信息产业培训网

基于PVLAN的小区网络配置范例

http://www.miiceic.org.cn   2008-12-4 15:09:58   中程在线   浏览数:
关键字:PVLAN 网络配置 范例

  基于PVLAN的小区网络配置范例

  一、 拓扑结构

  配置说明:(此范例为测试环境),实际为7500E+5510+E126 。

  1、要求每个PC间都进行隔离,PC机数目为300多台,划了2个VLAN。(192.168.0.1/24 ;192.168.1.1/24)

  2、要求所有PC都可以访问服务器网段(172.16.0.0/24)的服务器,譬如VOD

  3、要求服务器网段和管理网段(10.0.0.0/24)进行隔离,提高设备安全性。

  二、配置范例(1):

  1、S5510

  #

  version 5.20, Release 2102

  #

  sysname S5500

  #

  domain default enable system

  #

  telnet server enable

  #

  undo ip redirects

  undo ip ttl-expires

  undo ip unreachables

  #

  vlan 1

  #

  vlan 5 to 6

  #

  vlan 1000

  #

  radius scheme system

  server-type extended

  primary authentication 127.0.0.1 1645

  primary accounting 127.0.0.1 1646

  user-name-format without-domain

  #

  domain system

  access-limit disable

  state active

  idle-cut disable

  self-service-url disable

  #

  traffic classifier tc3001 operator and

  if-match acl 3001

  traffic classifier tc3000 operator and

  if-match acl 3000

  #

  traffic behavior tb-permit

  filter permit

  traffic behavior tb-deny

  filter deny

  #

  qos policy tp1

  classifier tc3000 behavior tb-permit

  classifier tc3001 behavior tb-deny

  #

  dhcp server ip-pool 1

  network 192.168.0.0 mask 255.255.255.0

  gateway-list 192.168.0.1

  dns-list 202.102.134.68

  #

  dhcp server ip-pool 2

  network 192.168.1.0 mask 255.255.255.0

  gateway-list 192.168.1.1

  dns-list 202.102.134.68

  #

  local-user admin

  password simple admin

  service-type telnet

  level 3

  #

  acl number 3000

  rule 0 permit ip destination 192.168.0.1 0.0.255.0

  acl number 3001

  rule 0 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255

  rule 5 deny ip source 192.168.0.0 0.0.255.255 destination 10.0.0.0 0.0.0.255

  rule 10 deny ip source 172.16.0.0 0.0.0.255 destination 10.0.0.0 0.0.0.255

  #

  interface NULL0

  #

  interface Vlan-interface1

  ip address 10.0.0.1 255.255.255.0

  #

  interface Vlan-interface5

  ip address 192.168.0.1 255.255.255.0

  #

  interface Vlan-interface6

  ip address 192.168.1.1 255.255.255.0

  #

  interface Vlan-interface1000

  ip address 172.16.0.1 255.255.255.0

  #

  interface GigabitEthernet1/0/1

  port link-type hybrid

  port hybrid vlan 1 1000 tagged

  port hybrid vlan 5 untagged

  port hybrid pvid vlan 5

  #

  interface GigabitEthernet1/0/2

  port link-type hybrid

  port hybrid vlan 1 1000 tagged

  port hybrid vlan 6 untagged

  port hybrid pvid vlan 6

  #

  interface GigabitEthernet1/0/3

  #

  interface GigabitEthernet1/0/4

  #

  interface GigabitEthernet1/0/5

  #

  interface GigabitEthernet1/0/6

  #

  interface GigabitEthernet1/0/7

  #

  interface GigabitEthernet1/0/8

  #

  interface GigabitEthernet1/0/9

  #

  interface GigabitEthernet1/0/10

  #

  interface GigabitEthernet1/0/11

  #

  interface GigabitEthernet1/0/12

  #

  interface GigabitEthernet1/0/13

  #

  interface GigabitEthernet1/0/14

  #

  interface GigabitEthernet1/0/15

  #

  interface GigabitEthernet1/0/16

  #

  interface GigabitEthernet1/0/17

  #

  interface GigabitEthernet1/0/18

  #

  interface GigabitEthernet1/0/19

  #

  interface GigabitEthernet1/0/20

  #

  interface GigabitEthernet1/0/21

  #

  interface GigabitEthernet1/0/22

  #

  interface GigabitEthernet1/0/23

  #

  interface GigabitEthernet1/0/24

  port access vlan 1001

  #

  interface GigabitEthernet1/0/25

  shutdown

  #

  interface GigabitEthernet1/0/26

  shutdown

  #

  interface GigabitEthernet1/0/27

  shutdown

  #

  interface GigabitEthernet1/0/28

  shutdown

  #

  dhcp enable

  #

  qos vlan-policy tp1 vlan 5 to 6 inbound

  qos vlan-policy tp1 vlan 1000 inbound

  #

  load xml-configuration

  #

  user-interface aux 0

  user-interface vty 0 4

  authentication-mode scheme

  #

  return

  2、S3500

  #

  sysname S3500

  #

  radius scheme system

  server-type huawei

  primary authentication 127.0.0.1 1645

  primary accounting 127.0.0.1 1646

  user-name-format without-domain

  domain system

  radius-scheme system

  access-limit disable

  state active

  vlan-assignment-mode integer

  idle-cut disable

  self-service-url disable

  messenger time disable

  domain default enable system

  #

  local-server nas-ip 127.0.0.1 key huawei

  local-user admin

