ÊÕ²ØСվ
ISCOMϵÁн»»»»ú¼òÃ÷ÅäÖÃÊÖ²á(v1.0) ÏÂÔر¾ÎÄ

ISCOMϵÁн»»»»ú¼òÃ÷ÅäÖÃÊÖ²á(v1.0)

Ò»¡¢ ½ÓÈë½»»»»úISCOM2000ϵÁÐ .............................................................................. 2

1. VLANµÄ»®·Ö .................................................................................................. 2 2. ±£»¤¶Ë¿ÚµÄÉèÖà ............................................................................................ 2

3. ¹ÜÀíIPµÄÅäÖÃ.............................................................................................. 3 4. »·Â·¼ì²â¹¦ÄܵĿªÆô ..................................................................................... 3 5. ¶Ë¿ÚÏÞËÙ¹¦ÄÜ ............................................................................................... 3 ¶þ¡¢»ã¾Û½»»»»úISCOM2800ϵÁÐ................................................................................ 3

1. VLANµÄ»®·Ö .................................................................................................. 3 2. ±£»¤¶Ë¿ÚµÄÉèÖà ............................................................................................ 3 3. ¹ÜÀíIPµÄÅäÖÃ.............................................................................................. 3 4. »·Â·¼ì²â¹¦ÄÜ»òÉú³ÉÊ÷¹¦ÄܵĿªÆô ................................................................ 3 5. ¶Ë¿ÚÏÞËÙ¹¦ÄÜ ............................................................................................... 4 6. ACL·ÃÎÊ¿ØÖƹ¦ÄÜ¡£...................................................................................... 4 7. ·ç±©ÒÖÖƹ¦ÄܵĿªÆô ..................................................................................... 4 8. ÅäÖÃË«TAG¹¦ÄÜ ............................................................................................ 4 Èý¡¢¹¦ÄÜÅäÖò½Öè˵Ã÷.............................................................................................. 4

1¡¢µÇ½ ............................................................................................................. 4

2¡¢Óû§Ä£Ê½ ...................................................................................................... 4 3¡¢³£ÓòÙ×÷ÃüÁî ............................................................................................... 5 4¡¢Ìí¼ÓÓû§µÄÅäÖà ............................................................................................ 5 5¡¢½»»»»úÔ¶³Ì¹ÜÀíµØÖ·µÄÅäÖà .......................................................................... 5 6¡¢½»»»»úµÄÍø¹ØÅäÖà ........................................................................................ 5 7¡¢¶Ë¿ÚµÄÅäÖà ................................................................................................... 6 8¡¢´´½¨VLAN ..................................................................................................... 6 9¡¢±£»¤¶Ë¿Úģʽ ............................................................................................... 7 10¡¢·ç±©ÒÖÖÆ..................................................................................................... 7 11¡¢¶Ë¿Ú»·Â·..................................................................................................... 7 12¡¢¶Ë¿Ú¾µÏñ..................................................................................................... 8 13¡¢·À²¡¶¾ÅäÖãº.............................................................................................. 8 14. ÅäÖ÷ÀARP¹¥»÷ .......................................................................................... 9 15¡¢·ÀÓû§Ë½½ÓDHCP·þÎñÆ÷£º ........................................................................ 10 16 ÅäÖÃtrap:£¨ÓÃÓڸ澯ÐÅÏ¢ÉÏ´«) ................................................................ 10 17¡¢Ô¶³Ì·ÃÎÊ¿ØÖÆ............................................................................................ 10 18¡¢Q-in-QµÄÅäÖã¨ÍøÂç½á¹¹ÈçͼËùʾ£©.........................................................11 ËÄ¡¢ÅäÖÃʾÀý£º .......................................................................................................11

1. ISCOM2826E ..................................................................................................11 2£®ISCOM2026................................................................................................... 15

1

³ÇÓòÍø±ßÔµ ISCOM2826E ISCOM2026 ISCOM2026 ISCOM2026

PPPOE²¦ºÅÉÏÍø ÉÏͼΪISCOMϵÁн»»»»úµÄµäÐÍʹÓ÷½Ê½¡£ISCOM2000ϵÁлòÕßÊÇISCOM2100ϵÁеĽ»»»»ú×ö×îÖÕÓû§µÄ½ÓÈëÉ豸£¬ISCOM2800ϵÁÐ×ö»ã¾Û¡£

ÏÂÃæ½éÉÜͨ³£Çé¿öÏ£¬ÓÃ×ö½ÓÈëÉ豸µÄISCOM2000½»»»»ú¼°ISCOM2800½»»»»úµÄһЩµäÐÍÅäÖü°ÐèҪעÒâµÄµØ·½£º

Ò»¡¢ ½ÓÈë½»»»»úISCOM2000ϵÁÐ

¶ÔÓÚÖ±½Ó½ÓÖÕ¶ËÓû§µÄÉ豸À´Ëµ£¬Í¨³£ÓÐÒÔϼ¸ÏÄÜÐèÒªÅäÖ㺠1. VLANµÄ»®·Ö

ÕâÀïÐèÒª»®·ÖÒµÎñVLAN£¬Óû§VLAN£¬Í¬Ê±Òª¿¼ÂÇÉÏÁ¬¶Ë¿ÚÊÇ·ñҪ͸´«VLAN¡£ 2. ±£»¤¶Ë¿ÚµÄÉèÖÃ

