sysname SW1
vlan batch 11 to 13 100
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type access
port default vlan 11
interface Ethernet0/0/2
port link-type access
port default vlan 12
interface Ethernet0/0/3
port link-type access
port default vlan 13
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 11 to 13 100
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface Ethernet0/0/8
interface Ethernet0/0/9
interface Ethernet0/0/10
interface Ethernet0/0/11
interface Ethernet0/0/12
interface Ethernet0/0/13
interface Ethernet0/0/14
interface Ethernet0/0/15
interface Ethernet0/0/16
interface Ethernet0/0/17
interface Ethernet0/0/18
interface Ethernet0/0/19
interface Ethernet0/0/20
interface Ethernet0/0/21
interface Ethernet0/0/22
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
user-interface con 0
user-interface vty 0 4
return
sysname SW2
vlan batch 11 to 13 100
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
acl number 2000
rule 5 deny source 10.10.11.0 0.0.0.255
acl number 2005
rule 5 deny source 10.10.12.12 0
traffic classifier c1 operator and
if-match acl 2005
traffic behavior b1
deny
traffic policy p1
classifier c1 behavior b1
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface Vlanif11
ip address 10.10.11.1 255.255.255.0
interface Vlanif12
ip address 10.10.12.1 255.255.255.0
interface Vlanif13
ip address 10.10.13.1 255.255.255.0
interface Vlanif100
ip address 10.10.100.1 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
traffic-filter outbound acl 2000
traffic-policy p1 outbound
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 11 to 13 100
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
interface GigabitEthernet0/0/23
interface GigabitEthernet0/0/24
interface NULL0
user-interface con 0
user-interface vty 0 4
return
acl 3000
rule 5 deny icmp source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 icmp-type echo
rule 10 deny tcp source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 tcp-flag syn
quit
traffic classifier c1
if-match acl 3000
quit
traffic behavior b1
deny
quit
traffic policy p1
classifier c1 behavior b1
quit
interface gigabitethernet 1/0/1
traffic-policy p1 inbound
vlan 10
traffic-policy p1 inbound
traffic-policy p1 global inbound