本文主要讲华三H3C三层交换机多VLAN通讯的相关配置。
一、实验环境
vlan2:192.168.20.1 255.255.255.0 server-network 不开启DHCP,手动配置IP地址,允许访问其他vlan
vlan3:192.168.30.1 255.255.255.0 office-network 开启DHCP与其他vlan不互通,可以访问vlan2的打印服务器和文件服务器
vlan4:192.168.40.1 255.255.255.0 guest-network 开启DHCP,与其他vlan不互通,可以访问vlan2的打印服务器
vlan5:192.168.50.1 255.255.255.0 product-network 开启DHCP,与其他vlan不互通,可以访问vlan2的文件服务器和vlan2的网站服务器
二、创建vlan
[H3C]vlan 2 to 5 //配置vlan2到vlan5 [H3C]int vlan 2 [H3C-Vlan-interface2]description server-network [H3C-Vlan-interface2]ip address 192.168.20.1 255.255.255.0 [H3C-Vlan-interface2]int vlan 3 [H3C-Vlan-interface3]description office-network [H3C-Vlan-interface3]ip address 192.168.30.1 255.255.255.0 [H3C-Vlan-interface3]int vlan 4 [H3C-Vlan-interface4]description guest-network [H3C-Vlan-interface4]ip address 192.168.40.1 255.255.255.0 [H3C-Vlan-interface4]int vlan 5 [H3C-Vlan-interface5]description product-network [H3C-Vlan-interface5]ip address 192.168.50.1 255.255.255.0 [H3C-Vlan-interface5]quit
三、配置DHCP服务
[H3C]dhcp server ip-pool vlan3 [H3C-dhcp-pool-vlan3]network 192.168.30.0 24 [H3C-dhcp-pool-vlan3]gateway-list 192.168.30.1 [H3C-dhcp-pool-vlan3]dns-list 192.168.30.1 [H3C-dhcp-pool-vlan3]expired day 7 [H3C-dhcp-pool-vlan3]dhcp server ip-pool vlan4 [H3C-dhcp-pool-vlan4]network 192.168.40.0 24 [H3C-dhcp-pool-vlan4]gateway-list 192.168.40.1 [H3C-dhcp-pool-vlan4]dns-list 192.168.40.1 [H3C-dhcp-pool-vlan4]expired day 1 [H3C-dhcp-pool-vlan4]dhcp server ip-pool vlan5 [H3C-dhcp-pool-vlan5]network 192.168.50.0 24 [H3C-dhcp-pool-vlan5]gateway-list 192.168.50.1 [H3C-dhcp-pool-vlan5]dns-list 192.168.50.1 [H3C-dhcp-pool-vlan5]expired day 30 [H3C-dhcp-pool-vlan5]quit [H3C]dhcp server forbidden-ip 192.168.30.1 [H3C]dhcp server forbidden-ip 192.168.40.1 [H3C]dhcp server forbidden-ip 192.168.50.1 [H3C]dhcp server enable [H3C]int vlan 3 [H3C-Vlan-interface3]dhcp select server [H3C-Vlan-interface3]int vlan 4 [H3C-Vlan-interface4]dhcp select server [H3C-Vlan-interface4]int vlan 5 [H3C-Vlan-interface5]dhcp select server [H3C-Vlan-interface5]quit
四、配置vlan互通策略
[H3C]acl number 3002 name vlan2 //配置vlan2的策略 [H3C-acl-ipv4-adv-3002]rule 10 permit tcp source 192.168.20.10 0 source-port eq 443 destination 192.168.50.0 0.0.0.255 //允许192.168.20.10:443访问vlan5 [H3C-acl-ipv4-adv-3002]rule 20 permit ip source 192.168.20.20 0 destination 192.168.30.0 0.0.0.255 //允许192.168.20.20访问vlan3 [H3C-acl-ipv4-adv-3002]rule 21 permit ip source 192.168.20.20 0 destination 192.168.40.0 0.0.0.255 //允许192.168.20.20访问vlan4 [H3C-acl-ipv4-adv-3002]rule 30 permit ip source 192.168.20.30 0 destination 192.168.30.0 0.0.0.255 //允许192.168.20.30访问vlan3 [H3C-acl-ipv4-adv-3002]rule 31 permit ip source 192.168.20.30 0 destination 192.168.40.0 0.0.0.255 //允许192.168.20.30访问vlan4 [H3C-acl-ipv4-adv-3002]rule 99 deny ip //禁止访问vlan2 [H3C-acl-ipv4-adv-3002]int vlan 2 //进入vlan2 [H3C-Vlan-interface2]packet-filter 3002 inbound //应用策略3002到vlan2上面 [H3C-Vlan-interface2]quit [H3C]acl number 3003 name vlan3 //配置vlan3的策略 [H3C-acl-ipv4-adv-3003]rule 10 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 //允许vlan3访问vlan2网段 [H3C-acl-ipv4-adv-3003]rule 99 deny ip //禁止访问vlan3 [H3C-acl-ipv4-adv-3003]int vlan 3 //进入vlan3 [H3C-Vlan-interface3]packet-filter 3003 inbound //应用策略3003到vlan3上面 [H3C-Vlan-interface3]quit [H3C]acl number 3004 name vlan4 //配置vlan4的策略 [H3C-acl-ipv4-adv-3004]rule 10 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 //允许vlan4访问vlan2网段 [H3C-acl-ipv4-adv-3004]rule 99 deny ip //禁止访问vlan4 [H3C-acl-ipv4-adv-3004]int vlan 4 //进入vlan4 [H3C-Vlan-interface4]packet-filter 3004 inbound //应用策略3004到vlan4上面 [H3C-Vlan-interface4]quit [H3C]acl number 3005 name vlan5 //配置vlan5的策略 [H3C-acl-ipv4-adv-3005]rule 10 permit ip source 192.168.50.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 //允许vlan5访问vlan2网段 [H3C-acl-ipv4-adv-3005]rule 99 deny ip //禁止访问vlan5 [H3C-acl-ipv4-adv-3005]int vlan 5 //进入vlan5 [H3C-Vlan-interface5]packet-filter 3005 inbound //应用策略3005到vlan5上面 [H3C-Vlan-interface5]quit
文章来源于互联网:华三H3C三层交换机VLAN之间配置实例
在 Linux 中国开源社区 停止运营 后,我收到了数不清的关心和支持。对此我深感荣幸和感动。然而,我注意到有一个普遍的误解,那就是大家将 Linux 中国的成功完全归功于我,这并不准确。因此,我想借助这篇对 Linux 中国文章数据集的文章,正式澄清这一点,…
未经允许不得转载:窗外天空 » 华三H3C三层交换机VLAN之间配置实例
火狐Firefox 使用 DNS-over-HTTPS(DoH)
Hyper-V安装爱快iKuai
PE安装系统Windows11
Debian安装frps并实现客户端映射
Proxmox VE设置多个管理地址
爱快iKuai设置IPv6地址(电信IPv4/IPv6双栈)
爱快iKuai基于OpenVPN实现异地组网
华三H3C路由器三层交换机VLAN上网基础设置
