2403H-EI pvlan功能实现典型案例

wade2007

组网描述:

PC-------------------2403H-EI---------------SECPATH100N----------------------ADSL猫----------------INTERNET

功能实现:

2403H-EI下挂的1到24口的PC实现两两隔离,都通过25口上行上公网.
2403H-EI 配置

[Quidway]qu
<Quidway>dir
Directory of flash:/

-rwxrwxrwx   1 noone    nogroup   2737939  Apr 02 2000 00:17:58   2403.app
-rwxrwxrwx   1 noone    nogroup         8  Apr 01 2000 23:55:18   snmpboots
-rwxrwxrwx   1 noone    nogroup      3674  Apr 02 2000 00:33:05   vrpcfg.txt
-rwxrwxrwx   1 noone    nogroup    445224  Apr 02 2000 00:01:14   wnm2.2.2-0003.zip   用于WEB网管,若不能WEB网管,检查此目录下是否有此文件.

3381248 bytes total (190464 bytes free)

<Quidway>dis ver
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 3.10, RELEASE 0017
Copyright (c) 2000-2004 HUAWEI TECH CO., LTD.
uptime is 0 week,0 day,0 hour,58 minutes

32M    bytes SDRAM
4096K   bytes Flash Memory
Config Register points to FLASH

Hardware Version is VER.D
Bootrom Version is 109
[Subslot 0] 25 FE        Hardware Version is VER.D


<Quidway>dis cu
#
sysname Quidway
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user telnet                         交换机的telnet和web网管时的用户名和密码
password simple telnet
service-type telnet level 3
#
vlan range 1-511
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 11
#
vlan 12
#
vlan 13
#
vlan 14
#
vlan 15
#
vlan 16
#
vlan 17
#
vlan 18
#
vlan 19
#
vlan 20
#
vlan 21
#
vlan 22
#
vlan 23
#
vlan 24
#
vlan 100
#
vlan 500
#
interface Vlan-interface1                             
ip address 192.168.1.100 255.255.255.0               交换机的管理地址
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 1 100 untagged
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 2 100 untagged
port hybrid pvid vlan 2
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 3 100 untagged
port hybrid pvid vlan 3
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 4 100 untagged
port hybrid pvid vlan 4
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 5 100 untagged
port hybrid pvid vlan 5
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 6 100 untagged
port hybrid pvid vlan 6
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 7 100 untagged
port hybrid pvid vlan 7
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 8 100 untagged
port hybrid pvid vlan 8
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 9 100 untagged
port hybrid pvid vlan 9
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 10 100 untagged
port hybrid pvid vlan 10
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 11 100 untagged
port hybrid pvid vlan 11
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 12 100 untagged
port hybrid pvid vlan 12
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 13 100 untagged
port hybrid pvid vlan 13
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 14 100 untagged
port hybrid pvid vlan 14
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 15 100 untagged
port hybrid pvid vlan 15
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 16 100 untagged
port hybrid pvid vlan 16
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 17 100 untagged
port hybrid pvid vlan 17
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 18 100 untagged
port hybrid pvid vlan 18
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 19 100 untagged
port hybrid pvid vlan 19
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 20 100 untagged
port hybrid pvid vlan 20
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 21 100 untagged
port hybrid pvid vlan 21
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 22 100 untagged
port hybrid pvid vlan 22
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 23 100 untagged
port hybrid pvid vlan 23
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 24 100 untagged
port hybrid pvid vlan 24
#
interface Ethernet0/25                         此端口用于上行,其它端口接PC,实现端口的两两隔离
port link-type hybrid
port hybrid vlan 1 to 24 100 untagged
port hybrid pvid vlan 100
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<Quidway>

wade2007

secpath100N配置

dis ver
Copyright Notice:
All rights reserved (Mar 23 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.30, Release 0004

Copyright (c) 2000-2004 Huawei Tech. Co.,Ltd. All rights reserved.
Quidway SecPath 100N uptime is 0 week, 0 day, 0 hour, 13 minutes

  Router type: SecPath 100N
  CPU type: Mips IDT RC32438 266MHz
  128M bytes DDR SDRAM Memory
  8M bytes Flash Memory
  Pcb      Version:3.0
  Logic    Version:1.0
  BootROM  Version:1.01
  [SLOT 0] 2FE      (Hardware)1.0, (Driver)1.0, (Cpld)1.0
[Quidway]dis cu
#
sysname Quidway
#
local-user telnet
local-user telnet service-type telnet
local-user telnet level 3
#
dialer-rule 1 ip permit
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer1
link-protocol ppp
ppp pap local-user 123 password simple 123
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user quidway
dialer-group 1
dialer bundle 1
nat outbound 2000
#
interface Ethernet0/0
pppoe-client dial-bundle-number 1
#
interface Ethernet0/1
tcp mss 1024
ip address 192.168.1.254 255.255.255.0
firewall packet-filter 3000 inbound
#
interface NULL0
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 deny
#
acl number 3000
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny udp destination-port eq netbios-ns
rule 3 deny udp destination-port eq netbios-dgm
rule 4 deny tcp destination-port eq 139
rule 5 deny tcp destination-port eq 445
rule 6 deny tcp destination-port eq 539
rule 7 deny udp destination-port eq 593
rule 8 deny tcp destination-port eq 593
rule 9 deny udp destination-port eq 1434
rule 10 deny tcp destination-port eq 9996
rule 11 deny tcp destination-port eq 5554
rule 12 deny udp destination-port eq 9996
rule 13 deny udp destination-port eq 5554
rule 14 deny tcp destination-port eq 137
rule 15 deny udp destination-port eq 1025
rule 16 deny tcp destination-port eq 9995
rule 17 deny udp destination-port eq 9995
rule 18 deny udp destination-port eq 1068
rule 19 deny udp destination-port eq 1023
rule 20 deny udp destination-port eq tftp
rule 21 deny udp destination-port eq netbios-ssn
rule 22 deny udp destination-port eq 445
rule 23 deny udp destination-port eq 539
rule 24 deny tcp destination-port eq 4444
rule 25 deny tcp destination-port eq 138
rule 26 deny tcp destination-port eq 1025
rule 27 deny tcp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode local
#
return
[Quidway]