Èç¹ûÒª±£Ö¤Í¬Ò»VLANÄÚµÄÓû§Ï໥֮¼ä²»¿É·ÃÎÊ£¬ÐèÒª¿ªÆô±£»¤¶Ë¿ÚµÄ¹¦ÄÜ¡£

2

3. ¹ÜÀíIPµÄÅäÖÃ

ÕâÀïҪעÒâ¹ÜÀíIPÆ¥ÅäµÄVLAN£¬Èç¹ûÓû§ÐèÒª´Ó½»»»»úµÄ϶˽øÐйÜÀí£¬Òª×¢Ò⽫IPÆ¥Åäµ½ÏàÓ¦µÄVLANÉÏ¡£ 4. »·Â·¼ì²â¹¦ÄܵĿªÆô

Ϊ±ÜÃ⻷·µÄ²úÉú£¬ÐèÒª¿ªÆô»·Â·¼ì²âµÄ¹¦ÄÜ£¬ÒòÉú³ÉÊ÷ЭÒéÊÕÁ²ËÙ¶ÈÂý£¬½¨ÒéÖ±½Ó½ÓÖÕ¶ËÓû§µÄÉ豸ÉÏ£¬¿ªÆô»·Â·¼ì²â¹¦Äܶø¹Ø±ÕÉú³ÉÊ÷ЭÒé¡£ÕâÀïҪעÒâÁ½µã£ºÒ»¸öÊÇ»·Â·¼ì²â¹¦ÄÜ¿ªÆôʱ£¬±ØÐë¹Ø±ÕÉú³ÉÊ÷ЭÒ飬ÕâÁ½¸öЭÒéÖ®¼äÓгåÍ»£¬²»¿ÉÒÔͬʱ¿ªÆô¡£µÚ¶þÊÇ»·Â·¼ì²â¹¦ÄÜÖ»ÔÚÓû§¶Ë¿Ú¿ªÆô£¬ÉÏÁ¬¶Ë¿Ú²»Òª¿ªÆô»·Â·¼ì²â¹¦ÄÜ¡£ 5. ¶Ë¿ÚÏÞËÙ¹¦ÄÜ

ÕâÀïҪעÒ⣺Òò¶Ë¿ÚµÄÈë·½ÏòµÄÏÞËÙÓë¶Ë¿ÚµÄÁ÷¿Ø¹¦ÄÜÏà¹Ø£¬ËùÒÔ¿ªÆô¶Ë¿ÚÈë·½ÏòµÄÏÞËÙʱ£¬±ØÐë°Ñ¶Ë¿ÚµÄÁ÷¿Ø¹¦ÄÜ¿ªÆô¡£

¶þ¡¢»ã¾Û½»»»»úISCOM2800ϵÁÐ

¶ÔÓÚÓÃ×ö»ã¾Û¹¦ÄܵÄÉ豸À´Ëµ£¬Í¨³£ÓÐÒÔϼ¸ÏÄÜÐèÒªÅäÖ㺠1. VLANµÄ»®·Ö

ÕâÀïÐèÒª»®·ÖÒµÎñVLAN£¬Óû§VLAN£¬Í¬Ê±Òª¿¼ÂÇÉÏÁ¬¶Ë¿ÚÊÇ·ñҪ͸´«VLAN¡£ 2. ±£»¤¶Ë¿ÚµÄÉèÖÃ

Èç¹ûÒª±£Ö¤Í¬Ò»VLANÄÚµÄÓû§Ï໥֮¼ä²»¿É·ÃÎÊ£¬ÐèÒª¿ªÆô±£»¤¶Ë¿ÚµÄ¹¦ÄÜ¡£ 3. ¹ÜÀíIPµÄÅäÖÃ

ÕâÀïҪעÒâ¹ÜÀíIPÆ¥ÅäµÄVLAN£¬Èç¹ûÓû§ÐèÒª´Ó½»»»»úµÄ϶˽øÐйÜÀí£¬Òª×¢Ò⽫IPÆ¥Åäµ½ÏàÓ¦µÄVLANÉÏ¡£

4. »·Â·¼ì²â¹¦ÄÜ»òÉú³ÉÊ÷¹¦ÄܵĿªÆô

Ϊ±ÜÃ⻷·µÄ²úÉú£¬ÐèÒª¿ªÆô»·Â·¼ì²â»òÉú³ÉÊ÷ЭÒé¡£ÕâÀïҪעÒâÁ½µã£ºÒ»¸öÊÇ»·Â·¼ì²â¹¦ÄÜ¿ªÆôʱ£¬±ØÐë¹Ø±ÕÉú³ÉÊ÷ЭÒ飬ÕâÁ½¸öЭÒéÖ®¼äÓгåÍ»£¬²»¿ÉÒÔͬʱ¿ªÆô¡£µÚ¶þÊÇ»·Â·¼ì²â¹¦ÄÜÖ»ÔÚÓû§¶Ë¿Ú¿ªÆô£¬ÉÏÁ¬¶Ë¿Ú²»Òª¿ªÆô»·Â·¼ì²â¹¦ÄÜ¡£

