[na]華為acl(traffic-filter)和dhcp管理


這個是財務網絡的一個問題, 要求財務的某台機器能訪問其他部門區的打印機. 其他部門是不能訪問到財務網絡的.

 

華為alc配置實例:-traffic-filter

# 在VLAN100上配置基於ACL的報文過濾,允許源IP地址為192.168.0.2/32的報文通過,丟棄其他報文。

<HUAWEI> system-view

[HUAWEI] vlan 100

[HUAWEI-vlan100] quit

[HUAWEI] acl name test 3000

[HUAWEI-acl-adv-test] rule 5 permit ip source 192.168.0.2 0

[HUAWEI-acl-adv-test] rule 10 deny ip source any

[HUAWEI-acl-adv-test] quit

[HUAWEI] traffic-filter vlan 100 inbound acl name test

 

 

traffic-filter實例:

int vlan15

acl name wifiToServer 3000

rule 5 per ip so 192.168.5.95 0

rule 10 per ip so 192.168.5.139 0

rule 15 per ip so 192.168.5.165 0

rule 20 per ip so 192.168.5.212 0

rule 25 per ip so 192.168.5.241 0

rule 30 per ip so 192.168.5.242 0

 

traffic-filter vlan 15 inbound acl name wifiToServer

dhcp地址池配置:

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

dhcp select interface

dhcp server static-bind ip-address 192.168.100.241 mac-address 28f0-7647-11fd

dhcp server static-bind ip-address 192.168.100.242 mac-address fcc2-deef-408c

dhcp server static-bind ip-address 192.168.100.243 mac-address 00ee-bd87-d99a

dhcp server static-bind ip-address 192.168.100.244 mac-address 7423-448d-12e9

dhcp server static-bind ip-address 192.168.100.245 mac-address cc08-8db5-05aa

dhcp server static-bind ip-address 192.168.100.56 mac-address 0008-caa2-1aa3

dhcp server excluded-ip-address 192.168.20.100 192.168.20.120

dhcp ip是否被分配:

dis ip pool interface Vlanif15 used | include fcc2-deef-4080 192.168.5.241

dhcp釋放used地址:

reset ip pool int vlanif20 x.x.x.x

dhcp釋放conflict ip:

reset ip pool int vlanif20 conflict ßconflict ip是無法被分配的,也無法在used里查到,也無法在借口綁定給用戶,查看沖突ip: dis ip pool intterface vlan 100 conflict

dhcp地址池綁定ip

reset ip pool int vlanif15 192.168.5.56 ß如果已被分配了,為確保最小震盪,先釋放,后綁定.

y

sys

int vlanif15

dhcp server static-bind ip-address 192.168.5.56 mac-address 0008-caa2-1a03


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM