博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 2094|回复: 6

2403H-EI pvlan功能实现典型案例

[复制链接]
发表于 2008-1-6 16:15:00 | 显示全部楼层 |阅读模式
网描述:

PC-------------------2403H-EI---------------SECPATH100N----------------------ADSL猫----------------INTERNET

功能实现:

2403H-EI下挂的1到24口的PC实现两两隔离,都通过25口上行上公网.
2403H-EI 配置

[Quidway]qu
<Quidway>dir
Directory of flash:/

-rwxrwxrwx   1 noone    nogroup   2737939  Apr 02 2000 00:17:58   2403.app
-rwxrwxrwx   1 noone    nogroup         8  Apr 01 2000 23:55:18   snmpboots
-rwxrwxrwx   1 noone    nogroup      3674  Apr 02 2000 00:33:05   vrpcfg.txt
-rwxrwxrwx   1 noone    nogroup    445224  Apr 02 2000 00:01:14   wnm2.2.2-0003.zip   用于WEB网管,若不能WEB网管,检查此目录下是否有此文件.

3381248 bytes total (190464 bytes free)

<Quidway>dis ver
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 3.10, RELEASE 0017
Copyright (c) 2000-2004 HUAWEI TECH CO., LTD.
uptime is 0 week,0 day,0 hour,58 minutes

32M    bytes SDRAM
4096K   bytes Flash Memory
Config Register points to FLASH

Hardware Version is VER.D
Bootrom Version is 109
[Subslot 0] 25 FE        Hardware Version is VER.D


<Quidway>dis cu
#
sysname Quidway
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
Access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable


domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user telnet                         交换机的telnet和web网管时的用户名和密码
 楼主| 发表于 2008-1-6 16:15:12 | 显示全部楼层
passWord simple telnet
service-type telnet level 3
#
vlan range 1-511
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 11
#
vlan 12
#
vlan 13
#
vlan 14
#
vlan 15
#
vlan 16
#
vlan 17
#
vlan 18
#
vlan 19
#
vlan 20
#
vlan 21
#
vlan 22
#
vlan 23
#
vlan 24
#
vlan 100
#
vlan 500
#
interface Vlan-interface1                             
ip address 192.168.1.100 255.255.255.0               交换机的管理地址
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 1 100 untagged
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 2 100 untagged
port hybrid pvid vlan 2
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 3 100 untagged
port hybrid pvid vlan 3
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 4 100 untagged
port hybrid pvid vlan 4
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 5 100 untagged
port hybrid pvid vlan 5
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 6 100 untagged
port hybrid pvid vlan 6
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 7 100 untagged
port hybrid pvid vlan 7
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 8 100 untagged
port hybrid pvid vlan 8
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 9 100 untagged
port hybrid pvid vlan 9
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 10 100 untagged
 楼主| 发表于 2008-1-6 16:15:28 | 显示全部楼层
port hybrid pvid vlan 10
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 11 100 untagged
port hybrid pvid vlan 11
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 12 100 untagged
port hybrid pvid vlan 12
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 13 100 untagged
port hybrid pvid vlan 13
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 14 100 untagged
port hybrid pvid vlan 14
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 15 100 untagged
port hybrid pvid vlan 15
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 16 100 untagged
port hybrid pvid vlan 16
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 17 100 untagged
port hybrid pvid vlan 17
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 18 100 untagged
port hybrid pvid vlan 18
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 19 100 untagged
port hybrid pvid vlan 19
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 20 100 untagged
port hybrid pvid vlan 20
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 21 100 untagged
port hybrid pvid vlan 21
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 22 100 untagged
port hybrid pvid vlan 22
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 23 100 untagged
port hybrid pvid vlan 23
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 24 100 untagged
port hybrid pvid vlan 24
#
interface Ethernet0/25                         此端口用于上行,其它端口接PC,实现端口的两两隔离
port link-type hybrid
port hybrid vlan 1 to 24 100 untagged
port hybrid pvid vlan 100
 楼主| 发表于 2008-1-6 16:15:46 | 显示全部楼层
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<Quidway>

