华为S5700配置命令总结...

查看当前配置：
display cur

进入配置模式：
system-view

修改交换机名字：
sysname huawei

创建vlan(创建后自动进入vlan)：
vlan30
quit //退出vlan

给vlan配置IP地址
interface Vlanif 30
ip address 192.168.30.1 255.255.255.0
dhcp select global
dhcp enable

undo dhc enable //关闭DHCP

将端口3加入vlan30
进入端口3：
interface GigabitEthernet 0/0/3
port link-type access
port default vlan 30
quit 退出端口

配置IP地址池：
ip pool 30
gateway-list 192.168.30.1
network 192.168.30.1 mask 255.255.255.0
excluded-ip-address 192.168.30.2 192.168.30.99 //排除IP不参与DHCP
excluded-ip-address 192.168.30.200 192.168.254 //排除IP不参与DHCP
dns-list 61.139.2.69 8.8.8.8

//删除IP地址池：undo ip pool 30

保存配置：
save

ACL限制不同VLAN之间的访问：

acl number 3002
rule deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255

acl number 3003
rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255

用traffic-filter在vlan下应用ACL:
traffic-filter vlan 20 inbound acl 3002
traffic-filter vlan 30 inbound acl 3003

删除ACL,首先解除ACL调用关系:
undo traffic-filter vlan 20 inbound acl 3002
undo traffic-filter vlan 30 inbound acl 3003

删除ACL
undo acl 3002
undo acl 3003
quit
save //保存生效

将端口4加入VLAN30:
system-view
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 30

端口组:(同时设置多个端口)
system-view
port-group 34 //组名
group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4 //端口范围
port link-type access
port default vlan 20 //3 4 端口加入VLAN20

根据IP地址查看MAC地址：
dis arp | include 192.168.50.1