  password simple admin

  service-type telnet level 1

  #

  vlan 1

  #

  vlan 5

  #

  vlan 101

  #

  vlan 102

  #

  vlan 103

  #

  vlan 104

  #

  vlan 105

  #

  vlan 106

  #

  vlan 107

  #

  vlan 108

  #

  vlan 109

  #

  vlan 110

  #

  vlan 111

  #

  vlan 112

  #

  vlan 113

  #

  vlan 114

  #

  vlan 115

  #

  vlan 116

  #

  vlan 117

  #

  vlan 118

  #

  vlan 119

  #

  vlan 120

  #

  vlan 121

  #

  vlan 122

  #

  vlan 123

  #

  vlan 1000

  #

  interface Vlan-interface1

  ip address 10.0.0.2 255.255.255.0

  #

  interface Aux0/0

  #

  interface Ethernet0/1

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 101 untagged

  port hybrid pvid vlan 101

  #

  interface Ethernet0/2

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 102 untagged

  port hybrid pvid vlan 102

  #

  interface Ethernet0/3

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 103 untagged

  port hybrid pvid vlan 103

  #

  interface Ethernet0/4

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 104 untagged

  port hybrid pvid vlan 104

  #

  interface Ethernet0/5

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 105 untagged

  port hybrid pvid vlan 105

  #

  interface Ethernet0/6

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 106 untagged

  port hybrid pvid vlan 106

  #

  interface Ethernet0/7

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 107 untagged

  port hybrid pvid vlan 107

  #

  interface Ethernet0/8

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 108 untagged

  port hybrid pvid vlan 108

  #

  interface Ethernet0/9

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 109 untagged

  port hybrid pvid vlan 109

  #

  interface Ethernet0/10

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 110 untagged

  port hybrid pvid vlan 110

  #

  interface Ethernet0/11

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 111 untagged

  port hybrid pvid vlan 111

  #

  interface Ethernet0/12

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 112 untagged

  port hybrid pvid vlan 112

  #

  interface Ethernet0/13

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 113 untagged

  port hybrid pvid vlan 113

  #

  interface Ethernet0/14

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 114 untagged

  port hybrid pvid vlan 114

  #

  interface Ethernet0/15

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 115 untagged

  port hybrid pvid vlan 115

  #

  interface Ethernet0/16

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 116 untagged

  port hybrid pvid vlan 116

  #

  interface Ethernet0/17

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 117 untagged

  port hybrid pvid vlan 117

  #

  interface Ethernet0/18

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 118 untagged

  port hybrid pvid vlan 118

  #

  interface Ethernet0/19

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 119 untagged

  port hybrid pvid vlan 119

  #

  interface Ethernet0/20

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 120 untagged

  port hybrid pvid vlan 120

  #

  interface Ethernet0/21

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 121 untagged

  port hybrid pvid vlan 121

  #

  interface Ethernet0/22

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 122 untagged

  port hybrid pvid vlan 122

  #

  interface Ethernet0/23

  port access vlan 1000

  #

  interface Ethernet0/24

  port link-type hybrid

  port hybrid vlan 1 1000 tagged

  port hybrid vlan 5 101 to 123 untagged

  port hybrid pvid vlan 5

  #

  interface NULL0

  #

  ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 60

  #

  user-interface aux 0

  user-interface vty 0 4

  authentication-mode scheme

  user privilege level 3

  #

  Return

  3、S2403

  #

  sysname S2403H

  #

  radius scheme system

  server-type huawei

  primary authentication 127.0.0.1 1645

  primary accounting 127.0.0.1 1646

  user-name-format without-domain

  domain system

  radius-scheme system

  access-limit disable

  state active

  idle-cut disable

  self-service-url disable

  messenger time disable

  domain default enable system

  #

  local-server nas-ip 127.0.0.1 key huawei

  local-user admin

  password simple admin

  service-type telnet level 1