QQRead.com 推出数据恢复指南教程 数据恢复指南教程 数据恢复故障解析 常用数据恢复方案 硬盘数据恢复教程 数据保护方法 数据恢复软件 专业数据恢复服务指南

secpath100N配置

dis ver
Copyright Notice:
All rights reserved (Mar 23 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.30, Release 0004

Copyright (c) 2000-2004 Huawei Tech. Co.,Ltd. All rights reserved.
Quidway SecPath 100N uptime is 0 week, 0 day, 0 hour, 13 minutes

  Router type: SecPath 100N
  CPU type: Mips IDT RC32438 266MHz
  128M bytes DDR SDRAM Memory
  8M bytes Flash Memory
  Pcb      Version:3.0
  Logic    Version:1.0
  BootROM  Version:1.01
  [SLOT 0] 2FE      (Hardware)1.0, (Driver)1.0, (Cpld)1.0
[Quidway]dis cu
#
sysname Quidway
#
local-user telnet
local-user telnet service-type telnet
local-user telnet level 3
#
dialer-rule 1 ip permit
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer1
link-protocol ppp
ppp pap local-user 123 password simple 123
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user quidway
dialer-group 1
dialer bundle 1
nat outbound 2000
#
interface Ethernet0/0
pppoe-client dial-bundle-number 1
#
interface Ethernet0/1
tcp mss 1024
ip address 192.168.1.254 255.255.255.0
firewall packet-filter 3000 inbound
#
interface NULL0
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 deny
#
acl number 3000
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny udp destination-port eq netbios-ns
rule 3 deny udp destination-port eq netbios-dgm
 楼主| 发表于 2008-1-6 16:15:59 | 显示全部楼层
rule 4 deny tcp destination-port eq 139
rule 5 deny tcp destination-port eq 445
rule 6 deny tcp destination-port eq 539
rule 7 deny udp destination-port eq 593
rule 8 deny tcp destination-port eq 593
rule 9 deny udp destination-port eq 1434
rule 10 deny tcp destination-port eq 9996
rule 11 deny tcp destination-port eq 5554
rule 12 deny udp destination-port eq 9996
rule 13 deny udp destination-port eq 5554
rule 14 deny tcp destination-port eq 137
rule 15 deny udp destination-port eq 1025
rule 16 deny tcp destination-port eq 9995
rule 17 deny udp destination-port eq 9995
rule 18 deny udp destination-port eq 1068
rule 19 deny udp destination-port eq 1023
rule 20 deny udp destination-port eq tFTP
rule 21 deny udp destination-port eq netbios-ssn
rule 22 deny udp destination-port eq 445
rule 23 deny udp destination-port eq 539
rule 24 deny tcp destination-port eq 4444
rule 25 deny tcp destination-port eq 138
rule 26 deny tcp destination-port eq 1025
rule 27 deny tcp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode local
#
return
[Quidway]
 楼主| 发表于 2008-1-6 16:17:24 | 显示全部楼层
全线速的二层交换: 9.6Gbps的总线带宽为交换机所有的端口提供二层线速交换能力,保证所有端口无阻塞的进行报文转发。 完备的安全智能控制策略: S2000-EI系列交换机支持802.1x认证,还可以做认证Server,在用户接入网络时完成必要的身份认证,同时动态的配置VLAN,有效的控制用户访问网络资源。 该系列具备端口限速功能,可以64Kbps的精细粒度进行端口带宽分配,控制用户的接入速率,防止恶意侵占网络带宽。 交换机提供512个802.1Q VLAN,支持MAC地址和端口绑定、广播风暴抑制和端口锁定功能,还可以对属于同一个802.1Q VLAN的端口之间设置隔离或互通。 高可靠性: S2000-EI交换机不仅支持STP/RSTP生成树协议,还可以提供基于多VLAN的生成树MSTP,极大提高了链路的冗余备份,提高容错能力,保证网络的稳定运行。 低功耗静音设计: S2000-EI交换机具备低功耗和工作环境温度适应强的特点,采用无风扇设计,彻底免除噪音,还具有免机械风扇维护和更好的防尘效果。 灵活的扩展能力和远程维护: S2016-EI/S2403H-EI提供百兆光/电扩展能力,允许交换机通过光纤或铜缆上联网络。 通过FTP、TFTP实现设备的远程升级,支持HGMP集群管理系统和故障诊断,实现了设备的集中管理和维护。 丰富的管理方式: S2000-EI交换机支持SNMP V1/V2/V3,可以接受Open View等通用网管平台以及Quidview&reg;、iManager&reg; 网管系统配置和管理。支持CLI命令行,Web网管,TELNET,HGMP集群管理等多种方式,便于设备维护。
 楼主| 发表于 2008-1-6 16:19:14 | 显示全部楼层
组网描述:

