华为三层交换应用于企业的单向访问-CSDN博客

所要求的访问规则： <?xml:namespace prefix = o />

所有人都可以上网；

总经理可以单向访问所有端口；

书记可以单向访问其他和劳资部门；

工程经理可以单向访问工程部门；

行政经理可以单向访问其他部门和办公室；

总工可以单向访问工程部门；

副书记可以单向访问其他部门；

工会主席、工程部门、其他部门、财务部门、劳资部门不能访问除自己以外的任何端口。

根据要求我公司对ＸＸ市政工程总公司做出以下配置：

核心交换机采用 HuaWei Quidway S3900 Series —— S3928P-EI 。

以上所要求的目的行为全部由 HuaWei Quidway S3900 Series —— S3928P-EI 所提供的 VLAN 、 VLAN 间路由与 ACL 以及默认路由的功能来实现配置完成。与 Internet 连接由 TP-Link 的 R<?xml:namespace prefix = st1 />4299G 来路由。

下拓扑图表示交换机的连接以及随后的附加说明：

核心 S3928P-EI 的端口使用与连接：

端口 1 、连接服务器，主机地址是 -192.168.1.100 ；

端口 2 、连接路由器，路由器的默认主机地址是 -192.168.1.1 ；

端口 3 、连接总经理的计算机，主机地址是 -192.168.3.1 ；

端口 4 、连接书记的计算机，主机地址是 -192.168.4.1 ；

端口 5 、连接工程经理的计算机，主机地址是 -192.168.5.1 ；

端口 6 、连接行政经理的计算机，主机地址是 -192.168.6.1 ；

端口 7 、连接总工的计算机，主机地址是 -192.168.7.1 ；

端口 8 、连接工会主席办的计算机，主机地址是 -192.168.8.1 ；

端口 9 、连接副书记办的计算机，主机地址是 -192.168.9.1 ；

端口 10 、连接领导预留计算机，主机地址是 -192.168.10.1 ；

端口 11 、连接领导预留计算机，主机地址是 -192.168.11.1 ；

端口 12 、连接工程部接入交换机，网络地址是 -192.168.12.0 ；

端口 13 、连接其他接入交换机，网络地址是 -192.168.13.0 ；

端口 14 、连接财务部接入交换机，网络地址是 -192.168.14.0 ；

端口 15 、连接劳资部接入交换机，网络地址是 -192.168.15.0 ；

端口 16 、连接办公室计算机 A ，主机地址是 192.168.16.1 ；

端口 17 、连接办公室计算机 B ，主机地址是 192.168.16.2 ；

端口 18 、连接办公室计算机 C ，主机地址是 192.168.16.3 ；

端口 19 、连接办公室计算机 D ，主机地址是 192.168.16.4 ；

端口 20 、连接办公室计算机 E ，主机地址是 192.168.16.5 ；

以下是HuaWei S3928P-EI 的配置信息：

[Quidway]display current-configuration
#
sysname Quidway
#
radius scheme system
#
domain system
#
acl number 3001
rule 0 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 1 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 2 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 3 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 4 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 5 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 6 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 7 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 8 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 9 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 10 deny tcp established source 192.168.16.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 11 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 12 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 13 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 14 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 15 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 16 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 17 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 18 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 19 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 20 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 21 deny tcp established source 192.168.15.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 22 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 23 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 24 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 25 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 26 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 27 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 28 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 29 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 30 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 31 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 32 deny tcp established source 192.168.14.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 33 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 34 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 35 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 36 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 37 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 38 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 39 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 40 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 41 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 42 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 43 deny tcp established source 192.168.13.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 44 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 45 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 46 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 47 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 48 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 49 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 50 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 51 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 52 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 53 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 54 deny tcp established source 192.168.12.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 55 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 56 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 57 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 58 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 59 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 60 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 61 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 62 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 63 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 64 deny tcp established source 192.168.9.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 65 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 66 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 67 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 68 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 69 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 70 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 71 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 72 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 73 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 74 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 75 deny tcp established source 192.168.8.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 76 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 77 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 78 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 79 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 80 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 81 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 82 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 83 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 84 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 85 deny tcp established source 192.168.7.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 86 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 87 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 88 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 89 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 90 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 91 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 92 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 93 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 94 deny tcp established source 192.168.6.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 95 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 96 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 97 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 98 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.13.0 0.0.0.255
rule 99 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 100 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 101 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 102 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 103 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
rule 104 deny tcp established source 192.168.5.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
rule 105 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
rule 106 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.14.0 0.0.0.255
rule 107 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
rule 108 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.9.0 0.0.0.255
rule 109 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 110 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 111 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
rule 112 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
