这个是财务网络的一个问题, 要求财务的某台机器能访问其他部门区的打印机. 其他部门是不能访问到财务网络的.
华为alc配置实例:-traffic-filter
# 在VLAN100上配置基于ACL的报文过滤,允许源IP地址为192.168.0.2/32的报文通过,丢弃其他报文。
<HUAWEI> system-view [HUAWEI] vlan 100 [HUAWEI-vlan100] quit [HUAWEI] acl name test 3000 [HUAWEI-acl-adv-test] rule 5 permit ip source 192.168.0.2 0 [HUAWEI-acl-adv-test] rule 10 deny ip source any [HUAWEI-acl-adv-test] quit [HUAWEI] traffic-filter vlan 100 inbound acl name test
traffic-filter实例:
int vlan15 acl name wifiToServer 3000 rule 5 per ip so 192.168.5.95 0 rule 10 per ip so 192.168.5.139 0 rule 15 per ip so 192.168.5.165 0 rule 20 per ip so 192.168.5.212 0 rule 25 per ip so 192.168.5.241 0 rule 30 per ip so 192.168.5.242 0 traffic-filter vlan 15 inbound acl name wifiToServer
dhcp地址池配置:
interface Vlanif100 ip address 192.168.100.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 192.168.100.241 mac-address 28f0-7647-11fd dhcp server static-bind ip-address 192.168.100.242 mac-address fcc2-deef-408c dhcp server static-bind ip-address 192.168.100.243 mac-address 00ee-bd87-d99a dhcp server static-bind ip-address 192.168.100.244 mac-address 7423-448d-12e9 dhcp server static-bind ip-address 192.168.100.245 mac-address cc08-8db5-05aa dhcp server static-bind ip-address 192.168.100.56 mac-address 0008-caa2-1aa3 dhcp server excluded-ip-address 192.168.20.100 192.168.20.120
dhcp ip是否被分配:
dis ip pool interface Vlanif15 used | include fcc2-deef-4080 192.168.5.241
dhcp释放used地址:
reset ip pool int vlanif20 x.x.x.x
dhcp释放conflict ip:
reset ip pool int vlanif20 conflict ßconflict ip是无法被分配的,也无法在used里查到,也无法在借口绑定给用户,查看冲突ip: dis ip pool intterface vlan 100 conflict
dhcp地址池绑定ip
reset ip pool int vlanif15 192.168.5.56 ß如果已被分配了,为确保最小震荡,先释放,后绑定. y sys int vlanif15 dhcp server static-bind ip-address 192.168.5.56 mac-address 0008-caa2-1a03