PC-------------------2403H-EI---------------SECPATH100N----------------------ADSL猫----------------INTERNET

功能实现:

2403H-EI下挂的1到24口的PC实现两两隔离,都通过25口上行上公网.PAN>
2403H-EI 配置

[Quidway]qu
<Quidway>dir
Directory of flash:/

-rwxrwxrwx   1 noone    nogroup   2737939  Apr 02 2000 00:17:58   2403.app
-rwxrwxrwx   1 noone    nogroup         8  Apr 01 2000 23:55:18   snmpboots
-rwxrwxrwx   1 noone    nogroup      3674  Apr 02 2000 00:33:05   vrpcfg.txt
-rwxrwxrwx   1 noone    nogroup    445224  Apr 02 2000 00:01:14   wnm2.2.2-0003.zip   用于WEB网管,若不能WEB网管,检查此目录下是否有此文件.

3381248 bytes total (190464 bytes free)

<Quidway>dis ver
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 3.10, RELEASE 0017
Copyright (c) 2000-2004 HUAWEI TECH CO., LTD.
uptime is 0 week,0 day,0 hour,58 minutes

32M    bytes SDRAM
4096K   bytes Flash Memory
Config Register points to FLASH

Hardware Version is VER.D
Bootrom Version is 109
[Subslot 0] 25 FE        Hardware Version is VER.D


<Quidway>dis cu
#
sysname Quidway
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user telnet                         交换机的telnet和web网管时的用户名和密码
password simple telnet
service-type telnet level 3
#
vlan range 1-511
#
queue-scheduler wrr 1 2 4 8
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 11
#
vlan 12
#
vlan 13
#
vlan 14
#
vlan 15
#
vlan 16
#
vlan 17
#
vlan 18
#
vlan 19
#
vlan 20
#
vlan 21
#
vlan 22
#
vlan 23
#
vlan 24
#
vlan 100
#
vlan 500
#
interface Vlan-interface1                             
ip address 192.168.1.100 255.255.255.0               交换机的管理地址
#
interface Aux0/0
#
interface Ethernet0/1
port link-type hybrid
port hybrid vlan 1 100 untagged
#
interface Ethernet0/2
port link-type hybrid
port hybrid vlan 2 100 untagged
port hybrid pvid vlan 2
#
interface Ethernet0/3
port link-type hybrid
port hybrid vlan 3 100 untagged
port hybrid pvid vlan 3
#
interface Ethernet0/4
port link-type hybrid
port hybrid vlan 4 100 untagged
port hybrid pvid vlan 4
#
interface Ethernet0/5
port link-type hybrid
port hybrid vlan 5 100 untagged
port hybrid pvid vlan 5
#
interface Ethernet0/6
port link-type hybrid
port hybrid vlan 6 100 untagged
port hybrid pvid vlan 6
#
interface Ethernet0/7
port link-type hybrid
port hybrid vlan 7 100 untagged
port hybrid pvid vlan 7
#
interface Ethernet0/8
port link-type hybrid
port hybrid vlan 8 100 untagged
port hybrid pvid vlan 8
#
interface Ethernet0/9
port link-type hybrid
port hybrid vlan 9 100 untagged
port hybrid pvid vlan 9
#
interface Ethernet0/10
port link-type hybrid
port hybrid vlan 10 100 untagged
port hybrid pvid vlan 10
#
interface Ethernet0/11
port link-type hybrid
port hybrid vlan 11 100 untagged
port hybrid pvid vlan 11
#
interface Ethernet0/12
port link-type hybrid
port hybrid vlan 12 100 untagged
port hybrid pvid vlan 12
#
interface Ethernet0/13
port link-type hybrid
port hybrid vlan 13 100 untagged
port hybrid pvid vlan 13
#
interface Ethernet0/14
port link-type hybrid
port hybrid vlan 14 100 untagged
port hybrid pvid vlan 14
#
interface Ethernet0/15
port link-type hybrid
port hybrid vlan 15 100 untagged
port hybrid pvid vlan 15
#
interface Ethernet0/16
port link-type hybrid
port hybrid vlan 16 100 untagged
port hybrid pvid vlan 16
#
interface Ethernet0/17
port link-type hybrid
port hybrid vlan 17 100 untagged
port hybrid pvid vlan 17
#
interface Ethernet0/18
port link-type hybrid
port hybrid vlan 18 100 untagged
port hybrid pvid vlan 18
#
interface Ethernet0/19
port link-type hybrid
port hybrid vlan 19 100 untagged
port hybrid pvid vlan 19
#
interface Ethernet0/20
port link-type hybrid
port hybrid vlan 20 100 untagged
port hybrid pvid vlan 20
#
interface Ethernet0/21
port link-type hybrid
port hybrid vlan 21 100 untagged
port hybrid pvid vlan 21
#
interface Ethernet0/22
port link-type hybrid
port hybrid vlan 22 100 untagged
port hybrid pvid vlan 22
#
interface Ethernet0/23
port link-type hybrid
port hybrid vlan 23 100 untagged
port hybrid pvid vlan 23
#
interface Ethernet0/24
port link-type hybrid
port hybrid vlan 24 100 untagged
port hybrid pvid vlan 24
#
interface Ethernet0/25                         此端口用于上行,其它端口接PC,实现端口的两两隔离
port link-type hybrid
port hybrid vlan 1 to 24 100 untagged
port hybrid pvid vlan 100
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<Quidway>

