H3C5500详细配置及说明

version 5.20, Release 1207

sysname dunan-s5500 设备重命名

super password level 3 simple abcd123456 设置串口连接密码 domain default enable system说明性文字

telnet server enable telnet服务开启

loopback-detection enable 环回口连接开启

注释VLAN连接区域

vlan 1

description fileserver vlan 2

description firewall

vlan 10

description erp+sql+other vlan 20

description caiwu vlan 30

description waimao

vlan 40

description bigoffice

vlan 50

description jishubu

vlan 60

description erchejian

vlan 70

description huayi

vlan 80

description zongcai

vlan 90

description webser

vlan 130

description wlan

radius scheme system

domain system 说明性文字

access-limit disable

state active

idle-cut disable

self-service-url disable

将ACL规则定义策略和行为这里和3600是不同的，分为三部traffic classifier c_vlan operator and if-match acl 3000

traffic classifier a_vlan operator and if-match acl 3001

traffic behavior d_vlan

filter deny

traffic behavior b_vlan

filter deny

qos policy p_vlan

classifier c_vlan behavior b_vlan

qos policy t_vlan

classifier a_vlan behavior d_vlan

设置web访问用户和密码并定义权限为最高

local-user h3c

password simple dafm

service-type telnet

level 3

建立高级访问控制列表并建立子规则

acl number 3000

rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 6 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 7 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 8 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 9 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 10 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 11 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 12 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 13 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 14 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 15 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 16 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 rule 17 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 18 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 19 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 rule 20 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 21 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 22 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 23 deny tcp source 192.168.80.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 acl number 3001

rule 0 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 1 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 2 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.60.0 0.0.0.255 rule 6 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.70.0 0.0.0.255 rule 7 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.80.0 0.0.0.255 rule 8 deny tcp source 192.168.90.0 0.0.0.255 destination 192.168.130.0 0.0.0.255 配置VLAN网关，实际为设置vlan 间路由

interface NULL0

interface Vlan-interface 1

ip address 192.168.1.1 255.255.255.0

interface Vlan-interface 2

ip address 192.168.2.2 255.255.255.0

interface Vlan-interface 10