3

5. ¶Ë¿ÚÏÞËÙ¹¦ÄÜ

ÕâÀïҪעÒ⣺Òò¶Ë¿ÚµÄÈë·½ÏòµÄÏÞËÙÓë¶Ë¿ÚµÄÁ÷¿Ø¹¦ÄÜÏà¹Ø£¬ËùÒÔ¿ªÆô¶Ë¿ÚÈë·½ÏòµÄÏÞËÙʱ£¬±ØÐë°Ñ¶Ë¿ÚµÄÁ÷¿Ø¹¦ÄÜ¿ªÆô¡£ 6. ACL·ÃÎÊ¿ØÖƹ¦ÄÜ¡£

ACL¹¦ÄÜÔÚ»ã¾ÛÉ豸ÉÏ°çÑÝ×ÅÖØÒªµÄ½ÇÉ«¡£Ä¿Ç°Çé¿öÏ£¬Æ书ÄÜÆðµ½µÄ×óÓÒÓм¸µã£º¹ýÂ˲¡¶¾£¬·ÀÖ¹ARP¹¥»÷£¬·Àֹ˽½ÓDHCP SERVER¡£¾ßÌåÅäÖÃÔÚÏÂÃæ½øÐÐÏêϸ˵Ã÷¡£ 7. ·ç±©ÒÖÖƹ¦ÄܵĿªÆô

ÔÚÍøÂçÖз籩Çé¿ö±È½ÏÑÏÖØʱ£¬¿ÉÒÔ¿ªÆô·ç±©ÒÖÖƹ¦ÄÜ£¬¶Ô¹ã²¥°ü£¬×é²¥°üºÍDLF°ü£¨Ä¿µÄ²éÕÒʧ°Ü°ü£©½øÐз籩ÒÖÖÆ£¬Ìá¸ßÍøÂç´ø¿íµÄʹÓÃÂÊ¡£ 8. ÅäÖÃË«TAG¹¦ÄÜ

ÓÐʱºòÓû§ÐèÒªÔÚ»ã¾ÛÉ豸ÉÏÆôÓÃË«TAG¹¦ÄÜ¡£¾ßÌåÅäÖÃÔÚÏÂÃæ½øÐÐÏêϸ˵Ã÷

ÒÔÉÏ˵Ã÷µÄÊǽ»»»»úÔÚʹÓÃÖеÄһЩµäÐÍÓ¦Óù¦ÄÜ£¬¾ßÌåÇé¿öÐèÒª¸ù¾Ýʵ¼ÊµÄʹÓÃÇé¿ö½øÐе÷Õû¡£ÏÂÃæ°´ÕÕ³£Óõĸ÷ÖÖÅäÖýøÐÐÅäÖÃ˵Ã÷¡£

Èý¡¢¹¦ÄÜÅäÖò½Öè˵Ã÷

1¡¢µÇ½ Login:raisecom Password:raisecom Raisecom>enable Password:raisecom

2¡¢Óû§Ä£Ê½

ÆÕͨÓû§Ä£Ê½

¡ª¡ª¡°Raisecom>¡±

ÌØȨÓû§Ä£Ê½ ¡ª¡ª¡°Raisecom# ¡± È«¾ÖÅäÖÃģʽ ¡ª¡ª¡°Raisecom(config)# ¡± ÎïÀí²ã½Ó¿ÚÅäÖÃģʽ ¡ª¡ª¡°Raisecom(config-port)# ¡±

4

ÎïÀí²ã½Ó¿ÚÅúÁ¿ÅäÖÃģʽ ¡ª¡ª¡°Raisecom(config-range)# ¡± Èý²ã½Ó¿ÚÅäÖÃģʽ ¡ª¡ª¡°Raisecom(config-ip)# ¡± VLANÅäÖÃģʽ ¡ª¡ª¡°Raisecom(config-vlan)# ¡±

3¡¢³£ÓòÙ×÷ÃüÁî

Raisecom# write £¨±£´æÅäÖã© Raisecom# erase £¨É¾³ýÅäÖã© Raisecom# reboot £¨ÖØÆô½»»»»ú£© Raisecom# show running-config £¨²é¿´ÕýÔÚÔËÐеÄÅäÖã© Raisecom# show version £¨²é¿´µ±Ç°µÄÓ²¼þ¡¢Èí¼þ°æ±¾ºÅ£© Raisecom#user name raisecom password iscom (ÐÞ¸Ätelnet ÃÜÂë) ÐÞ¸Äenable ÃÜÂë

Raisecom#enable password Please input password:dianxin Please input again:dianxin

ʹÓá°£¿¡±¿ÉÁгöµ±Ç°Ä£Ê½ÏÂËùÓеÄÃüÁî¡£ÀýÈ磺Raisecom# £¿

4¡¢Ìí¼ÓÓû§µÄÅäÖÃ

Raisecom#user name root password md5 mima £¨´´½¨Ò»¸öÓû§ÃûΪroot£¬ÃÜÂëΪmimaµÄÓû§£©

Raisecom#user name root privilage 15 £¨É趨rootÓû§µÄȨÏÞΪ×î¸ßȨÏÞ15£©

5¡¢½»»»»úÔ¶³Ì¹ÜÀíµØÖ·µÄÅäÖÃ

Raisecom#config

Raisecom (config)#create vlan 100 active £¨´´½¨²¢¼¤»î¹ÜÀívlan100£© Raisecom(config)#interface ip 0 £¨½øÈëµ½ip½Ó¿Ú£©

