组网描述: PC---------------------3050C-------------------------AR28-31-------------------------INTERNET 组网实现: 3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS [AR28-31]dis cu # sysname Quidway # FTP server enable # nat address-group 0 222.222.222.2 222.222.222.10 用于上公网的地址池 # radius scheme system # domain system # local-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! service-type telnet terminal level 3 service-type ftp local-user huawei telnet用户,用于远程管理 password simple huawei service-type telnet level 3 # dhcp server ip-pool 10 为VLAN10分配IP地址 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 100.100.100.100 # dhcp server ip-pool 20 为VLAN20分配IP地址 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 100.100.100.100 # dhcp server ip-pool 30 为VLAN30分配IP地址 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 100.100.100.100 # dhcp server ip-pool 40 为VLAN40分配IP地址 network 192.168.40.0 mask 255.255.255.0 gateway-list 192.168.40.1 dns-list 100.100.100.100 # interface Aux0 async mode flow # interface Ethernet1/0 用于与交换机的管理IP互通 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound # interface Ethernet1/0.1 终结交换机上的VLAN10 tcp mss 1024 ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10 # interface Ethernet1/0.2 终结交换机上的VLAN20 tcp mss 1024 ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20 # interface Ethernet1/0.3 终结交换机上的VLAN30 tcp mss 1024 ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30 # interface Ethernet1/0.4 终结交换机上的VLAN40 tcp mss 1024 ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40 # interface Ethernet2/0 ip address 222.222.222.1 255.255.255.0 nat outbound 2000 address-group 0 进行私网到公网的地址转换 # interface NULL0 # acl number 2000 允许192.168.0.0 这个网段的地址进行地址转换 rule 0 permit source 192.168.0.0 0.0.255.255 rule 1 deny # acl number 3000 rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135 rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny tcp destination-port eq 139 rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 rule 15 deny tcp destination-port eq 9996 rule 16 deny tcp destination-port eq 5554 rule 17 deny udp destination-port eq 9996 rule 18 deny udp destination-port eq 5554 rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025 rule 22 deny udp destination-port eq 1025 rule 23 deny tcp destination-port eq 9995 rule 24 deny udp destination-port eq 9995 rule 25 deny tcp destination-port eq 1068 rule 26 deny udp destination-port eq 1068 rule 27 deny tcp destination-port eq 1023 rule 28 deny udp destination-port eq 1023 # ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60 到电信网关的缺省路由 # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return =============================================================== dis cu # sysname Quidway # radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain domain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system # local-server nas-ip 127.0.0.1 key huawei local-user huawei 用于WEB网管和TELNET password simple huawei service-type telnet level 3 # vlan 1 # vlan 10 # vlan 20 # vlan 30 # vlan 40 # interface Vlan-interface1 管理IP ip address 192.168.100.2 255.255.255.0 # interface Aux0/0 # interface Ethernet0/1 port access vlan 10 # interface Ethernet0/2 port access vlan 10 # interface Ethernet0/3 port access vlan 10 # interface Ethernet0/4 port access vlan 10 # interface Ethernet0/5 port access vlan 10 # interface Ethernet0/6 port access vlan 10 # interface Ethernet0/7 port access vlan 10 # interface Ethernet0/8 port access vlan 10 # interface Ethernet0/9 port access vlan 10 # interface Ethernet0/10 port access vlan 10 # interface Ethernet0/11 port access vlan 20 # interface Ethernet0/12 port access vlan 20 # interface Ethernet0/13 port access vlan 20 # interface Ethernet0/14 port access vlan 20 # interface Ethernet0/15 port access vlan 20 # interface Ethernet0/16 port access vlan 20 # interface Ethernet0/17 port access vlan 20 # interface Ethernet0/18 port access vlan 20 # interface Ethernet0/19 port access vlan 20 # interface Ethernet0/20 port access vlan 20 # interface Ethernet0/21 port access vlan 30 # interface Ethernet0/22 port access vlan 30 # interface Ethernet0/23 port access vlan 30 # interface Ethernet0/24 port access vlan 30 # interface Ethernet0/25 port access vlan 30 # interface Ethernet0/26 port access vlan 30 # interface Ethernet0/27 port access vlan 30 # interface Ethernet0/28 port access vlan 30 # interface Ethernet0/29 port access vlan 30 # interface Ethernet0/30 port access vlan 30 # interface Ethernet0/31 port access vlan 40 # interface Ethernet0/32 port access vlan 40 # interface Ethernet0/33 port access vlan 40 # interface Ethernet0/34 port access vlan 40 # interface Ethernet0/35 port access vlan 40 # interface Ethernet0/36 port access vlan 40 # interface Ethernet0/37 port access vlan 40 # interface Ethernet0/38 port access vlan 40 # interface Ethernet0/39 port access vlan 40 # interface Ethernet0/40 port access vlan 40 # interface Ethernet0/41 port access vlan 40 # interface Ethernet0/42 port access vlan 40 # interface Ethernet0/43 port access vlan 40 # interface Ethernet0/44 port access vlan 40 # interface Ethernet0/45 port access vlan 40 # interface Ethernet0/46 port access vlan 40 # interface Ethernet0/47 port access vlan 40 # interface Ethernet0/48 上行口 port link-type trunk port trunk permit vlan 1 10 20 30 40 只允许这几个VLAN标签透传 # interface NULL0 # user-interface aux 0 user-interface vty 0 4 # return

BETHEL -- 在横渡石加气混凝土设备灰窑溪一座行驶繁忙，恶化的桥梁的接近的步行距离的布赖恩Walters II生活。 He担心横渡桥梁日报的数以万计汽车和司机。 "我感到它是安全危险， “Walters，一位29岁的焊工，说核桃小山路桥梁，显然地显示穿戴，特别是在它的栏杆。 The桥梁就该被康涅加气砼设备狄格运输部替换，给间距一个“恶劣的”规定值，并且说在5月2008日报告中“具体甲板下面70%恶化”。 A恶劣的规定值不意味桥梁灰沙砖设备 是有崩溃的危险。 状态什么时候使用它的规定值决定预定修理。 Walters担心镇也许不进行在预期的必要的修理“得到一座新的桥梁”。 Andrew Morosky，圣地镇工程师和公共建设主任，同意“桥梁真正地起动显示它的年龄” -- 它在1933年被修造了 -- 并且由在替换它的灰沙砖 状态的延迟挫败。 A新的桥梁至少早在2001年被谈论了。 联邦政府那时有同意支付80%估计的$862,000花费，当状态支付其他20%。 Bethel对新的桥梁的设灰沙蒸养砖设备 计工作负责，并且在2003位居民批准了$70,000能将做的它的。 在2004年When Morosky来了到圣地当镇工程师，他说替换核桃