-1' OR 374=374 or 'mF5u9TGo'='
文档编号:2357
浏览:5398 评分:4
最后更新于:2017-05-17
此文档基于ST5540F版本
配置需求:
内网有一台ST5540F,上网设备全部属于vlan1,交换机内部不划分vlan,内网一台服务器接1号口,财务部人员接2-3号口,研发部人员接4-5号口,其他人员接6-7号口,需要实现端口隔离,使得内网人员全部可以访问服务器,财务部、研发部、其他人员之间不能互访,且财务部内部以及研发部内部人员可以互访,其他人员内部不可以互访
配置步骤:
1. 登录ST5540F的命令行配置页面
Welcome to UTT ST5540F Ethernet Switch
Switch>
Switch>enable
password:
Switch#
2.配置两个团体VLAN,例如VLAN 12和VLAN 13
Switch#config
Switch_config#vlan 12
Switch_config_vlan12#private-vlan community
Switch_config_vlan12#exit
Switch_config#vlan 13
Switch_config_vlan13#private-vlan community
Switch_config_vlan13#exit
3.配置一个隔离VLAN,例如VLAN 14
Switch_config#vlan 14
Switch_config_vlan14#private-vlan isolated
Switch_config_vlan14#exit
4.配置一个VLAN 11,设置为主VLAN,并配置关联VLAN,将团体vlan12、VLAN 13和隔离VLAN 14关联到VLAN11,成为VLAN 11的内部子VLAN
Switch_config#vlan 11
Switch_config_vlan11#private-vlan primary
Switch_config_vlan11#private-vlan association 12-14
Switch_config_vlan11#exit
5.将端口添加到对应的VLAN,并设置对应的端口模式和主VLAN、辅助VLAN;
1号端口添加到VLAN 11,混杂模式,主VLAN11,辅助VLAN 12-14
Switch_config#interface GigaEthernet0/1
Switch_config_g0/1#switchport mode private-vlan promiscuous
Switch_config_g0/1#switchport private-vlan mapping 11 12-14
Switch_config_g0/1#switchport pvid 11
Switch_config_g0/1#exit
2-3号端口添加到VLAN 12,主机模式,主VLAN11,辅助VLAN 12
Switch_config#interface GigaEthernet0/2
Switch_config_g0/2#switchport mode private-vlan host
Switch_config_g0/2#switchport private-vlan host-association 11 12
Switch_config_g0/2#switchport pvid 12
Switch_config_g0/2#exit
Switch_config#interface GigaEthernet0/3
Switch_config_g0/3#switchport mode private-vlan host
Switch_config_g0/3#switchport private-vlan host-association 11 12
Switch_config_g0/3#switchport pvid 12
Switch_config_g0/3#exit
4 -5号端口添加到VLAN 13,主机模式,主VLAN11,辅助VLAN 13
Switch_config#interface GigaEthernet0/4
Switch_config_g0/4#switchport mode private-vlan host
Switch_config_g0/4#switchport private-vlan host-association 11 13
Switch_config_g0/4#switchport pvid 13
Switch_config_g0/4#exit
Switch_config#interface GigaEthernet0/5
Switch_config_g0/5#switchport mode private-vlan host
Switch_config_g0/5#switchport private-vlan host-association 11 13
Switch_config_g0/5#switchport pvid 13
Switch_config_g0/5#exit
6-7添加到VLAN 14,主机模式,主VLAN11,辅助VLAN 14
Switch_config#interface GigaEthernet0/6
Switch_config_g0/6#switchport mode private-vlan host
Switch_config_g0/6#switchport private-vlan host-association 11 14
Switch_config_g0/6#switchport pvid 14
Switch_config_g0/6#exit
Switch_config#interface GigaEthernet0/7
Switch_config_g0/7#switchport mode private-vlan host
Switch_config_g0/7#switchport private-vlan host-association 11 14
Switch_config_g0/7#switchport pvid 14
Switch_config_g0/7#exit
6.show vlan private-vlan查看配置是否正确
Switch_config#show vlan private-vlan
Primary Secondary Type Ports
-------- ---------- ---------------- -----------------------------------------
11 12 community g0/1, g0/2, g0/3
11 13 community g0/1, g0/4, g0/5
11 14 isolated g0/1, g0/6, g0/7
7.保存配置
Switch_config#wr
Confirm to overwrite current startup-config configuration [Y/N]:y
2026 ©上海艾泰科技有限公司 版权所有 沪ICP备05037453号-1
沪公网安备 31011702003579号