FAQ-Switch如何实现限制某接口只能有几个IP上网

发布时间:  2015-02-13 浏览次数:  139 下载次数:  0
问题描述
Switch如何实现限制某接口只能有几个IP上网?
解决方案
Swtich不支持端口和IP地址的绑定。如果要在Switch上实现限制某接口只能有几个IP的用户上网,需要配置基于ACL的流策略并在接口上应用流策略来实现。例如,假设接口Ethernet0/0/1只允许IP地址为1.1.1.2的用户上网,其他IP地址的用户都无法上网,配置如下:
[HUAWEI] acl number 3030
[HUAWEI-acl-adv-3030] rule permit ip source 1.1.1.2 0
[HUAWEI-acl-adv-3030] quit
[HUAWEI] acl number 3031
[HUAWEI-acl-adv-3031] rule permit ip
[HUAWEI] traffic classifier test1
[HUAWEI-classifier-test1] if-match acl 3030
[HUAWEI] traffic classifier test2
[HUAWEI-classifier-test2] if-match acl 3031
[HUAWEI] traffic behavior test1
[HUAWEI-behavior-test1] permit
[HUAWEI] traffic behavior test2
[HUAWEI-behavior-test2] deny
[HUAWEI] traffic policy test
[HUAWEI-trafficpolicy-test] classifier test1 behavior test1
[HUAWEI-trafficpolicy-test] classifier test2 behavior test2
[HUAWEI] interface ethernet 0/0/1
[HUAWEI-Ethernet0/0/1] traffic-policy test inbound

END