version 5.20, Release 1207 # sysname dunan-s5500 设备重命名 # super password level 3 simple abcd123456 设置串口连接密码 # domain default enable system 说明性文字 # telnet server enable telnet 服务开启 # loopback-detection enable 环回口连接开启 # vlan 1 description fileserver 注释 VLAN 连接区域 # vlan 2 description firewall # vlan 10 description erp+sql+other # vlan 20 description caiwu # vlan 30 description waimao # vlan 40 description bigoffice # vlan 50 description jishubu # vlan 60 description erchejian # vlan 70 description huayi # vlan 80 description zongcai # vlan 90 description webser # vlan 130 description wlan # radius scheme system # domain system 说明性文字 access-limit disable state active idle-cut disable self-service-url disable # traffic classifier c_vlan operator and 将ACL 规则定义策略和行为这里和3600 是不同的,分为三部 if-match acl 3000 traffic classifier a_vlan operator and if-match acl 3001 # traffic behavior d_vlan filter deny traffic behavior b_vlan filter deny # qos policy p_vlan classifier c_vlan behavior b_vlan qos policy t_vlan classifier a_vlan behavior d_vlan # local-user h3c 设置 web 访问用户和密码并定义权限为最高 password simple dafm service-type telnet level 3 # acl number 3000 rule 0 deny tcp source 192.168.50.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 1 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 rule 2 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 rule 3 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.30.0 0.0.0.255 rule 4 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 rule 5 deny tcp source 192.168.130.0 0.0.0.255 destination 192.168.50.0 0.0.0.255 ru le 6 deny tcp sou rce 192.168.130.0...