  #

  interface Aux0/0

  #

  vlan 1

  #

  vlan 5

  #

  vlan 201

  #

  vlan 202

  #

  vlan 203

  #

  vlan 204

  #

  vlan 205

  #

  vlan 206

  #

  vlan 207

  #

  vlan 208

  #

  vlan 209

  #

  vlan 210

  #

  vlan 211

  #

  vlan 212

  #

  vlan 213

  #

  vlan 214

  #

  vlan 215

  #

  vlan 216

  #

  vlan 217

  #

  vlan 218

  #

  vlan 219

  #

  vlan 220

  #

  vlan 221

  #

  vlan 222

  #

  vlan 223

  #

  interface Vlan-interface1

  ip address 10.0.0.3 255.255.255.0

  #

  interface Ethernet0/1

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 201 untagged

  port hybrid pvid vlan 201

  #

  interface Ethernet0/2

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 202 untagged

  port hybrid pvid vlan 202

  #

  interface Ethernet0/3

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 203 untagged

  port hybrid pvid vlan 203

  #

  interface Ethernet0/4

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 204 untagged

  port hybrid pvid vlan 204

  #

  interface Ethernet0/5

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 205 untagged

  port hybrid pvid vlan 205

  #

  interface Ethernet0/6

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 206 untagged

  port hybrid pvid vlan 206

  #

  interface Ethernet0/7

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 207 untagged

  port hybrid pvid vlan 207

  #

  interface Ethernet0/8

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 208 untagged

  port hybrid pvid vlan 208

  #

  interface Ethernet0/9

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 209 untagged

  port hybrid pvid vlan 209

  #

  interface Ethernet0/10

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 210 untagged

  port hybrid pvid vlan 210

  #

  interface Ethernet0/11

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 211 untagged

  port hybrid pvid vlan 211

  #

  interface Ethernet0/12

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 212 untagged

  port hybrid pvid vlan 212

  #

  interface Ethernet0/13

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 213 untagged

  port hybrid pvid vlan 213

  #

  interface Ethernet0/14

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 214 untagged

  port hybrid pvid vlan 214

  #

  interface Ethernet0/15

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 215 untagged

  port hybrid pvid vlan 215

  #

  interface Ethernet0/16

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 216 untagged

  port hybrid pvid vlan 216

  #

  interface Ethernet0/17

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 217 untagged

  port hybrid pvid vlan 217

  #

  interface Ethernet0/18

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 218 untagged

  port hybrid pvid vlan 218

  #

  interface Ethernet0/19

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 219 untagged

  port hybrid pvid vlan 219

  #

  interface Ethernet0/20

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 220 untagged

  port hybrid pvid vlan 220

  #

  interface Ethernet0/21

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 221 untagged

  port hybrid pvid vlan 221

  #

  interface Ethernet0/22

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 222 untagged

  port hybrid pvid vlan 222

  #

  interface Ethernet0/23

  #

  interface Ethernet0/24

  port link-type hybrid

  port hybrid vlan 1 tagged

  port hybrid vlan 5 201 to 223 untagged

  port hybrid pvid vlan 5

  #

  interface Ethernet0/25

  #

  interface NULL0

  #

  ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 60

  #

  user-interface aux 0

  user-interface vty 0 4

  authentication-mode scheme

  user privilege level 3

  #

  return

来源:精华文章
相关连接
最新评论
*以下网友发言不代表中程在线网站的观点和看法
    我要评论
    请您注意
    1、遵守中华人民共和国的各项有关法律规定
    2、承担一切因您的行为而导致的法律责任
    3、本网留言管理人员有权删除其管辖留言内容
    4、您在本网的留言本网有权在网站内转载和引用
    5、参与本留言即表明您已经阅读并接受上述条款
    我爱研发网希赛网软件测试网中电华信太平洋电脑网天空网
    电脑爱好者泡泡网华军软件霏凡软件站软件开发网腾讯网
    eNet下载汉化新世纪小熊在线BIOS之家数动连线....[更多]
    关于我们 | 网站地图 | 周边住宿 | 行车路线 | 联系我们 | 网站律师 | 意见反馈 | 虚位以待 | 友情链接
    中程在线(北京)科技有限公司 版权所有
    总 部:北京市海淀区青东商务楼A座西四层
    企业培训部:010-52636110 52636106 就业培训部:010-68716925 68716926
    邮 件:training@miiceic.org.cn
    京ICP备06053134号
    Copyright © 2005-2008 Miiceic.org.cn All Rights Reserved