[na]华为acl(traffic-filter)和dhcp管理

这个是财务网络的一个问题, 要求财务的某台机器能访问其他部门区的打印机. 其他部门是不能访问到财务网络的.

 

华为alc配置实例:-traffic-filter

# 在VLAN100上配置基于ACL的报文过滤，允许源IP地址为192.168.0.2/32的报文通过，丢弃其他报文。

<HUAWEI> system-view[HUAWEI] vlan 100[HUAWEI-vlan100] quit[HUAWEI] acl name test 3000[HUAWEI-acl-adv-test] rule 5 permit ip source 192.168.0.2 0[HUAWEI-acl-adv-test] rule 10 deny ip source any[HUAWEI-acl-adv-test] quit[HUAWEI] traffic-filter vlan 100 inbound acl name test

 

 

traffic-filter实例:

int vlan15acl name wifiToServer 3000rule 5 per ip so 192.168.5.95 0rule 10 per ip so 192.168.5.139 0rule 15 per ip so 192.168.5.165 0rule 20 per ip so 192.168.5.212 0rule 25 per ip so 192.168.5.241 0rule 30 per ip so 192.168.5.242 0traffic-filter vlan 15 inbound acl name wifiToServer

dhcp地址池配置:

interface Vlanif100ip address 192.168.100.1 255.255.255.0dhcp select interfacedhcp server static-bind ip-address 192.168.100.241 mac-address 28f0-7647-11fddhcp server static-bind ip-address 192.168.100.242 mac-address fcc2-deef-408cdhcp server static-bind ip-address 192.168.100.243 mac-address 00ee-bd87-d99adhcp server static-bind ip-address 192.168.100.244 mac-address 7423-448d-12e9dhcp server static-bind ip-address 192.168.100.245 mac-address cc08-8db5-05aadhcp server static-bind ip-address 192.168.100.56 mac-address 0008-caa2-1aa3dhcp server excluded-ip-address 192.168.20.100 192.168.20.120

dhcp ip是否被分配:

dis ip pool interface Vlanif15 used | include fcc2-deef-4080 192.168.5.241

dhcp释放used地址:

reset ip pool int vlanif20 x.x.x.x

dhcp释放conflict ip:

reset ip pool int vlanif20 conflict ßconflict ip是无法被分配的,也无法在used里查到,也无法在借口绑定给用户,查看冲突ip: dis ip pool intterface vlan 100 conflict

dhcp地址池绑定ip

reset ip pool int vlanif15 192.168.5.56 ß如果已被分配了,为确保最小震荡,先释放,后绑定.ysysint vlanif15dhcp server static-bind ip-address 192.168.5.56 mac-address 0008-caa2-1a03