Raisecom(config-ip)ip address 192.168.0.100 100 £¨É趨¸Ãip½Ó¿ÚµÄµØַΪ192.168.0.100,¹ÜÀívlanΪ100£©

6¡¢½»»»»úµÄÍø¹ØÅäÖà Raisecom#config

5

Raisecom (config)#ip default-gatway 61.6.0.100 £¨É趨½»»»»úµÄÍø¹Ø£©

7¡¢¶Ë¿ÚµÄÅäÖÃ

¾ÙÀý£ºÉèÖö˿Ú3µÄËÙÂÊΪ10Mbps£¬Ë«¹¤Ä£Ê½ÎªÈ«Ë«¹¤¡£ Raisecom#config

Raisecom(config)#interface port 3 £¨½øÈë¸Ã¶Ë¿Ú£© Raisecom(config-port)#speed 10 Raisecom(config-port)#duplex full Raisecom(config-port)#exit ¾ÙÀý£º¹Ø±Õ¶Ë¿Ú3 Raisecom#config

Raisecom(config)# interface port 3 Raisecom(config-port)#shut down Raisecom(config-port)#exit Raisecom(config)#exit ²é¿´¶Ë¿ÚÐÅÏ¢

Raisecom#show interface port 3

Port Admin Operate Speed/Duplex Flowcontrol(R/S) Mac-learning ------------------------------------------------------------------------ 3 enable down 10/full off/off enable

8¡¢´´½¨VLAN

( 24¿ÚÉÏÁª£¬vlan3 vlan4ÊÇÓû§vlan£¬·Ö±ðÁ¬½ÓÓû§PC ) Raisecom #config

Raisecom (config)#create vlan 3,4 active £¨´´½¨²¢¼¤»îVLAN 3ºÍVLAN4£©Raisecom (config)#interface port 3 £¨½«¶Ë¿Ú3»®·Öµ½VLAN 3£©Raisecom (config-port)#switchport access vlan 3 Raisecom (config-port)#exit

Raisecom (config)#interface port 4 £¨½«¶Ë¿Ú4»®·Öµ½VLAN 4£©Raisecom (config-port)#switchport access vlan 4

Raisecom (config-port)#exit

Raisecom (config)#int port 24 £¨ÉèÖö˿Ú24Ϊtrunkģʽ£©Raisecom (config-port)#switchport mode trunk

Raisecom (config-port)#switchport trunk allowed vlan all

£¨Ôڶ˿Ú24ÉÏ£¬ÔÊÐíËùÓÐVLANͨ¹ý£©Raisecom (config-port)#exit

ɾ³ývlanÔÚÅäÖÃģʽÏÂʹÓÃno vlanÃüÁî Raisecom #config

Raisecom (config)#no vlan 3 £¨É¾³ývlan3£©

6

9¡¢±£»¤¶Ë¿Úģʽ

±£»¤¶Ë¿ÚʵÏÖÁËͬһVLANÄÚÓû§µÄ¸ôÀë¡£PC-1¡¢PC-2λÓÚͬһVLAN200£¬·Ö±ðÁ¬½Ó¶Ë¿Ú1¡¢2£¬Í¨¹ý½«¶Ë¿Ú1¡¢2ÉèÖÃΪ±£»¤¶Ë¿Ú£¬¶ø½«ÉÏÁ¬¶Ë¿Ú24ÉèÖÃΪ·Ç±£»¤¶Ë¿Ú£¬¼´¿ÉʵÏÖͬһVLANϵÄÖ÷»ú²»ÄÜ»¥Ïà·ÃÎÊ£¬¶ø±£»¤¶Ë¿ÚÓë·Ç±£»¤¶Ë¿ÚÖ®¼ä¿ÉʵÏÖÕý³£µÄͨÐÅ¡£ Raisecom #config

Raisecom (config)#create vlan 200 active £¨´´½¨²¢¼¤»îVLAN 200£© Raisecom (config)#interface range 1-2 £¨½«¶Ë¿Ú1-2»®·Öµ½VLAN 200,rangeÊÇÅú´¦ÀíÃüÁ¿ÉÒÔʹÓøÃÃüÁîÒ»´ÎÐÔÅäÖÃËùÓж˿ڣ© Raisecom (config-port)#switchport access vlan 200

Raisecom (config-port)#switchport protect £¨½«¶Ë¿Ú1-2ÉèÖÃΪ±£»¤¶Ë¿Ú£© Raisecom (config-port)#exit

Raisecom (config)#int port 24 £¨ÉèÖö˿Ú24Ϊtrunkģʽ£© Raisecom (config-port)#switchport mode trunk Raisecom (config-port)#switchport trunk allowed vlan 200

£¨¶Ë¿Ú24ÔÊÐíVLAN200±ê¼ÇµÄ°üͨ¹ý) ISCOM2826-1(config-port)#exit

10¡¢·ç±©ÒÖÖÆ

ĬÈÏÇé¿öÏ£¬·ç±©ÒÖÖƹ¦ÄÜÊÇ¿ªÆôµÄ£¬ÉèÖÃÁ˶ÔÄ¿µÄÑ°ÕÒʧ°ÜµÄµ¥²¥°ü¡¢¹ã²¥°üºÍ×é²¥°üµÄ·ç±©ÒÖÖÆ£¬Ä¬ÈÏÏÞÖƵÄÊýÁ¿ÊÇ1024¸ö°üÿÃ루¸Ã²ÎÊý¸ù¾Ý²»Í¬µÄ½»»»»úÐͺÅÓÐËù²»Í¬£©¡£ÅäÖ÷籩ÒÖÖƹ¦ÄܵÄÃüÁîÐÐÈçÏ£º Raisecom #config

