华为交换机基本配置命令(2)
发布网友
发布时间:2022-11-20 16:36
共1个回答
热心网友
时间:2023-12-20 15:20
华为交换机基本配置命令大全
network 192.168.5.0 定义IP
network 192.168.3.0 定义IP
disp ip rout 查看路由接口
R2:
int e1/0 进入e1/0端口
ip address 192.168.4.1 255.255.255.0 设置IP
int e2/0 进入e2/0端口
ip adress 192.168.5.2 255.255.255.0 设置IP
rip 设置动态路由
network 192.168.5.0 定义IP
network 192.168.4.0 定义IP
disp ip rout 查看路由接口
(注意:两台PC机的网关设置PC1 IP:192.168.3.1 PC2 IP:192.168.4.1)
七、IP访问列表
int e1/0
ip address 192.168.3.1 255.255.255.0
int e2/0
ip address 192.168.1.1 255.255.255.0
int e3/0
ip address 192.168.2.1 255.255.255.0
acl number 2001 (2001-2999属于基本的访问列表)
rule 1 deny source 192.168.1.0 0.0.0.255 (拒绝地址192.168.1.0网段的数据通过)
rule 2 permit source 192.168.3.0 0.0.0.255(允许地址192.168.3.0网段的数据通过)
以下是把访问控制列表在接口下应用:
firewall enable
firewall default permit
int e3/0
firewall packet-filter 2001 outbound
disp acl 2001 显示信息
undo acl number 2001 删除2001控制列表
扩展访问控制列表
acl number 3001
rule deny tcp source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 destination-port eq ftp
必须在r-acl-adv-3001下才能执行
rule permit ip source an destination any (rule permit ip)
int e3/0
firewall enable 开启防火墙
firewall packet-filter 3001 inbound
必须在端口E3/0下才能执行
八、命令的标准访问IP列表(三层交换机):
允许A组机器访问服务器内资料,不允许访问B组机器(服务器没有*)
sys
vlan 10
name server
vlan 20
name teacher
vlan 30
name student
int e1/0/5
port access vlan 10
int e1/0/10
port access vlan 20
int e1/0/15
port access vlan 30
int vlan 10
ip address 192.168.10.1 255.255.255.0
undo sh
int vlan 20
ip address 192.168.20.1 255.255.255.0
int vlan 30
ip address 192.168.30.1 255.255.255.0
acl number 2001
rule 1 deny source 192.168.30.0 0.0.0.255
rule 2 permit source any
disp acl 2001 查看2001列表
int e1/0/10
port access vlan 20
packet-filter outbound ip-group 2001 rule 1
出口
九、允许A机器访问B机器的FTP但不允许访问WWW,C机器没有任何*。
vlan 10
vlan 20
vlan 30
int e1/0/5
port access vlan 10
int e1/0/10
port access vlan 20
int e1/0/15
port access vlan 30
int vlan 10
ip address 192.168.10.1 255.255.255.0
undo sh
int vlan 20
ip address 192.168.20.1 255.255.255.0
int vlan 30
ip address 192.168.30.1 255.255.255.0
acl number 3001
rule 1 deny tcp source 192.168.30.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 destination-port eq www
int e1/0/15
packet-filter inbound ip-group 3001 rule 1
进口
十、NAT地址转换(单一静态一对一地址转换)
R1:
sys
sysname R1
int e1/0
ip address 192.168.3.1 255.255.255.0
int e2/0
ip address 192.1.1.1 255.255.255.0
R2:
sys
sysname R2
int e2/0
ip address 192.1.1.2 255.255.255.0
int e1/0
ip address 10.80.1.1 255.255.255.0
回到R1:
nat static 192.168.3.1 192.1.1.1
int e2/0
nat outbound static
ip route 0.0.0.0 0.0.0.0 192.1.1.2
十一、NAT内部整网段地址转换
R1:
sys
sysname R1
int e1/0
ip address 192.168.3.1 255.255.255.0
int e2/0
ip address 192.1.1.1 255.255.255.0
acl number 2008
rule 0 permit source 192.168.3.0 0.0.0.255
rule 1 deny
quit
int e2/0
nat outbound 2008
quit
ip route-static 0.0.0.0 0.0.0.0 192.1.1.2 preference 60
↑
下一个路由接口地址
R2:
sys