rule 113 deny tcp established source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
vlan 1
#
vlan 3
#
vlan 4
#
vlan 5
#
vlan 6
#
vlan 7
#
vlan 8
#
vlan 9
#
vlan 10
#
vlan 11
#
vlan 12
#
vlan 13
#
vlan 14
#
vlan 15
#
vlan 16
#
interface Vlan-interface1
ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface3
ip address 192.168.3.254 255.255.255.0
#
interface Vlan-interface4
ip address 192.168.4.254 255.255.255.0
#
interface Vlan-interface5
ip address 192.168.5.254 255.255.255.0
#
interface Vlan-interface6
ip address 192.168.6.254 255.255.255.0
#
interface Vlan-interface7
ip address 192.168.7.254 255.255.255.0
#
interface Vlan-interface8
ip address 192.168.8.254 255.255.255.0
#
interface Vlan-interface9
ip address 192.168.9.254 255.255.255.0
#
interface Vlan-interface10
ip address 192.168.10.254 255.255.255.0
#
interface Vlan-interface11
ip address 192.168.11.254 255.255.255.0
#
interface Vlan-interface12
ip address 192.168.12.254 255.255.255.0
#
interface Vlan-interface13
ip address 192.168.13.254 255.255.255.0
#
interface Vlan-interface14
ip address 192.168.14.254 255.255.255.0
#
interface Vlan-interface15
ip address 192.168.15.254 255.255.255.0
#
interface Vlan-interface16
ip address 192.168.16.254 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
port access vlan 3
#
interface Ethernet1/0/4
port access vlan 4
packet-filter inbound ip-group 3001 rule 105
packet-filter inbound ip-group 3001 rule 106
packet-filter inbound ip-group 3001 rule 107
packet-filter inbound ip-group 3001 rule 108
packet-filter inbound ip-group 3001 rule 109
packet-filter inbound ip-group 3001 rule 110
packet-filter inbound ip-group 3001 rule 111
packet-filter inbound ip-group 3001 rule 112
packet-filter inbound ip-group 3001 rule 113
#
interface Ethernet1/0/5
port access vlan 5
packet-filter inbound ip-group 3001 rule 95
packet-filter inbound ip-group 3001 rule 96
packet-filter inbound ip-group 3001 rule 97
packet-filter inbound ip-group 3001 rule 98
packet-filter inbound ip-group 3001 rule 99
packet-filter inbound ip-group 3001 rule 100
packet-filter inbound ip-group 3001 rule 101
packet-filter inbound ip-group 3001 rule 102
packet-filter inbound ip-group 3001 rule 103
packet-filter inbound ip-group 3001 rule 104
#
interface Ethernet1/0/6
port access vlan 6
packet-filter inbound ip-group 3001 rule 86
packet-filter inbound ip-group 3001 rule 87
packet-filter inbound ip-group 3001 rule 88
packet-filter inbound ip-group 3001 rule 89
packet-filter inbound ip-group 3001 rule 90
packet-filter inbound ip-group 3001 rule 91
packet-filter inbound ip-group 3001 rule 92
packet-filter inbound ip-group 3001 rule 93
packet-filter inbound ip-group 3001 rule 94
#
interface Ethernet1/0/7
port access vlan 7
packet-filter inbound ip-group 3001 rule 76
packet-filter inbound ip-group 3001 rule 77
packet-filter inbound ip-group 3001 rule 78
packet-filter inbound ip-group 3001 rule 79
packet-filter inbound ip-group 3001 rule 80
packet-filter inbound ip-group 3001 rule 81
packet-filter inbound ip-group 3001 rule 82
packet-filter inbound ip-group 3001 rule 83
packet-filter inbound ip-group 3001 rule 84
packet-filter inbound ip-group 3001 rule 85
#
interface Ethernet1/0/8
port access vlan 8
packet-filter inbound ip-group 3001 rule 65
packet-filter inbound ip-group 3001 rule 66
packet-filter inbound ip-group 3001 rule 67
packet-filter inbound ip-group 3001 rule 68
packet-filter inbound ip-group 3001 rule 69
packet-filter inbound ip-group 3001 rule 70
packet-filter inbound ip-group 3001 rule 71
packet-filter inbound ip-group 3001 rule 72
packet-filter inbound ip-group 3001 rule 73
packet-filter inbound ip-group 3001 rule 74
packet-filter inbound ip-group 3001 rule 75
#
interface Ethernet1/0/9
port access vlan 9
packet-filter inbound ip-group 3001 rule 55
packet-filter inbound ip-group 3001 rule 56
packet-filter inbound ip-group 3001 rule 57
packet-filter inbound ip-group 3001 rule 58
packet-filter inbound ip-group 3001 rule 59
packet-filter inbound ip-group 3001 rule 60
packet-filter inbound ip-group 3001 rule 61
packet-filter inbound ip-group 3001 rule 62
packet-filter inbound ip-group 3001 rule 63
packet-filter inbound ip-group 3001 rule 64
#
interface Ethernet1/0/10
port access vlan 10
#
interface Ethernet1/0/11
port access vlan 11
#
interface Ethernet1/0/12
port access vlan 12
packet-filter inbound ip-group 3001 rule 44
packet-filter inbound ip-group 3001 rule 45
packet-filter inbound ip-group 3001 rule 46
packet-filter inbound ip-group 3001 rule 47
packet-filter inbound ip-group 3001 rule 48
packet-filter inbound ip-group 3001 rule 49
packet-filter inbound ip-group 3001 rule 50
packet-filter inbound ip-group 3001 rule 51
packet-filter inbound ip-group 3001 rule 52
packet-filter inbound ip-group 3001 rule 53
packet-filter inbound ip-group 3001 rule 54
#
interface Ethernet1/0/13
port access vlan 13
packet-filter inbound ip-group 3001 rule 33
packet-filter inbound ip-group 3001 rule 34
packet-filter inbound ip-group 3001 rule 35
packet-filter inbound ip-group 3001 rule 36
packet-filter inbound ip-group 3001 rule 37
packet-filter inbound ip-group 3001 rule 38
packet-filter inbound ip-group 3001 rule 39
packet-filter inbound ip-group 3001 rule 40
packet-filter inbound ip-group 3001 rule 41
packet-filter inbound ip-group 3001 rule 42
packet-filter inbound ip-group 3001 rule 43
#
interface Ethernet1/0/14
port access vlan 14
packet-filter inbound ip-group 3001 rule 22
packet-filter inbound ip-group 3001 rule 23
packet-filter inbound ip-group 3001 rule 24
packet-filter inbound ip-group 3001 rule 25
packet-filter inbound ip-group 3001 rule 26
packet-filter inbound ip-group 3001 rule 27
packet-filter inbound ip-group 3001 rule 28
packet-filter inbound ip-group 3001 rule 29
packet-filter inbound ip-group 3001 rule 30
packet-filter inbound ip-group 3001 rule 31
packet-filter inbound ip-group 3001 rule 32
#
interface Ethernet1/0/15
port access vlan 15
packet-filter inbound ip-group 3001 rule 11
packet-filter inbound ip-group 3001 rule 12
packet-filter inbound ip-group 3001 rule 13
packet-filter inbound ip-group 3001 rule 14
packet-filter inbound ip-group 3001 rule 15
packet-filter inbound ip-group 3001 rule 16
packet-filter inbound ip-group 3001 rule 17
packet-filter inbound ip-group 3001 rule 18
packet-filter inbound ip-group 3001 rule 19
packet-filter inbound ip-group 3001 rule 20
packet-filter inbound ip-group 3001 rule 21
#
interface Ethernet1/0/16
port access vlan 16
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 1
packet-filter inbound ip-group 3001 rule 2
packet-filter inbound ip-group 3001 rule 3
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 7
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 10
#
interface Ethernet1/0/17
port access vlan 16
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 1
packet-filter inbound ip-group 3001 rule 2
packet-filter inbound ip-group 3001 rule 3
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 7
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 10
#
interface Ethernet1/0/18
port access vlan 16
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 1
packet-filter inbound ip-group 3001 rule 2
packet-filter inbound ip-group 3001 rule 3
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 7
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 10
#
interface Ethernet1/0/19
port access vlan 16
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 1
packet-filter inbound ip-group 3001 rule 2
packet-filter inbound ip-group 3001 rule 3
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 7
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 10
#
interface Ethernet1/0/20
port access vlan 16
packet-filter inbound ip-group 3001 rule 0
packet-filter inbound ip-group 3001 rule 1
packet-filter inbound ip-group 3001 rule 2
packet-filter inbound ip-group 3001 rule 3
packet-filter inbound ip-group 3001 rule 4
packet-filter inbound ip-group 3001 rule 5
packet-filter inbound ip-group 3001 rule 6
packet-filter inbound ip-group 3001 rule 7
packet-filter inbound ip-group 3001 rule 8
packet-filter inbound ip-group 3001 rule 9
packet-filter inbound ip-group 3001 rule 10
#
interface Ethernet1/0/21
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
#
interface GigabitEthernet1/1/4
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface aux 0 7
user-interface vty 0 4
#
return

