12 3 / 3 页下一页

论坛徽章:: 5

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-12-02 20:00 |只看该作者 |倒序浏览

基于PVLAN的小区网络配置范例
一、拓扑结构

配置说明：（此范例为测试环境），实际为7500E+5510+E126 。
1、要求每个PC间都进行隔离，PC机数目为300多台，划了2个VLAN。（192.168.0.1/24 ;192.168.1.1/24）
2、要求所有PC都可以访问服务器网段(172.16.0.0/24)的服务器,譬如VOD
3、要求服务器网段和管理网段（10.0.0.0/24）进行隔离，提高设备安全性。
二、配置范例(1)：
1、S5510
#
version 5.20, Release 2102
#
sysname S5500
#
domain default enable system
#
telnet server enable
#
undo ip redirects
undo ip ttl-expires
undo ip unreachables
#
vlan 1
#
vlan 5 to 6
#
vlan 1000
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier tc3001 operator and
if-match acl 3001
traffic classifier tc3000 operator and
if-match acl 3000
#
traffic behavior tb-permit
filter permit
traffic behavior tb-deny
filter deny
#
qos policy tp1
classifier tc3000 behavior tb-permit
classifier tc3001 behavior tb-deny
#
dhcp server ip-pool 1
network 192.168.0.0 mask 255.255.255.0
gateway-list 192.168.0.1
dns-list 202.102.134.68
#
dhcp server ip-pool 2
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.102.134.68
#
local-user admin
password simple admin
service-type telnet
level 3
#
acl number 3000
rule 0 permit ip destination 192.168.0.1 0.0.255.0
acl number 3001
rule 0 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 5 deny ip source 192.168.0.0 0.0.255.255 destination 10.0.0.0 0.0.0.255
rule 10 deny ip source 172.16.0.0 0.0.0.255 destination 10.0.0.0 0.0.0.255
#
interface NULL0
#
interface Vlan-interface1
ip address 10.0.0.1 255.255.255.0
#
interface Vlan-interface5
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface6
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface1000
ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 1000 tagged
port hybrid vlan 5 untagged
port hybrid pvid vlan 5
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 1 1000 tagged
port hybrid vlan 6 untagged
port hybrid pvid vlan 6
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
port access vlan 1001
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
dhcp enable
#
qos vlan-policy tp1 vlan 5 to 6 inbound
qos vlan-policy tp1 vlan 1000 inbound
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
2、S3500
#
sysname S3500
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user admin
password simple admin
service-type telnet level 1
#
vlan 1
#
vlan 5
#
vlan 101
#
vlan 102
#
vlan 103
#
vlan 104
#
vlan 105
#
vlan 106
#
vlan 107
#
vlan 108
#
vlan 109
#
vlan 110
#
vlan 111
#
vlan 112
#
vlan 113
#
vlan 114
#
vlan 115
#
vlan 116
#
vlan 117
#
vlan 118
#
vlan 119
#
vlan 120
#
vlan 121
#
vlan 122
#
vlan 123
#
vlan 1000
#
interface Vlan-interface1
ip address 10.0.0.2 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 101 untagged
port hybrid pvid vlan 101
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 102 untagged
port hybrid pvid vlan 102
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 103 untagged
port hybrid pvid vlan 103
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 104 untagged
port hybrid pvid vlan 104
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 105 untagged
port hybrid pvid vlan 105
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 106 untagged
port hybrid pvid vlan 106
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 107 untagged
port hybrid pvid vlan 107
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 108 untagged
port hybrid pvid vlan 108
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 109 untagged
port hybrid pvid vlan 109
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 110 untagged
port hybrid pvid vlan 110
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 111 untagged
port hybrid pvid vlan 111
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 112 untagged
port hybrid pvid vlan 112
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 113 untagged
port hybrid pvid vlan 113
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 114 untagged
port hybrid pvid vlan 114
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 115 untagged
port hybrid pvid vlan 115
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 116 untagged
port hybrid pvid vlan 116
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 117 untagged
port hybrid pvid vlan 117
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 118 untagged
port hybrid pvid vlan 118
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 119 untagged
port hybrid pvid vlan 119
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 120 untagged
port hybrid pvid vlan 120
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 121 untagged
port hybrid pvid vlan 121
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 122 untagged
port hybrid pvid vlan 122
#
interface Ethernet0/23
port access vlan 1000
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 1 1000 tagged
port hybrid vlan 5 101 to 123 untagged
port hybrid pvid vlan 5
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 60
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
Return
3、S2403
#
sysname S2403H
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user admin
password simple admin
service-type telnet level 1
#
interface Aux0/0
#
vlan 1
#
vlan 5
#
vlan 201
#
vlan 202
#
vlan 203
#
vlan 204
#
vlan 205
#
vlan 206
#
vlan 207
#
vlan 208
#
vlan 209
#
vlan 210
#
vlan 211
#
vlan 212
#
vlan 213
#
vlan 214
#
vlan 215
#
vlan 216
#
vlan 217
#
vlan 218
#
vlan 219
#
vlan 220
#
vlan 221
#
vlan 222
#
vlan 223
#
interface Vlan-interface1
ip address 10.0.0.3 255.255.255.0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 201 untagged
port hybrid pvid vlan 201
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 202 untagged
port hybrid pvid vlan 202
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 203 untagged
port hybrid pvid vlan 203
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 204 untagged
port hybrid pvid vlan 204
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 205 untagged
port hybrid pvid vlan 205
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 206 untagged
port hybrid pvid vlan 206
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 207 untagged
port hybrid pvid vlan 207
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 208 untagged
port hybrid pvid vlan 208
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 209 untagged
port hybrid pvid vlan 209
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 210 untagged
port hybrid pvid vlan 210
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 211 untagged
port hybrid pvid vlan 211
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 212 untagged
port hybrid pvid vlan 212
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 213 untagged
port hybrid pvid vlan 213
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 214 untagged
port hybrid pvid vlan 214
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 215 untagged
port hybrid pvid vlan 215
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 216 untagged
port hybrid pvid vlan 216
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 217 untagged
port hybrid pvid vlan 217
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 218 untagged
port hybrid pvid vlan 218
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 219 untagged
port hybrid pvid vlan 219
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 220 untagged
port hybrid pvid vlan 220
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 221 untagged
port hybrid pvid vlan 221
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 222 untagged
port hybrid pvid vlan 222
#
interface Ethernet0/23
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 1 tagged
port hybrid vlan 5 201 to 223 untagged
port hybrid pvid vlan 5
#
interface Ethernet0/25
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1 preference 60
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return

[ 本帖最后由 ssffzz1 于 2008-12-2 20:18 编辑 ]

VLAN, 网络技术, VLAN, 网络技术

pvlan.JPG (15.93 KB, 下载次数: 134)