华为S6720S acl+策略流控制（华为s6720s怎么配置）

华为S6720S acl+策略流控制（华为s6720s怎么配置）

配置acl策略，3000设置允许，3001设置拒绝所有：

acl 3001 rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule deny ip source 192.168.20.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 acl 3000 rule permit ip source 192.168.10.11 0 rule permit ip source 192.168.20.222 0 destination 192.168.10.111 0

配置策略流应用到全局：

traffic classifier 3000 operator and if-match acl 3000 q traffic behavior 3000 traffic classifier 3001 operator and if-match acl 3001 q traffic behavior 3001

以上2台核心交换机配置一样

sw1： traffic policy yunxu classifier 3000 behavior 3000 classifier 3001 behavior 3001 traffic-policy yunxu global inbound backup： traffic policy yunxu-backup classifier 3000 behavior 3000 classifier 3001 behavior 3001 traffic-policy yunxu-backup global inbound

设置端口组：

port-group g1-24 port-group group-member g0/0/1 to g0/0/24 port link-type trunk port trunk allow-pass vlan all

配置端口聚合，将2台核心交换机通过线路捆绑：

interface Eth-Trunk 1 trunkport GigabitEthernet 0/0/10 to 0/0/12 port link-type trunk port trunk allow-pass vlan 2 to 4094

以上2台核心交换机配置一样

配置vrrp，防止核心交换单点故障：

[sw1] 主走vlan10 vlan20，备走vlan30 vlan40

int vlan 10 vrrp vrid 10 virtual-ip 192.168.10.100 vrrp vrid 10 priority 150 vrrp vrid 10 track interface g0/0/24 reduced 100 int vlan 20 vrrp vrid 20 virtual-ip 192.168.20.100 vrrp vrid 20 priority 150 vrrp vrid 20 track interface g0/0/24 reduced 100 int vlan 30 vrrp vrid 30 virtual-ip 192.168.30.100 int vlan 40 vrrp vrid 40 virtual-ip 192.168.40.100

[backup] 主走vlan30 vlan40，备走vlan10 vlan 20

int vlan 10 vrrp vrid 10 virtual-ip 192.168.10.100 int vlan 20 vrrp vrid 20 virtual-ip 192.168.20.100 int vlan 30 vrrp vrid 30 virtual-ip 192.168.30.100 vrrp vrid 30 priority 150 vrrp vrid 30 track interface g0/0/24 reduced 100 int vlan 40 vrrp vrid 40 virtual-ip 192.168.40.100 vrrp vrid 40 priority 150 vrrp vrid 40 track interface g0/0/24 reduced 100

注：各vlan下设备网关配置为各自的虚拟ip。如果配置vlan ip的话当主出现故障将无法访问外网；配置虚拟ip就算主出现故障，数据会通过备出去，不影响上网。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。