!
! ACLで通信サービス制御を実現する
!

!
! コアスイッチ
! SWX3220 / SWX3200  Configのサンプル
!

!
enable password admin
!
username admin privilege on password (初期管理ユーザーパスワード)
!
dns-client enable
lldp run
lldp auto-setting enable
spanning-tree shutdown
!
access-list 1 10 permit udp host 192.168.110.101 host 192.168.120.101 eq 5004
access-list 1 11 permit udp host 192.168.110.101 host 192.168.120.102 eq 5004
access-list 1 12 permit udp host 192.168.110.102 host 192.168.120.101 eq 5004
access-list 1 13 permit udp host 192.168.110.102 host 192.168.120.102 eq 5004
access-list 1 20 permit udp host 192.168.120.101 host 192.168.110.101 eq 5004
access-list 1 21 permit udp host 192.168.120.101 host 192.168.110.102 eq 5004
access-list 1 22 permit udp host 192.168.120.102 host 192.168.110.101 eq 5004
access-list 1 23 permit udp host 192.168.120.102 host 192.168.110.102 eq 5004
access-list 1 30 permit tcp 192.168.110.0 0.0.0.255 host 192.168.130.251 eq 20
access-list 1 31 permit tcp 192.168.110.0 0.0.0.255 host 192.168.130.251 eq 21
access-list 1 32 permit tcp 192.168.110.0 0.0.0.255 host 192.168.130.252 eq 20
access-list 1 33 permit tcp 192.168.110.0 0.0.0.255 host 192.168.130.252 eq 21
access-list 1 34 permit any 192.168.110.0 0.0.0.255 192.168.110.0 0.0.0.255
access-list 1 40 permit tcp 192.168.120.0 0.0.0.255 host 192.168.130.252 eq 20
access-list 1 41 permit tcp 192.168.120.0 0.0.0.255 host 192.168.130.252 eq 21
access-list 1 42 permit tcp 192.168.120.0 0.0.0.255 host 192.168.130.251 eq 20
access-list 1 43 permit tcp 192.168.120.0 0.0.0.255 host 192.168.130.251 eq 21
access-list 1 44 permit any 192.168.120.0 0.0.0.255 192.168.120.0 0.0.0.255
access-list 1 50 permit udp any eq 67 any eq 67
access-list 1 51 permit udp any eq 67 any eq 68
access-list 1 52 permit udp any eq 68 any eq 67
access-list 1 53 permit udp any eq 68 any eq 68
access-list 1 99 deny any any any
access-list 2 10 permit tcp host 192.168.130.251 eq 20 192.168.110.0 0.0.0.255
access-list 2 11 permit tcp host 192.168.130.251 eq 21 192.168.110.0 0.0.0.255
access-list 2 12 permit tcp host 192.168.130.252 eq 20 192.168.110.0 0.0.0.255
access-list 2 13 permit tcp host 192.168.130.252 eq 21 192.168.110.0 0.0.0.255
access-list 2 20 permit tcp host 192.168.130.251 eq 20 192.168.120.0 0.0.0.255
access-list 2 21 permit tcp host 192.168.130.251 eq 21 192.168.120.0 0.0.0.255
access-list 2 22 permit tcp host 192.168.130.252 eq 20 192.168.120.0 0.0.0.255
access-list 2 23 permit tcp host 192.168.130.252 eq 21 192.168.120.0 0.0.0.255
access-list 2 99 deny any any any
!
dhcp-server enable
!
vlan database
 vlan 110 name VLAN0110
 vlan 120 name VLAN0120
 vlan 130 name VLAN0130
!
interface port1.1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 static-channel-group 1
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.2
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.3
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 static-channel-group 2
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.4
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.5
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.6
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.7
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.8
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.9
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.10
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.11
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.12
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.13
 switchport
 switchport mode access
 switchport access vlan 130
 static-channel-group 3
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port1.14
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 static-channel-group 1
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.2
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.3
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 static-channel-group 2
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.4
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.5
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.6
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.7
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.8
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.9
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.10
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.11
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.12
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.13
 switchport
 switchport mode access
 switchport access vlan 130
 static-channel-group 3
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface port2.14
 switchport
 switchport mode access
 no shutdown
 lldp-agent
  set lldp enable txrx
  exit
!
interface vlan1
 no switchport
 auto-ip enable
 ip address 192.168.100.240/24
 no shutdown
!
interface vlan110
 no switchport
 ip address 192.168.110.254/24
 no shutdown
 dhcp-server enable
!
interface vlan120
 no switchport
 ip address 192.168.120.254/24
 no shutdown
 dhcp-server enable
!
interface vlan130
 no switchport
 ip address 192.168.130.254/24
 no shutdown
!
interface sa1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 no shutdown
!
interface sa2
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 110,120
 no shutdown
!
interface sa3
 switchport
 switchport mode access
 switchport access vlan 130
 no shutdown
!
vlan access-map VAM-001
 match access-list 1
!
vlan access-map VAM-002
 match access-list 2
!
vlan filter VAM-001 110 in
!
vlan filter VAM-001 120 in
!
vlan filter VAM-002 130 in
!
!
clock timezone JST
!
http-server enable
http-proxy enable
!
telnet-server enable
!
dhcp pool vlan110
 network 192.168.110.0/24
 range 192.168.110.1 192.168.110.100
 default-router 192.168.110.254
!
dhcp pool vlan120
 network 192.168.120.0/24
 range 192.168.120.1 192.168.120.100
 default-router 192.168.120.254
!
line con 0
line vty 0 7
!
end