H3C交换机VLAN配置实例

交换机VLAN基础配置实例—功能需求及组网说明：配置环境参数：PCA和PCB分别连接到S5600的端口G1/0/2和G1/0/3。产品版本信息：S5600系列交换机采用任何版本皆可。组网要求：PCA和PCB都属于VLAN2。二数据配置步骤：创建VLAN；将相应端口加入VLAN。三配置命令参考：S5600相关配置：方法一：1．将交换机改名为S5600[Quidway]sysnameS56003．创建（进入）VLAN2[S5600]vlan24．将端口G1/0/2和G1/0/3加入VLAN2[S5600-vlan2]portGigabitEthernet1/0/2toGigabitEthernet1/0/3方法二：1．将交换机改名为S5600[Quidway]sysnameS56002．创建（进入）VLAN2[S5600]vlan23．退出到系统视图[S5600-vlan3]quit进入端口GigabitEthernet1/0/2[S5600]interfaceGigabitEthernet1/0/2将GigabitEthernet1/0/2的PVID更改为2[Quidway-GigabitEthernet1/0/2]portaccessvlan26．进入端口GigabitEthernet1/0/3[Quidway-GigabitEthernet1/0/2]interfaceGigabitEthernet1/0/37．将GigabitEthernet1/0/3的PVID更改为2[Quidway-GigabitEthernet1/0/3]portaccessvlan2四补充说明：缺省情况下，交换机有一个默认的VLAN，即VLAN1，所有端口都默认属于该VLAN。在系统视图下，可以利用命令undovlan-number以删除相应VLAN，但交换机的默认VLAN1不能被删除。当端口模式为trunk/hybrid的时候，只能在该端口下使用porttrunk/hybridvlan-number命令将端口加入VLAN。本案例适用于Quidway系列交换机任何版本。如果是不同台的交换机上相同id的vlan要相互通信，那么可以通过共享的trunk端口就可以实现，如果是同一台上不同id的vlan/不同台不同id的vlan它们之间要相互通信，需要通过第三方的路由来实现；vlan的划分有两个需要注意的地方：一是划分了几个不同的vlan组，都有不同的vlanid号；分配到vlan组里面的交换机端口也有portid.比如端口1，2，3，4划分到vlan10，5，6，7，8划分到vlan20，我可以把1，3，4的端口的portid设置为10，而把2端口的portid设置为20；把5，6，7端口的portid设置为20，而把8端口的portid设置为10.这样的话，vlan10中的1，3，4端口能够和vlan20中8端口相互通信；而vlan10中的2端口能够和vlan20中的5，6，7端口相互通信；虽然vlanid不同，但是portid相同，就能通信，同样vlanid相同，portid不同的端口之间却不能相互访问，比如vlan10中的2端口就不能和1，3，4端口通信。H3CS5600配置实例：需求：某公司局域网要划分为4个网段，0网段可以访问其他网段，其他网段之间不可以互访，但可以访问0网段。discu#sysnameH3C#radiusschemesystem#domainsystem#aclnumber3000rule0denyipsource192.168.1.00.0.0.255destination192.168.2.00.0.0.255/1.0网段不允许访问2.03.0100.0/rule1denyipsource192.168.1.00.0.0.255destination192.168.3.00.0.0.255rule2denyipsource192.168.1.00.0.0.255destination192.168.100.00.0.0.255rule3denyipsource192.168.2.00.0.0.255destination192.168.3.00.0.0.255/2.0网段不允许访问1.03.0100.0/rule4denyipsource192.168.2.00.0.0.255destination192.168.1.00.0.0.255rule5denyipsource192.168.2.00.0.0.255destination192.168.100.00.0.0.255rule6denyipsource192.168.3.00.0.0.255destination192.168.100.00.0.0.255/3.0网段不允许访问2.01.0100.0/rule7denyipsource192.168.3.00.0.0.255destination192.168.1.00.0.0.255rule8denyipsource192.168.3.00.0.0.255destination192.168.2.00.0.0.255rule9permitipsource192.168.1.00.0.0.255destination192.168.1.10/只能访问各自的网关/rule10permitipsource192.168.2.00.0.0.255destination192.168.2.10rule11permitipsource192.168.3.00.0.0.255destination192.168.3.10rule12permitipsource192.168.0.00.0.0.255destination192.168.0.00.0.255.255/0.0可以访问所有网段/#vlan1#vlan10#vlan11#vlan12#vlan13#interfaceVlan-interface10ipaddress192.168.0.254255.255.255.0#interfaceVlan-interface11ipaddress192.168.1.1255.255.255.0#interfaceVlan-interface12ipaddress192.168.2.1255.255.255.0#interfaceVlan-interface13ipaddress192.168.3.1255.255.255.0#interfaceAux1/0/0#interfaceGigabitEthernet1/0/1portaccessvlan10#interfaceGigabitEthernet1/0/2portaccessvlan10#interfaceGigabitEthernet1/0/17inboundip-group3000/portaccessvlan11packet-filterinboundip-group3000rule0packet-filterinboundip-group3000rule1packet-filterinboundip-group3000rule2packet-filterinboundip-group3000rule3packet-filterinboundip-group3000rule4packet-filterinboundip-group3000rule5packet-filterinboundip-group3000rule6packet-filterinboundip-group3000rule7packet-filterinboundip-group3000rule8packet-filterinboundip-group3000rule9packet-filterinboundip-group3000rule10packet-filterinboundip-group3000rule11/应用到VLAN中的所有端口packet-filterpacket-filterinboundip-group3000rule12#interfaceGigabitEthernet1/0/21portaccessvlan12packet-filterinboundip-group3000rule0packet-filterinboundip-group3000rule1packet-filterinboundip-group3000rule2packet-filterinboundip-group3000rule3packet-filterinboundip-group3000rule4packet-filterinboundip-group3000rule5packet-filterinboundip-group3000rule6packet-filterinboundip-group3000rule7packet-filterinboundip-group3000rule8packet-filterinboundip-group3000rule9packet-filterinboundip-group3000rule10packet-filterinboundip-group3000rule11packet-filterinboundip-group3000rule12#interfaceGigabitEthernet1/0/22portaccessvlan12packet-filterinboundip-group3000rule0packet-filterinboundip-group3000rule1packet-filterinboundip-group3000rule2packet-filterinboundip-group3000rule3packet-filterinboundip-group3000rule4packet-filterinboundip-group3000rule5packet-filterinboundip-group3000rule6packet-filterinboundip-group3000rule7packet-filterinboundip-group3000rule8packet-filterinboundip-group3000rule9packet-filterinboundip-group3000rule10packet-filterinboundip-group3000rule11packet-filterinboundip-group3000rule12#interfaceGigabitEthernet1/0/23portaccessvlan13packet-filterinboundip-group3000rule0packet-filterinboundip-group3000rule1packet-filterinboundip-group3000rule2packet-filterinboundip-group3000rule3packet-filterinboundip-group3000rule4packet-filterinboundip-group3000rule5packet-filterinboundip-group3000rule6packet-filterinboundip-group3000rule7packet-filterinboundip-group3000rule8packet-filterinboundip-group3000rule9packet-filterinboundip-group3000rule10packet-filterinboundip-group3000rule11packet-filterinboundip-group3000rule12#interfaceCascade1/2/1#interfaceCascade1/2/2#interfaceNULL0#user-interfaceaux07user-interfacevty04#return[H3C]