华为5700做核心交换机,怎样用命令做禁止 10
华为5700做核心交换机vlan10为互联地址,下面还做了10个vlan要让其中的9个vlan段不能上外网,怎么配置啊命令行的ippool2gateway-list192...
华为5700做核心交换机vlan10为互联地址,下面还做了10个vlan 要让其中的9个vlan段不能上外网,怎么配置啊 命令行的
ip pool 2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
dns-list 202.99.192.66 202.99.192.68
#
ip pool 3
gateway-list 192.168.3.1
network 192.168.3.0 mask 255.255.255.0
#
ip pool 5
gateway-list 192.168.5.1
network 192.168.5.0 mask 255.255.255.0
#
ip pool 6
gateway-list 192.168.6.1
network 192.168.6.0 mask 255.255.255.0
ip pool 7
gateway-list 192.168.7.1
network 192.168.7.0 mask 255.255.255.0
#
ip pool 8
gateway-list 192.168.8.1
network 192.168.8.0 mask 255.255.255.0
#
ip pool 9
gateway-list 192.168.9.1
network 192.168.9.0 mask 255.255.255.0
interface Vlanif2
description wifi
ip address 192.168.2.1 255.255.255.0
dhcp select global
interface Vlanif3
description shoufei
ip address 192.168.3.1 255.255.255.0
dhcp select global
interface Vlanif5
description menzhen
ip address 192.168.5.1 255.255.255.0
dhcp select global
interface Vlanif6
description tijian
ip address 192.168.6.1 255.255.255.0
dhcp select global
interface Vlanif7
description yijiyewu
ip address 192.168.7.1 255.255.255.0
dhcp select global
interface Vlanif8
description beiyong
ip address 192.168.8.1 255.255.255.0
dhcp select global
interface Vlanif9
description beiyong
ip address 192.168.9.1 255.255.255.0
dhcp select global
interface Vlanif10
ip address 172.16.1.3 255.255.255.248 展开
ip pool 2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
dns-list 202.99.192.66 202.99.192.68
#
ip pool 3
gateway-list 192.168.3.1
network 192.168.3.0 mask 255.255.255.0
#
ip pool 5
gateway-list 192.168.5.1
network 192.168.5.0 mask 255.255.255.0
#
ip pool 6
gateway-list 192.168.6.1
network 192.168.6.0 mask 255.255.255.0
ip pool 7
gateway-list 192.168.7.1
network 192.168.7.0 mask 255.255.255.0
#
ip pool 8
gateway-list 192.168.8.1
network 192.168.8.0 mask 255.255.255.0
#
ip pool 9
gateway-list 192.168.9.1
network 192.168.9.0 mask 255.255.255.0
interface Vlanif2
description wifi
ip address 192.168.2.1 255.255.255.0
dhcp select global
interface Vlanif3
description shoufei
ip address 192.168.3.1 255.255.255.0
dhcp select global
interface Vlanif5
description menzhen
ip address 192.168.5.1 255.255.255.0
dhcp select global
interface Vlanif6
description tijian
ip address 192.168.6.1 255.255.255.0
dhcp select global
interface Vlanif7
description yijiyewu
ip address 192.168.7.1 255.255.255.0
dhcp select global
interface Vlanif8
description beiyong
ip address 192.168.8.1 255.255.255.0
dhcp select global
interface Vlanif9
description beiyong
ip address 192.168.9.1 255.255.255.0
dhcp select global
interface Vlanif10
ip address 172.16.1.3 255.255.255.248 展开
1个回答
展开全部
配置命令如下:
acl number 3000
rule 1 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 2 deny ip
先放行192.168网段可以访问192.168网段,即内网只与内网192.168网段互相访问;之后拒绝所有出外网访问。
全局下挂ACL即可生效,命令如下:
traffic-filter vlan 2 inbound acl 3000
在vlan2的进方向挂上ACL 3000
acl number 3000
rule 1 permit ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 2 deny ip
先放行192.168网段可以访问192.168网段,即内网只与内网192.168网段互相访问;之后拒绝所有出外网访问。
全局下挂ACL即可生效,命令如下:
traffic-filter vlan 2 inbound acl 3000
在vlan2的进方向挂上ACL 3000
追问
这些做上了 还是不行么。是不是要把acl number 3000做在这个交换机的上行口上啊?
追答
traffic-filter vlan 2 inbound acl 3000 这个命令就是把acl 3000挂在vlan 2的进方向,你acl些的命令是什么,可以贴出来吗?
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
