• 日期: 2028-09-17
  • 标签: 常规

以下是H3C交换机的配置命令:

//配置VLAN
vlan 10
  description 'VLAN10'
vlan 20
  description 'VLAN20'
vlan 30
  description 'VLAN30'
vlan 40
  description 'VLAN40'

//配置VLAN接口IP地址
interface Vlan-interface10
  ip address 10.4.0.1 255.255.0.0
  description 'VLAN10_Interface'
interface Vlan-interface20
  ip address 10.5.0.1 255.255.0.0
  description 'VLAN20_Interface'
interface Vlan-interface30
  ip address 10.6.0.1 255.255.0.0
  description 'VLAN30_Interface'
interface Vlan-interface40
  ip address 10.7.0.1 255.255.0.0
  description 'VLAN40_Interface'

//配置VLAN间的访问控制
vlan access-map VLAN20_DENY 10
  match ip address 101
  action drop
vlan access-map VLAN20_DENY 20
  action forward
vlan access-map VLAN30_DENY 10
  match ip address 102
  action drop
vlan access-map VLAN30_DENY 20
  action forward
vlan access-map VLAN40_DENY 10
  match ip address 103
  action drop
vlan access-map VLAN40_DENY 20
  action forward

//配置ACL,用于VLAN间访问控制
ip access-list extended VLAN20_DENY_ACL
  deny ip any 10.6.0.0 0.0.255.255
  deny ip any 10.7.0.0 0.0.255.255
  permit ip any any
ip access-list extended VLAN30_DENY_ACL
  deny ip any 10.5.0.0 0.0.255.255
  deny ip any 10.7.0.0 0.0.255.255
  permit ip any any
ip access-list extended VLAN40_DENY_ACL
  deny ip any 10.5.0.0 0.0.255.255
  deny ip any 10.6.0.0 0.0.255.255
  permit ip any any

//将ACL应用到VLAN access-map中
vlan filter VLAN20_DENY vlan-list 20
vlan filter VLAN30_DENY vlan-list 30
vlan filter VLAN40_DENY vlan-list 40

//配置DHCP服务器
dhcp enable
interface Vlan-interface10
  dhcp select relay
  dhcp relay server-select 10.3.0.1
interface Vlan-interface20
  dhcp server option 3 ip 10.5.0.1
  dhcp enable
interface Vlan-interface30
  dhcp server option 3 ip 10.6.0.1
  dhcp enable
interface Vlan-interface40
  dhcp server option 3 ip 10.7.0.1
  dhcp enable

//配置默认路由
ip route-static 0.0.0.0 0.0.0.0 10.3.0.1

//配置NAT
nat enable
interface GigabitEthernet1/0/1
  nat outbound

//配置ACL,允许所有VLAN访问外网
ip access-list extended ALLOW_ALL
  permit ip any any

//将ACL应用到接口
interface GigabitEthernet1/0/1
  ip address 10.3.0.2 255.255.255.0
  description 'Router_Interface'
  service-policy input ALLOW_ALL

本配置实现了以下功能:

  • 创建了四个VLAN:VLAN 10, VLAN 20, VLAN 30, VLAN 40,并分别分配了IP地址。
  • VLAN 10 可以被其他VLAN访问,但VLAN 20, 30, 40 之间不能互相访问。
  • 所有的VLAN内客户端都能够自动获取IP地址。
  • 所有VLAN都能访问外网。
H3C交换机VLAN配置:隔离VLAN间访问,允许访问外网

原文地址: https://www.cveoy.top/t/topic/nE9Z 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录