Raisecom (config)#storm-control all enable

£¨¿ªÆô·ç±©ÒÖÖƹ¦ÄÜ£¬°üÀ¨¹ã²¥°ü¡¢×é²¥°ü£© Raisecom (config)#storm-control pps 1024

£¨½«·ç±©ÒÖÖƵÄÊýÁ¿ÉèÖÃΪÿÃëÔÊÐí1024¸ö°üͨ¹ý£¬³¬³ö²¿·Ö½«±»¶ªÆú£©

11¡¢¶Ë¿Ú»·Â·

stp¹Ø±ÕµÄÇé¿öÏ£¬ÔÚHUBÉÏ×ö»·£¬½»»»»úµÄ»·Â·¼ì²â¹¦Äܽ«¼ì²âµ½¶Ë¿Ú1×Ô»·µÄ·¢Éú£¬²¢¹Ø±Õ¶Ë¿Ú1¡£»·Â·¼ì²â¹¦ÄÜÅäÖÃÈçÏ£º

Raisecom #config

Raisecom (config)#loopback-detection enable port-list all

£¨¿ªÆôËùÓж˿ڵĻ·Â·¼ì²â¹¦ÄÜ£©

7

Raisecom (config)#loopback-detection hello-time 30

£¨ÉèÖû·Â·¼ì²âÖÜÆÚΪ30Ã룩

Raisecom (config)#intface range all £¨ÅúÁ¿½Ó¿ÚÅäÖÃģʽ£© Raisecom (config-range)#loopback-detection down-time 600

£¨ÉèÖû·Â·¶Ë¿Ú´¦ÓڹرÕ״̬µÄʱ¼ä£©

12¡¢¶Ë¿Ú¾µÏñ

½«½»»»»úµÄ¶Ë¿Ú24ÉèÖÃΪ¼à¿Ø¶Ë¿Ú£¬Í¨¹ýÔÚ¼à¿ØÖÕ¶ËÉÏ°²×°ÍøÂç·ÖÎöϵͳ£¬¶ÔÁ÷Èë¶Ë¿Ú3µÄÊý¾Ý¡¢Á÷³ö¶Ë¿Ú4µÄÊý¾Ý£¬ÒÔ¼°³öÈë¶Ë¿Ú8µÄÊý¾Ý½øÐзÖÎöºÍ¼à¿Ø¡££¨¸Ã¹¦ÄÜÖ÷ÒªÓÃÓÚ¹¤³Ìʦ½øÐÐ×¥°ü·ÖÎöÍøÂç×´¿ö£© Raisecom #config

Raisecom (config)#mirror enable £¨¿ªÆô¾µÏñ¹¦ÄÜ£© Raisecom (config)#mirror monitor-port 24 £¨ÉèÖö˿Ú24Ϊ¼à¿Ø¶Ë¿Ú£© Raisecom (config)#mirror source-port-list ingress 3,8 egress 4,8 £¨ÉèÖö˿Ú3¡¢8Èë·½ÏòµÄ±¨Îı»¾µÏñ£»¶Ë¿Ú4¡¢8³ö·½ÏòµÄ±¨Îı»¾µÏñ£©

13¡¢·À²¡¶¾ÅäÖãº

Raisecom(config)#ip-access-list 0 deny tcp any any 135 £¨²»ÄÜͨ¹ýTCPЭÒé·ÃÎÊ£¬¸Ã¶Ë¿Ú135£©

Raisecom(config)#ip-access-list 1 deny udp any any 135 £¨²»ÄÜͨ¹ýUDPЭÒé·ÃÎÊ£¬¸Ã¶Ë¿Ú135£©

Raisecom(config)#ip-access-list 2 deny tcp any any 445 Raisecom(config)#ip-access-list 3 deny udp any any 445

Raisecom(config)#filter ip-access-list 0-3 ingress port-list 1-26 (½«IP¹ýÂËÁбí0-3Ó¦Óõ½1-26¶Ë¿ÚµÄÈë·½Ïò)

Raisecom(config)#filter enable (ÆôÓùýÂ˹¦ÄÜ)

¸½£ºÏÂÃæΪһЩÍøÂçÖг£¼û²¡¶¾µÄ¶Ë¿ÚºÅµÄ¹ýÂËÁбíÅäÖã¬ÐèÒªµÄ»°£¬¿ÉÒÔÖ±½Ó½«ÏÂÁÐÄÚÈÝÕ³Ìùµ½¿ØÖÆ̨£¬²¢½«ËùÓÐÁбíÓ¦Óõ½ÉÏÁ¬¶Ë¿ÚµÄ³ö·½Ïò¡£ ip-access-list 1 deny tcp any any 135 ip-access-list 2 deny tcp any any 2745 ip-access-list 3 deny tcp any any 1035 ip-access-list 4 deny tcp any any 3127 ip-access-list 5 deny tcp any any 6129 ip-access-list 6 deny tcp any 135 any ip-access-list 7 deny tcp any 2745 any ip-access-list 8 deny tcp any 1035 any ip-access-list 9 deny tcp any 3127 any ip-access-list 10 deny tcp any 5554 any

