.12.1 dns-list 61.177.7.1 61.147.37.1 # dhcp server ip-pool vlan13 extended network ip range 192.168.13.20 192.168.13.200 network mask 255.255.255.0 gateway-list 192.168.13.1 dns-list 61.177.7.1 61.147.37.1 # dhcp server ip-pool vlan14 extended network ip range 192.168.14.20 192.168.14.100 network mask 255.255.255.0 gateway-list 192.168.14.1 dns-list 61.177.7.1 61.147.37.1 # dhcp server ip-pool vlan15 extended network ip range 192.168.15.20 192.168.15.200 network mask 255.255.255.0 gateway-list 192.168.15.1 dns-list 61.177.7.1 61.147.37.1 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$bTXjhujEQEhsv3cVxXnphobb6wQQeGxfAz4wSHI= authorization-attribute level 3 service-type telnet service-type web local-user sanxie password cipher $c$3$LNinYC99h4W/Q/SStaIYLzHIiFFFMsepsQrsFQ== authorization-attribute level 2 service-type ppp # cwmp undo cwmp enable # ddns policy ***.*** interval 0 0 1 url ***.***/dyndns/update?system=dyndns&hostname=<h>&myip=<a> username root password cipher $c$3$XIQOGAoUCwEEqlMennELelIGbMqezx1UZumW # l2tp-group 1 undo tunnel authentication allow l2tp virtual-template 0 # interface Aux0 async mode flow link-protocol ppp # interface Cellular0/0 async mode protocol link-protocol ppp tcp mss 1024 # interface Virtual-Template0 ppp authentication-mode chap domain system ppp ipcp remote-address forced remote address pool 2 ip address 192.168.90.1 255.255.255.0 # interface NULL0 # interface Vlan-interface10 ip address 192.168.10.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan10 # interface Vlan-interface11 ip address 192.168.11.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan11 # interface Vlan-interface12 ip address 192.168.12.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan12 # interface Vlan-interface13 description wifi-guest ip address 192.168.13.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan13 firewall packet-filter 3333 inbound # interface Vlan-interface14 ip address 192.168.14.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan14 # interface Vlan-interface15 ip address 192.168.15.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan15 # interface GigabitEthernet0/0 port link-mode route nat outbound 3000 nat server 9 protocol tcp global current-interface 444 inside 192.168.15.2 443 nat server 10 protocol tcp global current-interface 81 inside 192.168.14.11 www nat server 11 protocol tcp global current-interface 8001 inside 192.168.14.11 8000 nat server 12 protocol tcp global current-interface 82 inside 192.168.14.12 82 nat server 13 protocol tcp global current-interface 8002 inside 192.168.14.12 8002 nat server 14 protocol tcp global current-interface 83 inside 192.168.14.13 83 nat server 15 protocol tcp global current-interface 8003 inside 192.168.14.13 8003 nat server 2 protocol tcp global current-interface 1554 inside 192.168.14.12 1554 nat server 3 protocol tcp global current-interface 1555 inside 192.168.14.13 1555 nat server 4 protocol tcp global current-interface 2324 inside 192.168.15.2 telnet nat server 1 protocol tcp global current-interface 3390 inside 192.168.10.253 3389 ip address 58.221.125.134 255.255.255.252 tcp mss 1024 ipsec no-nat-process enable ipsec policy use1 qos car inbound carl 1 cir 20000 cbs 1250000 ebs 0 green pass red discard qos car inbound carl 2 cir 20000 cbs 1250000 ebs 0 green pass red discard ddns apply policy ***.*** fqdn ***.*** dns server 61.147.37.1 dns server 61.177.7.1 # interface GigabitEthernet0/1 port link-mode route nat outbound shutdown ip address dhcp-alloc # interface GigabitEthernet0/2 port link-mode bridge mirroring-group 1 monitor-port # interface GigabitEthernet0/3 port link-mode bridge port access vlan 10 # interface GigabitEthernet0/4 port link-mode bridge port access vlan 11 # interface GigabitEthernet0/5 port link-mode bridge port access vlan 12 # interface GigabitEthernet0/6 port link-mode bridge port access vlan 13 # interface GigabitEthernet0/7 port link-mode bridge port access vlan 14 # interface GigabitEthernet0/8 port link-mode bridge port access vlan 15 # interface GigabitEthernet0/9 port link-mode bridge port link-type trunk port trunk permit vlan all mirroring-group 1 mirroring-port both # ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 58.221.125.133 ip route-static 192.168.1.0 255.255.255.0 GigabitEthernet0/0 58.221.125.133 ip route-static 192.168.2.0 255.255.255.0 GigabitEthernet0/0 58.221.125.133 ip route-static 192.168.3.0 255.255.255.0 GigabitEthernet0/0 58.221.125.133 # dhcp enable # arp static 1.1.1.1 1234-1234-abc2 # nms primary monitor-interface GigabitEthernet0/1 # load xml-configuration # load tr069-configuration # user-interface tty 12 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return
(0)
最佳答案
packet-filter 做过滤
http://www.h3c.com/cn/d_201909/1224951_30005_0.htm#_Toc18338294参考这个里面案例
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论