version 5.20, Relea 1207
sysname dunan-s5500 设备重命名
super password level 3 simple abcd123456 设置串口连接密码
domain default enable system说明性文字
telnet rver enable telnet服务开启
loopback-detection enable 环回口连接开启
注释VLAN连接区域
vlan 1
description filerver
vlan 2
description firewall
vlan 10
description erp+sql+other
vlan 20
description caiwu
vlan 30
description waimao
vlan 40
description bigoffice
vlan 50
description jishubu
vlan 60
description erchejian
vlan 70
description huayi
vlan 80
description zongcai
vlan 90
description webr
vlan 130
description wlan
radius scheme system
domain system 说明性文字
access-limit disable
state active
idle-cut disable
lf-rvice-url disable
将ACL规则定义 策略和行为这里和3600是不同的,分为三部
traffic classifier c_vlan operator and if-match acl 3000
traffic classifier a_vlan operator and if-match acl 3001
traffic behavior d_vlan
filter deny
traffic behavior b_vlan
filter deny
qos policy p_vlan
classifier c_vlan behavior b_vlan
qos policy t_vlan
classifier a_vlan behavior d_vlan
设置web访问用户和密码并 定义权限为最高
local-ur h3c
password simple dafm
rvice-type telnet
level 3
建立高级访问控制列表并建立子规则
acl number 3000
rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255
rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255
rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255
rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255
rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255
rule 9 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255
rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255
rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 16 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0.255
rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255
rule 20 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255
rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255
rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0.0.0.255
acl number 3001
rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 3 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255
rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255
rule 7 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255
rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255
配置VLAN网关,实际为设置vlan 间路由
interface NULL0
interface Vlan-interface 1
ip address 192.168.1.1 255.255.255.0
interface Vlan-interface 2
ip address 192.168.2.2 255.255.255.0
interface Vlan-interface 10
ip address 192.168.10.1 255.255.255.0