8

ip-access-list 11 deny tcp any 6129 any ip-access-list 12 deny tcp any any 1801 ip-access-list 13 deny udp any any 1801 ip-access-list 14 deny udp any any 3527 ip-access-list 15 deny 53 any any ip-access-list 16 deny 55 any any ip-access-list 17 deny 77 any any ip-access-list 18 deny 135 any any

ip-access-list 19 deny tcp any any 445 ip-access-list 20 deny udp any any 445 ip-access-list 21 deny tcp any 445 any ip-access-list 22 deny udp any 445 any ip-access-list 23 deny tcp any any 137 ip-access-list 24 deny tcp any any 138 ip-access-list 25 deny tcp any any 139 ip-access-list 26 deny udp any any 1434 ip-access-list 27 deny udp any 1434 any ip-access-list 28 deny tcp any any 1434 ip-access-list 29 deny tcp any 1434 any ip-access-list 30 deny tcp any any 5554 ip-access-list 31 deny tcp any any 5900 ip-access-list 32 deny tcp any any 6667 ip-access-list 33 deny tcp any 5900 any ip-access-list 34 deny tcp any 6667 any ip-access-list 35 deny 255 any any ip-access-list 36 deny udp any any 22321 ip-access-list 37 deny udp any any 1900 ip-access-list 38 deny tcp any any 4444 ip-access-list 39 deny udp any any 34944 ip-access-list 40 deny udp any any 2191 14. ÅäÖ÷ÀARP¹¥»÷

Raisecom(config)# access-list-map 0 deny (ÅäÖÃACCESSÁбí0Ϊ¾Ü¾ø¹¦ÄÜ)

Raisecom(config-cmap)# match arp Opcode reply £¨Æ¥ÅäARPÀàÐ͵ÄOpcodeΪreplyµÄ°ü£©

Raisecom(config-cmap)#exit

Raisecom(config)# access-list-map 1 deny (ÅäÖÃACCESSÁбí1Ϊ¾Ü¾ø¹¦ÄÜ)

Raisecom(config-cmap)# match arp Opcode request£¨Æ¥ÅäARPÀàÐ͵ÄOpcodeΪrequestµÄ°ü£©

Raisecom(config-cmap)#exit

Raisecom(config)#filter access-list-map 0 ingress port-list 1-23 £¨½«Æ¥ÅäarpµÄreplyÊý¾Ý°üµÄ¿ØÖÆÁбíÓ¦Óõ½ËùÓеÄÓû§¶Ë¿ÚµÄÈë·½Ïò£© Raisecom(config)#filter access-list-map 1 egress port-list 24

9

£¨½«Æ¥ÅäarpµÄrequestÊý¾Ý°üµÄ¿ØÖÆÁбíÓ¦Óõ½ÉÏÁ¬¶Ë¿ÚµÄÈë·½Ïò£© Raisecom(config)#filter enable (ÆôÓùýÂ˹¦ÄÜ)

15¡¢·ÀÓû§Ë½½ÓDHCP·þÎñÆ÷£º

Raisecom(config)#ip-access-list 0 deny udp any any 67 £¨²»ÄÜͨ¹ýUDPЭÒé·ÃÎÊ£¬Ä¿µÄ¶Ë¿Ú67£¬ÎªDHCPµÄÇëÇó°ü£© Raisecom(config)#ip-access-list 1 deny udp any any 68 £¨²»ÄÜͨ¹ýUDPЭÒé·ÃÎÊ£¬Ä¿µÄ¶Ë¿Ú68£¬ÎªDHCPµÄÓ¦´ð°ü£©

Raisecom(config)#filter ip-access-list 0 egress port-list 1-23 (½«IP¹ýÂËÁбí0Ó¦Óõ½ËùÓÐÓû§¶Ë¿ÚµÄ³ö·½Ïò)

Raisecom(config)#filter ip-access-list 1 ingress port-list 1-23 (½«IP¹ýÂËÁбí1Ó¦Óõ½ËùÓÐÓû§¶Ë¿ÚµÄÈë·½Ïò) Raisecom(config)#filter enable (ÆôÓùýÂ˹¦ÄÜ)

16 ÅäÖÃtrap:£¨ÓÃÓڸ澯ÐÅÏ¢ÉÏ´«)

Raisecom(config)#snmp-server host 100.0.0.250 version 2c raisecom udpport 162 Raisecom(config)#snmp-server enable traps

17¡¢Ô¶³Ì·ÃÎÊ¿ØÖÆ

PC-1µÄIPµØַΪ192.168.1.3£»PC-2µÄIPµØַΪ192.168.1.4£¬Í¨¹ýÉèÖ÷ÃÎÊ¿ØÖÆÁÐ±í£¬Ö»ÔÊÐíPC-2¿ÉÒÔͨ¹ýtelnet·ÃÎÊPC-1£¨telnetЭÒé¶Ë¿ÚΪ23£©¡£ÆäËûÖնˣ¨ÈçPC-3£©²»ÄÜͨ¹ýtelnet·ÃÎÊPC-1¡£ÅäÖÃÈçÏ£º

