<HUAWEI>system-view [HUAWEI]acl number 3198 [HUAWEI-acl-adv-3198] rule 0 permit udp source 192.168.3.3 0 source-port eq 3060 destination 192.168.3.77 0 destination-port eq 5060 rule 1 permit udp source 192.168.3.55 0 source-port eq 3060 destination 192.168.3.77 0 destination-port eq 5060 rule 101 deny ip destination 192.168.3.77 0 rule 201 permit ip traffic classifier acl_class operator and if-match acl 3198 traffic behavior acl_beha permit traffic policy acc_acl match-order config classifier acl_class behavior acl_beha vlan 55 traffic-policy acc_acl outbound
[HUAWEI]vlan 2001 //建立二层vlan interface Vlanif2001 //三层vlan description ut-speedtop ip address 10.0.11.30 255.255.255.252 interface Eth-Trunk1 //聚合口Access模式 port link-type access port default vlan 2001 port-mirroring to observe-port 1 outbound //镜像口配置 observe-port 1 interface GigabitEthernet1/0/8 //观察口配置 interface XGigabitEthernet0/0/1 eth-trunk 1 //套进聚合口 interface XGigabitEthernet1/0/1 eth-trunk 1 interface Eth-Trunk2 //聚合口Trunk模式 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 11 22 33 319 666 999 interface XGigabitEthernet0/0/2 eth-trunk 2 //套进聚合口 interface XGigabitEthernet1/0/2 eth-trunk 2 clock timezone BJ add 08:00:00 stelnet server enable //SSH登入认证 ssh user superman003 ssh user superman003 authentication-type password ssh user superman003 service-type stelnet user-interface vty 0 4 authentication-mode password protocol inbound ssh ntp-service unicast-server 223.255.185.2 source-interface Vlanif999 //时间同步 snmp-agent //SNMP配置 snmp-agent local-engineid 800007DB037C1CF1F4E8C0 snmp-agent community read cipher %#%#=X(m#RC`jJC$2O"sgJo$5{9$IYRQ6>wu$4Wlo0Y%tJs:e6}c,>=+8W61JtYI+d[BN(%E,ZD=0,IbMVB%#%# snmp-agent sys-info version all snmp-agent trap source Vlanif999 snmp-agent trap enable interface GigabitEthernet0/0/28 port link-type access port default vlan 999 qos lr outbound cir 100000 cbs 100000000 //接口限速 qos lr inbound cir 100000 cbs 100000000