当前位置:主页 > 影音工程 > 专业音响 >

Secpath100N接S6503典型配置

发布时间::2017-01-13 15:19
标签: 

组网图:


S3026C-SI ----------------S6503----------------Secpath100N-----------------INTERNET
   

实现功能:
             S6503划了七个VLAN,使VLAN间互相不能访问。



S6503的配置:
curr
#
sysname 6503
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
#
temperature-limit 0 20 80
temperature-limit 1 10 80
temperature-limit 2 10 80
#
port monitor last slot 1 8
#
mirroring-group 1 inbound GigabitEthernet2/0/6 mirrored-to GigabitEthernet2/0/8      端口镜像
mirroring-group 2 outbound GigabitEthernet2/0/6 mirrored-to GigabitEthernet2/0/8
#
stp TC-protection enable
#
acl number 3000 match-order auto
rule 22 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.3.0 0.0.0.25
rule 23 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.2.0 0.0.0.25
rule 24 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.1.0 0.0.0.25
rule 25 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.1.0 0.0.0.25
rule 26 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.2.0 0.0.0.25
rule 27 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.3.0 0.0.0.25
rule 28 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.4.0 0.0.0.25
rule 29 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.6.0 0.0.0.25
rule 30 deny ip source 10.10.5.0 0.0.0.255 destination 10.10.7.0 0.0.0.25
rule 31 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.7.0 0.0.0.25
rule 32 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.5.0 0.0.0.25
rule 33 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.4.0 0.0.0.25
rule 34 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.3.0 0.0.0.25
rule 35 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.2.0 0.0.0.25
rule 36 deny ip source 10.10.6.0 0.0.0.255 destination 10.10.1.0 0.0.0.25
rule 37 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.1.0 0.0.0.25
rule 38 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.2.0 0.0.0.25
rule 39 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.3.0 0.0.0.25
rule 40 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.4.0 0.0.0.25
rule 41 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.5.0 0.0.0.25
rule 42 deny ip source 10.10.7.0 0.0.0.255 destination 10.10.6.0 0.0.0.25
rule 1 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.2.0 0.0.0.255
rule 2 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.3.0 0.0.0.255
rule 3 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.4.0 0.0.0.255
rule 4 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.5.0 0.0.0.255
rule 5 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.6.0 0.0.0.255
rule 6 deny ip source 10.10.1.0 0.0.0.255 destination 10.10.7.0 0.0.0.255
rule 7 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.7.0 0.0.0.255
rule 8 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.6.0 0.0.0.255
rule 9 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.5.0 0.0.0.255
rule 10 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.4.0 0.0.0.255
rule 11 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.3.0 0.0.0.255
rule 12 deny ip source 10.10.2.0 0.0.0.255 destination 10.10.1.0 0.0.0.255
rule 13 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.1.0 0.0.0.255
rule 14 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.2.0 0.0.0.255
rule 15 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.4.0 0.0.0.255
rule 16 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.5.0 0.0.0.255
rule 17 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.6.0 0.0.0.255
rule 18 deny ip source 10.10.3.0 0.0.0.255 destination 10.10.7.0 0.0.0.255
rule 19 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.7.0 0.0.0.255
rule 20 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.6.0 0.0.0.255
rule 21 deny ip source 10.10.4.0 0.0.0.255 destination 10.10.5.0 0.0.0.255
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
vlan 60
#
vlan 70
#
interface Vlan-interface1
ip address 10.10.0.2 255.255.255.0
#
interface Vlan-interface10
ip address 10.10.1.1 255.255.255.0
#
interface Vlan-interface20
ip address 10.10.2.1 255.255.255.0
#
interface Vlan-interface30
ip address 10.10.3.1 255.255.255.0
#
interface Vlan-interface40
ip address 10.10.4.1 255.255.255.0
#
interface Vlan-interface50
ip address 10.10.5.1 255.255.255.0
#
interface Vlan-interface60
ip address 10.10.6.1 255.255.255.0
#
interface Vlan-interface70
ip address 10.10.7.1 255.255.255.0
#
interface Aux0/0/0
#
interface M-Ethernet0/0/0
#
interface GigabitEthernet1/0/1   下接3026C-SI
speed 1000
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/2      下接3026C-SI
speed 1000
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/3
speed 1000
#
interface GigabitEthernet1/0/4
speed 1000
#
interface GigabitEthernet1/0/5
speed 1000
#
interface GigabitEthernet1/0/6
speed 1000
#
interface GigabitEthernet1/0/7
speed 1000
#
interface GigabitEthernet1/0/8
speed 1000
#
interface GigabitEthernet2/0/1                      上接Secpath100N
port link-type trunk
port trunk permit vlan all
qos
packet-filter inbound ip-group 3000 rule 22
packet-filter inbound ip-group 3000 rule 23
packet-filter inbound ip-group 3000 rule 24
packet-filter inbound ip-group 3000 rule 25
packet-filter inbound ip-group 3000 rule 26
packet-filter inbound ip-group 3000 rule 27
packet-filter inbound ip-group 3000 rule 28
packet-filter inbound ip-group 3000 rule 29
packet-filter inbound ip-group 3000 rule 30
packet-filter inbound ip-group 3000 rule 31
packet-filter inbound ip-group 3000 rule 32
packet-filter inbound ip-group 3000 rule 33
packet-filter inbound ip-group 3000 rule 34
packet-filter inbound ip-group 3000 rule 35
packet-filter inbound ip-group 3000 rule 36
packet-filter inbound ip-group 3000 rule 37
packet-filter inbound ip-group 3000 rule 38
packet-filter inbound ip-group 3000 rule 39
packet-filter inbound ip-group 3000 rule 40
packet-filter inbound ip-group 3000 rule 41
packet-filter inbound ip-group 3000 rule 42
packet-filter inbound ip-group 3000 rule 1
packet-filter inbound ip-group 3000 rule 2
packet-filter inbound ip-group 3000 rule 3
packet-filter inbound ip-group 3000 rule 4
packet-filter inbound ip-group 3000 rule 5
packet-filter inbound ip-group 3000 rule 6
packet-filter inbound ip-group 3000 rule 7
packet-filter inbound ip-group 3000 rule 8
packet-filter inbound ip-group 3000 rule 9
packet-filter inbound ip-group 3000 rule 10
packet-filter inbound ip-group 3000 rule 11
packet-filter inbound ip-group 3000 rule 12
packet-filter inbound ip-group 3000 rule 13
packet-filter inbound ip-group 3000 rule 14
packet-filter inbound ip-group 3000 rule 15
packet-filter inbound ip-group 3000 rule 16
packet-filter inbound ip-group 3000 rule 17
packet-filter inbound ip-group 3000 rule 18
packet-filter inbound ip-group 3000 rule 19
packet-filter inbound ip-group 3000 rule 20
packet-filter inbound ip-group 3000 rule 21
#
interface GigabitEthernet2/0/2
port access vlan 10
#
interface GigabitEthernet2/0/3
#
interface GigabitEthernet2/0/4
#
interface GigabitEthernet2/0/5
#
interface GigabitEthernet2/0/6
#
interface GigabitEthernet2/0/7
#
interface GigabitEthernet2/0/8
#
interface NULL0
#

