## vlan vlan 10 20 30 40 int vlan 10 ip add 192.168.10.1 24 int vlan 20 ip add 192.168.20.1 24 int vlan 30 ip add 192.168.30.1 24 int vlan 40 ip add 192.168.40.1 24 int vlan 100 ip add 10.10.0.2 30
## DHCP dhcp enable dhcp server ip-pool vlan10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 218.2.2.2 explite day 1 dhcp server ip-pool vlan20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 218.2.2.2 explite day 1 dhcp server ip-pool vlan30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 218.2.2.2 explite day 1 dhcp server ip-pool vlan40 network 192.168.40.0 mask 255.255.255.0 gateway-list 192.168.40.1 dns-list 218.2.2.2 explite day 1 dhcp server ip-pool vlan50 network 192.168.50.0 mask 255.255.255.0 gateway-list 192.168.50.1 dns-list 218.2.2.2 explite day 1
## loopback int loopback 1 ip add 10.0.0.253 32
## ip地址 int g1/0/2 port link-type access port acceess vlan 1000 int rang g1/0/3 to g1/0/4 port link-type access port access vlan 10 int rang g1/0/5 to g1/0/6 port link-type access port access vlan 20 int rang g1/0/7 to g1/0/8 port link-type access port access vlan 30 int rang g1/0/9 to g1/0/10 port link-type access port access vlan 40
## vlan vlan 50 100 int vlan 50 ip add 192.168.50.1 24 dhcp select relay dhcp relay server-address 10.1.1.1 quit int vlan100 ip add 192.168.100.254 24 quit int g1/0/23 port link-type access port access vlan 100 int g1/0/1 port link-type access port access vlan 50 quit
## DHCP dhcp enable
## WLAN wlan auto-ap enable wlan auto-persistent enable wlan ap ap1 model WA6320-HCL serial-id H3C_7E-FF-09-10-03-00 vlan 1 radio 1 radio enable service-template st1 radio 2 gigabitethernet 1
## 安全策略 ### 将对应端口加入对应的安全域 [FW2]security-zone name trust [FW2-security-zone-Trust]import int g1/0/0 [FW2]security-zone name untrust [FW2-security-zone-untrust]import int g1/0/5 ### 放行Trust到Untrust的报文 [FW2]security-policy ip rule 0 name trust-untrust action pass source-zone trust destination-zone untrust ### 放行Trust到Local的报文,配置完Trust域的设备可以PING通防火墙 [FW2]security-policy ip rule 1 name trust-local action pass source-zone trust destination-zone local ### 放行Local到其他域的报文,配置完防火墙可以PING通其他设备 rule 2 name local-all action pass source-zone local