secpath100N配置

dis ver
Copyright Notice:
All rights reserved (Mar 23 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.30, Release 0004

Copyright (c) 2000-2004 Huawei Tech. Co.,Ltd. All rights reserved.
Quidway SecPath 100N uptime is 0 week, 0 day, 0 hour, 13 minutes

  Router type: SecPath 100N
  CPU type: Mips IDT RC32438 266MHz
  128M bytes DDR SDRAM Memory
  8M bytes Flash Memory
  Pcb      Version:3.0
  Logic    Version:1.0
  BootROM  Version:1.01
  [SLOT 0] 2FE      (Hardware)1.0, (Driver)1.0, (Cpld)1.0
[Quidway]dis cu
#
sysname Quidway
#
local-user telnet
local-user telnet service-type telnet
local-user telnet level 3
#
dialer-rule 1 ip permit
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Dialer1
link-protocol ppp
ppp pap local-user 123 password simple 123
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user quidway
dialer-group 1
dialer bundle 1
nat outbound 2000
#
interface Ethernet0/0
pppoe-client dial-bundle-number 1
#
interface Ethernet0/1
tcp mss 1024
ip address 192.168.1.254 255.255.255.0
firewall packet-filter 3000 inbound
#
interface NULL0
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 deny
#
acl number 3000
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny udp destination-port eq netbios-ns
rule 3 deny udp destination-port eq netbios-dgm
rule 4 deny tcp destination-port eq 139
rule 5 deny tcp destination-port eq 445
rule 6 deny tcp destination-port eq 539
rule 7 deny udp destination-port eq 593
rule 8 deny tcp destination-port eq 593
rule 9 deny udp destination-port eq 1434
rule 10 deny tcp destination-port eq 9996
rule 11 deny tcp destination-port eq 5554
rule 12 deny udp destination-port eq 9996
rule 13 deny udp destination-port eq 5554
rule 14 deny tcp destination-port eq 137
rule 15 deny udp destination-port eq 1025
rule 16 deny tcp destination-port eq 9995
rule 17 deny udp destination-port eq 9995
rule 18 deny udp destination-port eq 1068
rule 19 deny udp destination-port eq 1023
rule 20 deny udp destination-port eq tftp
rule 21 deny udp destination-port eq netbios-ssn
rule 22 deny udp destination-port eq 445
rule 23 deny udp destination-port eq 539
rule 24 deny tcp destination-port eq 4444
rule 25 deny tcp destination-port eq 138
rule 26 deny tcp destination-port eq 1025
rule 27 deny tcp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode local
#
return
[Quidway]


您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 09:34 , Processed in 0.610671 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表