开发区S7800开局步骤解释
1、添加相应外层vlan,内层vlan不需要在S7800添加。
#
vlan 1301
description VOD-GX_MA5100_A
#
vlan 1602
description NGN-GX_MA5100_A
#
vlan 1903
description BTV-HW001
#
2、开发区MA5100 PPP0E用户流动作和行为,如果用户是pppoe用户内层vlan是199,256-1760,那么添加加外层vlan814,nest添加的意思,top-most最外层的。
traffic classifier QINQ-PPPOE-GX_MA5100_A operator and
if-match customer-vlan-id 256 to 1760
if-match customer-vlan-id 199
traffic behavior QINQ-PPPOE-GX_MA5100_A
nest top-most vlan-id 814
3、开发区MA5100 VOD用户流动作和行为,如果用户是pppoe用户内层vlan是1761-2261,那么添加加外层vlan1301
traffic classifier QINQ-VOD-GX_MA5100_A operator and
if-match customer-vlan-id 1761 to 2261
traffic behavior QINQ-VOD-GX_MA5100_A
nest top-most vlan-id 1301
4、开发区MA5100 NGN用户流动作和行为,如果用户是NGN用户内层vlan是2262-2762,那么添加加外层vlan1602
traffic classifier QINQ-NGN-GX_MA5100_A operator and
if-match customer-vlan-id 2262 to 2762
traffic behavior QINQ-NGN-GX_MA5100_A
nest top-most vlan-id 1602
5、开发区MA5100 组播用户流动作和行为,如果组播用户是内层vlan是1903,目前组播vlan只规划了一个vlan 1903,那么将此vlan提取出来带1903的标签,此时只带一层标签,其它用户都是带二层VLAN标签。
traffic classifier QINQ-BTV-GX_MA5100_A operator and
if-match customer-vlan-id 1903
traffic behavior QINQ-BTV-GX_MA5100_A
remark service-vlan-id 1903
6、对于组播VLAN,只带一层标签,那么需要指定回程流量(这点类似路由需回程),如果外层是vlan1903,那么只打一层标签1903向下送。
traffic classifier QINQ-BTV-OUT-GX_MA5100_A operator and
if-match service-vlan-id 1903
traffic behavior QINQ-BTV-OUT-GX_MA5100_A
remark customer-vlan-id 1903
7、防病毒ACL的配置,和NE40E是一样的配置方法
acl number 3011 name antivirus
rule 26 permit udp destination-port eq 1434
rule 27 permit tcp destination-port eq 445
rule 28 permit tcp destination-port eq 5800
rule 29 permit tcp destination-port eq 5900
rule 30 permit tcp destination-port eq 1720
rule 31 permit udp destination-port eq 1720
rule 32 permit tcp destination-port eq 5554
rule 33 permit tcp destination-port eq 9996
rule 34 permit tcp destination-port eq 135
rule 35 permit udp destination-port eq 135
rule 36 permit tcp destination-port eq 136
rule 37 permit udp destination-port eq 136
rule 38 permit tcp destination-port eq 137
rule 39 permit udp destination-port eq netbios-ns
rule 40 permit tcp destination-port eq 138
rule 41 permit udp destination-port eq netbios-dgm
rule 42 permit tcp destination-port eq 139
rule 43 permit udp destination-port eq netbios-ssn
rule 44 permit tcp destination-port eq 593
rule 45 permit udp destination-port eq 593
rule 46 permit tcp destination-port eq 4444
traffic classifier antivirus operator and
if-match acl 3011
traffic behavior antivirus
filter deny
8、关联相关流行为和动作,我们称为策略
qos policy QINQ-IN-GX_MA5100_A //入方向的流行为和动作的关联
classifier QINQ-BTV-GX_MA5100_A behavior QINQ-BTV-GX_MA5100_A
classifier QINQ-NGN-GX_MA5100_A behavior QINQ-NGN-GX_MA5100_A
classifier QINQ-PPPOE-GX_MA5100_A behavior QINQ-PPPOE-GX_MA5100_A
classifier QINQ-VOD-GX_MA5100_A behavior QINQ-VOD-GX_MA5100_A
classifier antivirus behavior antivirus //这是防病毒ACL应用
qos policy QINQ-OUT-GX_MA5100_A //对于组播流量出方向的策略
classifier QINQ-BTV-OUT-GX_MA5100_A behavior QINQ-BTV-OUT-GX_MA5100_A
9、在下行端口做应用
#
interface GigabitEthernet4/0/1
port link-type hybrid
port hybrid vlan 1903 tagged //这是组播流需要透传
port hybrid vlan 1 814 1301 1602 untagged
speed 100
duplex full
description To-[DSLAM]-g1/0/0
qinq enable
qos apply policy QINQ-IN-GX_MA5100_A inbound //入方向策略
qos apply policy QINQ-OUT-GX_MA5100_A outbound /出方向策略,主要是对组播流指定回程流量
port link-aggregation group 1
#
10、 上行端口数据配置方法和平时trunk方法没有什么区别,采用hybrid方法,只不过将来如果想做其它某些vlan不打标签上行时方便做数据,不用再改端口模式了,如果现在状态换成Trunk方式也没有关系。
#
interface GigabitEthernet3/0/48
port link-type hybrid
port hybrid vlan 100 814 tagged
port hybrid vlan 1 untagged
description To-[BAS]-G9/9
各个流行为、动作和策略名字比较复杂,但是这样非常清楚反映出局点,如果有其它办法明名方法也可以。