#
ip route-static 0.0.0.0 0.0.0.0 10.10.0.1 preference 60    指向Secpath100N
#
user-interface aux 0
user-interface vty 0 4
#
return
<6503>

[ 本帖最后由 jingr 于 2005-6-24 18:45 编辑 ]

cnrouter 发表于 2005-6-26 10:23:00

我们就要这样的好贴呀.

zhang_xue_yong 发表于 2005-7-7 15:43:00

好呀,以后配置安这个例子完全搞定了,呵呵

xbao20 发表于 2005-7-26 15:20:00

好贴
发贴就要像这样的
大家有学习的价值
如果有图就更好了

yeepine 发表于 2005-8-1 22:51:00

有个疑问?

在建立ACL时,用如下的配置是否可行?
acl nu 3000
rule 0 deny ip

acl nu 3001
rulepermit ip source any destination 10.10.0.1 0.0.0.0
rulepermit ip source 10.10.0.1 0.0.0.0 destination any

然后下发各个接口。
这样不是简单些吗?
望指正

610540 发表于 2005-8-3 15:15:00

可以阿
acl 3001
rule后加规则号
还可以更简单
acl nu 3000
rule 0 deny ip

acl nu 3001
rule0 permit ipdestination 10.10.0.1 0.0.0.0
rule1 permit ip source 10.10.0.1 0.0.0.0 destination any

呵呵

lotusice 发表于 2005-8-4 15:40:00

好东东!收藏了

wasp 发表于 2005-10-13 17:08:00

好贴呀

蓝茶小子 发表于 2005-10-20 16:27:00

真是好贴子啊,太喜欢了!
100N和路由器差不多配置是吧?不用做区域对不对?




网络安全 | 软件开发 | 网站建设 | 监控门禁 | 数据安全 | 信息防泄密 | 智慧街道 | 智慧党建 | 智慧军营 | 高校信息化建设 | 政府信息化建设 | 军队信息化建设

销售热线:159-9855-7370(董经理)售后服务热线:0411-62887714 在线QQ:543646 合作/传真:0411-62887714

电子邮件:543646@QQ.com 销售中心:大连市沙河口区富民广场御园3-503室 研发中心:大连市中山区曼哈顿大厦A座2610

Copyright © 2006-2019 www.dutit.com 版权所有:大工联创(大连)科技有限公司 | 大连市互联网协会会员单位 | 大连市工商联会员单位









大连音响 | 大连灯光音响 | 大连背景音乐 | 大连无线音响 | 大连音响系统 | 大连公共广播 | 大连音响工程 | 大连音响租赁 | 大连麦克风 | 大连专业音响
大连会议室音响 | 大连堡垒机 | 大连电子白板 | 多媒体教室虚拟化 | 大连教师办公虚拟化 | 学生办公虚拟化 | 公共电脑虚拟化 | 企业防泄密虚拟化 | 移动办公虚拟化
大连上网行为管理 | 大连上网行为管理软件 | 大连上网行为管理路由器 | 大连上网行为管理设备 | 大连深信服上网行为管理 | 大连网络管理设备
大连系统集成 | 大连综合布线 | 大连视频监控 | 大连IT综合服务 | 大连系统集成公司 | 大连高清视频监控 | 大连安防监控 | 大连门禁一卡通
大连自动化工程 | 大连工业机器人 | 大连自动化设备 | 大连自动化集成 | 大连控制柜 | 大连电控柜 | 大连智能流水线 | 大连PLC编程