　　以下是TP-Link R4299G的描述：

TP-Link路由器的配置为WEB方式，在双wan口上分别做pppoe拨号连接。
　　在静态路由表分别上填写(R4299G是TP-Link最高端也只支持静态路由)
　　192.168.3.0 255.255.255.0 192.168.1.254
　　192.168.4.0 255.255.255.0 192.168.1.254
　　192.168.5.0 255.255.255.0 192.168.1.254
　　192.168.6.0 255.255.255.0 192.168.1.254
　　192.168.7.0 255.255.255.0 192.168.1.254
　　192.168.8.0 255.255.255.0 192.168.1.254
　　192.168.9.0 255.255.255.0 192.168.1.254
　　192.168.10.0 255.255.255.0 192.168.1.254
　　192.168.11.0 255.255.255.0 192.168.1.254
　　192.168.12.0 255.255.255.0 192.168.1.254
　　192.168.13.0 255.255.255.0 192.168.1.254
　　192.168.14.0 255.255.255.0 192.168.1.254
　　192.168.15.0 255.255.255.0 192.168.1.254
　　192.168.16.0 255.255.255.0 192.168.1.254
　　完成重启TP-Link R4299G,静态路由表才能生效即可路由192.168.0.0 0.0.224.255以内的主机通过adsl上网。