LAN间互访控制配置举例

操作步骤

1.  配置Switch

# 创建VLAN

<Quidway> system-view

[Quidway] vlan batch 10 20

# 配置VLANIF接口的IP地址

[Quidway] interface vlanif 10

[Quidway-Vlanif10] ip address 10.10.10.1 24

[Quidway-Vlanif10] quit

[Quidway] interface vlanif 20

[Quidway-Vlanif20] ip address 20.20.20.1 24

[Quidway-Vlanif20] quit

将端口添加到相应的vlan

[Quidway] interface ethernet 0/0/2

[Quidway-Ethernet0/0/2] port link-type access

[Quidway-Ethernet0/0/2] port default vlan 10

[Quidway-Ethernet0/0/2] quit

[Quidway] interface ethernet 0/0/3

[Quidway-Ethernet0/0/2] port link-type access

[Quidway-Ethernet0/0/2] port default vlan 20

[Quidway-Ethernet0/0/3] quit

创建ACL3000拒绝vlan10 去访问vlan20

[Switch] acl 3001

[Switch-acl-adv-3001] rule 5 deny ip source 10.10.10.0 0.0.0.255 destination 20.20.20.0 0.0.0.255

创建流分类C1

[Quidway] traffic classifier c1

[Quidway -classifier-c1] if-match acl 3001

[Quidway -classifier-c1] quit

创建流行为

[Quidway] traffic behavior b1

[Quidway -behavior-b1] permit

[Quidway -behavior-b1] quit

创建流策略

[Quidway] traffic policy p1

[Quidway -trafficpolicy-p1] classifier c1 behavior b1

在接口上应用

[Quidway] VLAN 10

[Quidway –VLAN10] traffic-policy p1 inbound

注：若要解除VLAN间禁止互ping

可以用“undo”进行策略解除；

[Quidway] VLAN 10

[Quidway –VLAN10] undo traffic-policy p1 inbound