Raisecom # config

Raisecom (config)# ip-access-list 4 deny TCP any 192.168.1.3 255.255.255.255 23 Raisecom (config)# ip-access-list 5 permit TCP 192.168.1.4 255.255.255.255 23 192.168.1.3 255.255.255.255 23

Raisecom (config)# filter ip-access-list 4,5 Raisecom (config)# filter enable Raisecom (config)# exit

10

18¡¢Q-in-QµÄÅäÖã¨ÍøÂç½á¹¹ÈçͼËùʾ£© user Port1 port27 port28 port28 port27 port1 switchA Port2 port3 ISP1 ISP2 switchB Port2 port 3 p-vlan tag100 c-vlan tag10 c-vlan tag20 SwitchA(config)#create vlan 10,20 active SwitchA(config)# interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan all SwitchA(config)# interface port 2

SwitchA(config-port)# switchport access vlan 10 SwitchA(config)# interface port 3

SwitchA(config-port)# switchport access vlan 20

switchBµÄÅäÖÃͬswitchAÓпɱÈÐÔ£®

ISP1(config)# create vlan 100 active

ISP1(config)# interface port 27

ISP1(config-port)# switchport mode dot1q-tunnel ISP1(config-port)# switchport access vlan 100 ISP1(config)# interface port 28

ISP1(config-port)# switchport mode trunk double-tagging ISP1(config-port)# switchport trunk allowed vlan all

ISP2µÄÅäÖÃͬISP1ÓпɱÈÐÔ£®

ËÄ¡¢ÅäÖÃʾÀý£º

1. ISCOM2826E

/*¶Ë¿Ú24ΪÉÏÁ¬¿Ú£¬ÉèÖÃΪTRUNKģʽ£¬¸÷Óû§¶Ë¿Ú»®·Öµ½²»Í¬VLANÄÚ£¬²¢×ö¶Ë¿ÚÏÞËÙ£¬ÆôÓò¡¶¾¹ýÂ˼°ARP¹¥»÷¹ýÂË¡£¹Ø±ÕÉú³ÉÊ÷£¬ÔÚËùÓÐÓû§¶Ë¿Ú¿ªÆô»·Â·¼ì²â¡£ÆðÓù㲥·ç±©ÒÖÖÆ£¬ÅäÖùÜÀíIP¼°Ä¬ÈÏÍø¹Ø*/ System current configuration:

11

user c-vlan tag10 c-vlan tag20 user user !ROS Version 3.1.680.ISCOM2826E.28.20061016

!command in view_mode !

!command in config_mode first-step

create vlan 1510-1517,1520,1522,1526-1528,1532,1538,1542,1544,1545,1549,1552,1553,2214 active

ip-access-list 1 deny tcp any any 135 ip-access-list 2 deny tcp any any 2745 ip-access-list 3 deny tcp any any 1035 ip-access-list 4 deny tcp any any 3127 ip-access-list 5 deny tcp any any 6129 ip-access-list 6 deny tcp any 135 any ip-access-list 7 deny tcp any 2745 any ip-access-list 8 deny tcp any 1035 any ip-access-list 9 deny tcp any 3127 any ip-access-list 10 deny tcp any 5554 any ip-access-list 11 deny tcp any 6129 any ip-access-list 12 deny tcp any any 1801 ip-access-list 13 deny udp any any 1801 ip-access-list 14 deny udp any any 3527 ip-access-list 15 deny 53 any any ip-access-list 16 deny 55 any any ip-access-list 17 deny 77 any any ip-access-list 18 deny 135 any any ip-access-list 19 deny tcp any any 445 ip-access-list 20 deny udp any any 445 ip-access-list 21 deny tcp any 445 any ip-access-list 22 deny udp any 445 any ip-access-list 23 deny tcp any any 137 ip-access-list 24 deny tcp any any 138 ip-access-list 25 deny tcp any any 139 ip-access-list 26 deny udp any any 1434 ip-access-list 27 deny udp any 1434 any ip-access-list 28 deny tcp any any 1434 ip-access-list 29 deny tcp any 1434 any ip-access-list 30 deny tcp any any 5554 ip-access-list 31 deny tcp any any 5900 ip-access-list 32 deny tcp any any 6667 ip-access-list 33 deny tcp any 5900 any ip-access-list 34 deny tcp any 6667 any ip-access-list 35 deny 255 any any ip-access-list 36 deny udp any any 22321 ip-access-list 37 deny udp any any 1900 ip-access-list 38 deny tcp any any 4444

12

ip-access-list 39 deny udp any any 34944 ip-access-list 40 deny udp any any 2191 !

!command in aclmap_mode access-list-map 0 deny match arp Opcode reply access-list-map 1 deny match arp Opcode request !

!command in enable_mode !

!command in ip igmp profile mode !

!command in port_mode interface port 1

switchport access vlan 1527 interface port 2

switchport access vlan 1544 interface port 3

switchport access vlan 1553 interface port 4

switchport access vlan 1511 interface port 5

switchport access vlan 1549 interface port 7

switchport access vlan 1516 interface port 8

switchport access vlan 1513 interface port 9

switchport access vlan 1520 interface port 10

switchport access vlan 1510 interface port 11

switchport access vlan 1528 interface port 12

switchport access vlan 1532 interface port 13

switchport access vlan 1526 interface port 14

switchport access vlan 1527 interface port 15

switchport access vlan 1542 interface port 16

switchport access vlan 1545

13

interface port 17

switchport access vlan 1514 interface port 18

switchport access vlan 1515 interface port 19

switchport access vlan 1517 interface port 20

switchport access vlan 1552 interface port 22

switchport access vlan 1512 interface port 23

switchport access vlan 1553 interface port 24 switchport

trunk

allowed

1,2,1510-1517,1520,1522,1526-1528,1532,1538,1542,1544,1545,1549,1552,1553,2214 switchport mode trunk

!

