华为VLAN隔离配置
方法1:通过vlan ACL 包过滤 (这个最简单)
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
[Huawei-acl-adv-3000]rule 100 permit ip
[Huawei-acl-adv-3000]quit
[Huawei]traffic-filter vlan 10 inbound acl 3000 #相当于H3C在接口上启用包过滤,注意方向,我配置的是in方向。
方法2:通过QOS策略实现 (稍微复杂,但是功能非常强大,很多东东都在这里实现)
[Huawei]undo traffic-filter vlan 10 inbound acl 3000 #先取消acl过滤
[Huawei]traffic classifier c1
[Huawei-classifier-c1]if-match acl 3000 #定义类
[Huawei-classifier-c1]quit
[Huawei]traffic behavior b1
[Huawei-behavior-b1]permit #动作允许
[Huawei-behavior-b1]quit
创建华为qos策略:
[Huawei]traffic policy p1
[Huawei-trafficpolicy-p1]classifier c1 behavior b1
[Huawei-trafficpolicy-p1]quit
[Huawei]vlan 10
[Huawei-vlan10]traffic-policy p1 inbound #单独vlan启用qos规则
