<HUAWEI>system-view
[HUAWEI]acl number 3198
[HUAWEI-acl-adv-3198]
rule 0 permit udp source 192.168.3.3 0 source-port eq 3060 destination 192.168.3.77 0 destination-port eq 5060
rule 1 permit udp source 192.168.3.55 0 source-port eq 3060 destination 192.168.3.77 0 destination-port eq 5060
rule 101 deny ip destination 192.168.3.77 0
rule 201 permit ip
traffic classifier acl_class operator and
if-match acl 3198
traffic behavior acl_beha
permit
traffic policy acc_acl match-order config
classifier acl_class behavior acl_beha
vlan 55
traffic-policy acc_acl outbound
[HUAWEI]vlan 2001 //建立二层vlan
interface Vlanif2001 //三层vlan
description ut-speedtop
ip address 10.0.11.30 255.255.255.252
interface Eth-Trunk1 //聚合口Access模式
port link-type access
port default vlan 2001
port-mirroring to observe-port 1 outbound //镜像口配置
observe-port 1 interface GigabitEthernet1/0/8 //观察口配置
interface XGigabitEthernet0/0/1
eth-trunk 1 //套进聚合口
interface XGigabitEthernet1/0/1
eth-trunk 1
interface Eth-Trunk2 //聚合口Trunk模式
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 11 22 33 319 666 999
interface XGigabitEthernet0/0/2
eth-trunk 2 //套进聚合口
interface XGigabitEthernet1/0/2
eth-trunk 2
clock timezone BJ add 08:00:00
stelnet server enable //SSH登入认证
ssh user superman003
ssh user superman003 authentication-type password
ssh user superman003 service-type stelnet
user-interface vty 0 4
authentication-mode password
protocol inbound ssh
ntp-service unicast-server 223.255.185.2 source-interface Vlanif999 //时间同步
snmp-agent //SNMP配置
snmp-agent local-engineid 800007DB037C1CF1F4E8C0
snmp-agent community read cipher %#%#=X(m#RC`jJC$2O"sgJo$5{\9$IYRQ6>wu$4Wlo0Y%tJs:e6}c,>=+8W61JtYI+d[BN(%E,ZD=0,IbMVB%#%#
snmp-agent sys-info version all
snmp-agent trap source Vlanif999
snmp-agent trap enable
interface GigabitEthernet0/0/28
port link-type access
port default vlan 999
qos lr outbound cir 100000 cbs 100000000 //接口限速
qos lr inbound cir 100000 cbs 100000000