!command in vlan configuration mode !

!command in ip interface mode interface ip 0

ip address 10.9.14.58 255.255.255.252 2214 !

!command in cluster_mode !

!command in cmap_mode !

!command in pmap_mode !

!command in config_mode spanning-tree disable filter enable

filter ip-access-list 1 egress port-list 24 filter ip-access-list 2 egress port-list 24 filter ip-access-list 3 egress port-list 24 filter ip-access-list 4 egress port-list 24 filter ip-access-list 5 egress port-list 24 filter ip-access-list 6 egress port-list 24 filter ip-access-list 7 egress port-list 24 filter ip-access-list 8 egress port-list 24 filter ip-access-list 9 egress port-list 24 filter ip-access-list 10 egress port-list 24 filter ip-access-list 11 egress port-list 24 filter ip-access-list 12 egress port-list 24

vlan

14

filter ip-access-list 13 egress port-list 24 filter ip-access-list 14 egress port-list 24 filter ip-access-list 15 egress port-list 24 filter ip-access-list 16 egress port-list 24 filter ip-access-list 17 egress port-list 24 filter ip-access-list 18 egress port-list 24 filter ip-access-list 19 egress port-list 24 filter ip-access-list 20 egress port-list 24 filter ip-access-list 21 egress port-list 24 filter ip-access-list 22 egress port-list 24 filter ip-access-list 23 egress port-list 24 filter ip-access-list 24 egress port-list 24 filter ip-access-list 25 egress port-list 24 filter ip-access-list 26 egress port-list 24 filter ip-access-list 27 egress port-list 24 filter ip-access-list 28 egress port-list 24 filter ip-access-list 29 egress port-list 24 filter ip-access-list 30 egress port-list 24 filter ip-access-list 31 egress port-list 24 filter ip-access-list 32 egress port-list 24 filter ip-access-list 33 egress port-list 24 filter ip-access-list 34 egress port-list 24 filter ip-access-list 35 egress port-list 24 filter ip-access-list 36 egress port-list 24 filter ip-access-list 37 egress port-list 24 filter ip-access-list 38 egress port-list 24 filter ip-access-list 39 egress port-list 24 filter ip-access-list 40 egress port-list 24 filter access-list-map 0 ingress port-list 1-23 filter access-list-map 1 ingress port-list 24 storm-control pps 100

rate-limit port-list 22 ingress 6016 512 rate-limit port-list 1-13,15-23 egress 6016 512 snmp-server keepalive-trap disable ip default-gateway 10.9.14.57 logging file

loopback-detection enable port-list 1-23 rndp disable !

2£®ISCOM2026

/*¶Ë¿Ú1£¬3£¬7×öVLAN͸´«£¬¹Ø±ÕÉú³ÉÊ÷£¬Óû§¶Ë¿Ú¿ªÆô»·Â·¼ì²â¹¦ÄÜ£¬ÅäÖùÜÀíIP*/

15

System current configuration:

!ROS Version 3.1.653.ISCOM2026.46.20060817 !command in view_mode !

!command in config_mode first-step create vlan 50,71,649,1000,2000 active !

!command in enable_mode hostname shezijifang !

!command in ip igmp profile mode !

!command in port_mode interface port 1

switchport trunk allowed vlan 1,2,50,71,649,1000,2000 switchport mode trunk interface port 2

description dianzizhengwu switchport access vlan 71 interface port 3

switchport trunk allowed vlan 1,2,50,649,1000,2000 switchport mode trunk interface port 4

switchport access vlan 50 interface port 5

switchport access vlan 649 interface port 6

switchport access vlan 2000 interface port 7

switchport trunk allowed vlan 1,2,50,649 switchport mode trunk !

!command in vlan configuration mode !

!command in ip interface mode interface ip 0

ip address 10.11.1.80 255.255.255.0 1000 !

!command in cluster_mode !

!command in config_mode

spanning-tree disable

loopback-detection enable port-list 2,4-6,8-24

16

±àдÈË£ºÔ·Çì¹ú ÉóºËÈË£º¸¶½­Åô Ç©·¢ÈË£ºÔ·Çì¹ú ʱ¼ä£º2008-03-14

17

WordÎĵµÏÂÔØ£ºISCOMϵÁн»»»»ú¼òÃ÷ÅäÖÃÊÖ²á(v1.0).doc
ËÑË÷¸ü¶à:ISCOMϵÁн»»»»ú¼òÃ÷ÅäÖÃÊÖ²á(v1.0)


×îÐÂä¯ÀÀ


ÈÈÃÅä¯ÀÀ
All rights reserved Powered by ÄϾ©Áλª´ð°¸Íø¡¡
×ÊÁÏÀ´×Ô»¥ÁªÍø£¬ ÓÐÈκÎÒÉÎÊ£¬ÇëÁªÏµ¿Í·þ£º779662525☒qq.com ËÕICP±¸20003344ºÅ-2