(1条消息) 华为S5700配置命令总结
查看当前配置:
display cur
进入配置模式:
system-view
修改交换机名字:
sysname huawei
创建vlan(创建后自动进入vlan):
vlan30
quit //退出vlan
给vlan配置IP地址
interface Vlanif 30
ip address 192.168.30.1 255.255.255.0
dhcp select global
dhcp enable
undo dhc enable //关闭DHCP
将端口3加入vlan30
进入端口3:
interface GigabitEthernet 0/0/3
port link-type access
port default vlan 30
quit 退出端口
配置IP地址池:
ip pool 30
gateway-list 192.168.30.1
network 192.168.30.1 mask 255.255.255.0
excluded-ip-address 192.168.30.2 192.168.30.99 //排除IP不参与DHCP
excluded-ip-address 192.168.30.200 192.168.254 //排除IP不参与DHCP
dns-list 61.139.2.69 8.8.8.8
//删除IP地址池:undo ip pool 30
保存配置:
save
ACL限制不同VLAN之间的访问:
acl number 3002
rule deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
acl number 3003
rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
用traffic-filter在vlan下应用ACL:
traffic-filter vlan 20 inbound acl 3002
traffic-filter vlan 30 inbound acl 3003
删除ACL,首先解除ACL调用关系:
undo traffic-filter vlan 20 inbound acl 3002
undo traffic-filter vlan 30 inbound acl 3003
删除ACL
undo acl 3002
undo acl 3003
quit
save //保存生效
将端口4加入VLAN30:
system-view
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 30
端口组:(同时设置多个端口)
system-view
port-group 34 //组名
group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4 //端口范围
port link-type access
port default vlan 20 //3 4 端口加入VLAN20
根据IP地址查看MAC地址:
dis arp | include 192.168.50.1